# Solved: Error code 8004FF80



## JayCee6828 (Dec 21, 2010)

I have a problem that every time I get an update to Micrsoft ecurity Essentilas it always fails nowadays.

Having looked through many forums and many interent articles I am totally confused as to the best course of action; it would seem a good idea to uninstall MSE and reinstall a good copy but my machine will not uninstall it.

I have tried starting with services disbaled but don't really know what I am doing and am sure that very soon I will make my computer unworkable if I carry on.

Is there anyone who can explain in words of one syllable what I need to do to cure this problem; or even can you tell me if it is a problem I need to address?

Below is the output from SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Phenom(tm) 9950 Quad-Core Processor, x64 Family 16 Model 2 Stepping 3
Processor Count: 4
RAM: 3583 Mb
Graphics Card: ATI Radeon HD 3600 Series, 512 Mb
Hard Drives: C: Total - 305141 MB, Free - 250064 MB; D: Total - 1907728 MB, Free - 1126109 MB;
Motherboard: ASRock, N68C-S UCC
Antivirus: Microsoft Security Essentials, Updated and Enabled


----------



## captainron276 (Sep 11, 2010)

See if this will help you uninstall MSE.

http://support.microsoft.com/kb/2435760


----------



## JayCee6828 (Dec 21, 2010)

Thanks captainron but I have worked through that article very carefully and also ued Mr Fixit; nothing seems to get rid of it.

When working hrough the article and messing with the registry quite a few of the files I was supposed to delete weren't even there, and I did check very carefully that I was looking in the locations given.

If I just delete all the files I can find relating to MSE would that do it if I then installed a seperate anti-virus? Or would I still keep getting updates from Microsoft which won't install.

I canot believe that something from Microsoft is so difficult to get rid of - if, of course, it is a Microsoft product!


----------



## Cookiegal (Aug 27, 2003)

I would try installing MSE again over the top of whatever remnants are there and then reboot the machine then uninstall it and reboot again.


----------



## JayCee6828 (Dec 21, 2010)

Thanks for that, I have tried that but it gets so far through updating the app then stops with an error saying it has encountered an unknown error.

I don't think MSE is now running so should I install another anti virus like avast?

I don't suppose that will completely stop the problem though!


----------



## Cookiegal (Aug 27, 2003)

Let's run a program that might give some insight into what's still remaining regarding MSE.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## Cookiegal (Aug 27, 2003)

As for installing another anti-virus program you definitely need something running but if you can take the PC offline and only use it to reply here (unless you have another one you can use) until you've run the above before installing one that would be better as Avast may kick out some errors too if it sees some components from MSE.


----------



## JayCee6828 (Dec 21, 2010)

Thanks for the advice and interest Cookiegal.

Here are the files :

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by User at 2015-02-15 19:25:44
Running from C:\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{B9BA9CC8-B0A2-00C8-780E-B82A066E48C6}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 12 v.12.0.5 (HKLM\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.1.2 (HKLM\...\{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1) (Version: 4.1.2 - Ashampoo GmbH & Co. KG)
AspexDraw (HKLM\...\{94DF3CE6-8C8B-411D-ADE2-702CF8E98DF5}) (Version: 2.5.0.0 - Aspex Software)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
BBC BASIC for Windows (full version) (HKLM\...\BBC BASIC for Windows_is1) (Version: - )
CanoScan Toolbox Ver4.6 (HKLM\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version: - )
Cardbox 3.0 (HKLM\...\Cardbox 3.0) (Version: - Cardbox Software Limited)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ChessDiagrams14 (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\ChessDiagrams14) (Version: - )
Chuckie Egg for Windows 1.1 (HKLM\...\Chuckie Egg for Windows_is1) (Version: - )
ClickCharts Diagram Flowchart Software (HKLM\...\ClickCharts) (Version: 1.24 - NCH Software)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EssentialPIM (HKLM\...\EssentialPIM) (Version: 6.05 - Astonsoft Ltd)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Free Alarm Clock 3.0.3 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
[email protected] Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LifeScan USB Device Driver vSL3.0 (Driver Removal) (HKLM\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc)
Logitech SetPoint 6.65 (HKLM\...\SP6) (Version: 6.65.62 - Logitech)
MAGIX Audio Cleaning Lab MX (HKLM\...\MAGIX_{E2581FA7-87E8-4943-B797-72375F05EA92}) (Version: 18.0.0.9 - MAGIX AG)
MAGIX Audio Cleaning Lab MX (Version: 18.0.0.9 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Meter Drivers for OneTouch(R) Software (Version: 1.15.0.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software (Version: 1.95.5.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software v1.15.0.0 (HKLM\...\InstallShield_{CFE34F17-87E5-4BC7-A339-3E04E5428897}) (Version: 1.15.0.0 - LifeScan)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 36.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Msxml4 for LDCF (HKLM\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OneTouch Software (HKLM\...\{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}) (Version: - )
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.0 - Prolific Technology INC)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scribus 1.4.5 (HKLM\...\Scribus 1.4.5) (Version: 1.4.5 - The Scribus Team)
Space Invaders (HKLM\...\Space Invaders_is1) (Version: - Paradum Games)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
SyncBackFree (HKLM\...\SyncBackFree_is1) (Version: 7.0.32.0 - 2BrightSparks)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VibrateGameDeviceDriver (HKLM\...\{DBB7F606-0C13-4182-AD7F-427A4773580E}) (Version: 4.07.1112G - VibrateGameDeviceDriver)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points =========================

11-02-2015 19:10:42 Windows Update
12-02-2015 14:07:56 Removed Microsoft Silverlight
12-02-2015 19:38:50 Windows Update
13-02-2015 18:30:29 Windows Update
13-02-2015 19:26:15 Windows Update
14-02-2015 18:00:08 Windows Update
14-02-2015 18:16:40 WinThruster Sat, Feb 14, 15 18:16
14-02-2015 18:27:40 Windows Update
14-02-2015 18:35:06 Windows Update
14-02-2015 18:43:03 Windows Update
14-02-2015 19:19:59 Windows Update
14-02-2015 19:22:19 Windows Update
15-02-2015 11:36:01 Installed Microsoft Fix it 50535
15-02-2015 11:43:45 Installed Microsoft Fix it 50535
15-02-2015 11:47:55 Installed Microsoft Fix it 50535
15-02-2015 15:23:24 Installed Microsoft Fix it 50535
15-02-2015 15:25:23 Installed Microsoft Fix it 50535
15-02-2015 17:02:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {364721D1-B8DB-4BC0-AB01-D8FDF53FE2BB} - System32\Tasks\{6A466E75-FF45-4C89-B53C-A09C34F9DD35} => pcalua.exe -a C:\Downloads\contextmenueditorinstall.exe -d C:\Downloads
Task: {6A200A51-8CD8-453A-9D1E-1AFD13721A2C} - System32\Tasks\2BrightSparks\SyncBackFree\JAYCEE-User\SyncBackFree JayCee Backup => C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe [2015-01-19] (2BrightSparks Pte Ltd)
Task: {740738C9-37A4-4378-BF35-7C29A4FEAE12} - System32\Tasks\Softland\FBackup 5\fba_JayCees => C:\Program Files\Softland\FBackup 5\bBackup.exe
Task: {839A0281-FABF-4658-A56B-0D54EAABEE0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {8E02E06C-0470-47C3-A70E-4F492AD5D10F} - System32\Tasks\Softland\FBackup 5\fba_JayCee Backup => C:\Program Files\Softland\FBackup 5\bBackup.exe
Task: {9A2787A0-4682-4D02-9176-CA3632E9CE4A} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_User => C:\Program Files\Softland\FBackup 5\bTray.exe
Task: {A7D1E7DC-EBB9-4DC3-9D87-43381FA344F4} - System32\Tasks\{F74C0485-5846-49C4-B294-2A1492D0F5EF} => pcalua.exe -a C:\Windows\uninst.exe -c -f"C:\Program Files\Dial Solutions\Oak Draw\DeIsL1.isu" -c"C:\Program Files\Dial Solutions\Oak Draw\_ISREG32.DLL"
Task: {A9624156-B6A7-400E-AB9E-12474F91C86C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {A9FC159A-E662-49A3-8059-6DBF82D13C5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {C59E9686-F30B-410B-8980-43262F5AE3C0} - System32\Tasks\{4547A25A-91DA-479A-9165-8461D458848A} => pcalua.exe -a E:\setup.exe -d E:\
Task: {D132C9FF-93C6-44E9-BFC6-C5713B24D418} - System32\Tasks\{927BD098-C4A0-44BA-B8AA-DB9878A568E8} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\JayCees\Chess\Grading\ST6UNST.LOG"
Task: {E775346E-D797-4629-9769-DB5F7E6CEC4A} - System32\Tasks\Auslogics\Disk Defrag\Scheduled Defragmentation => Rundll32.exe TaskSchedulerHelper.dll,RunTask "DiskDefrag.exe" "-UseTray -Scheduler"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\fba_Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-26 11:30 - 2007-08-13 09:39 - 00022723 _____ () C:\Windows\System32\cl31cl3.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2015-01-14 08:50 - 2015-02-09 02:17 - 00153712 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 08:50 - 2015-02-09 02:17 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00692454.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20752428.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99080728.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00692454.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20752428.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99080728.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nSvcIp => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice 4.0.1.lnk => C:\Windows\pss\OpenOffice 4.0.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iLivid => "C:\Users\User\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: RTBatteryMeter => C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SysMetrix => C:\Program Files\SysMetrix\SysMetrix.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2618260354-4144512923-24617707-500 - Administrator - Disabled)
Guest (S-1-5-21-2618260354-4144512923-24617707-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2618260354-4144512923-24617707-1010 - Limited - Enabled)
User (S-1-5-21-2618260354-4144512923-24617707-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 07:17:59 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:17:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 07:17:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 07:13:18 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:12:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 07:12:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 05:04:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (02/15/2015 05:04:17 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 05:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 03:27:04 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

System errors:
=============
Error: (02/15/2015 07:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2

Error: (02/15/2015 05:04:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

Error: (02/15/2015 04:59:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2

Error: (02/15/2015 02:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2

Error: (02/15/2015 11:46:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2

Error: (02/15/2015 10:08:35 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GLORIAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F6263575-FF53-481E-A528-8CE3FB27AE.
The master browser is stopping or an election is being forced.

Error: (02/15/2015 09:25:02 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GLORIAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F6263575-FF53-481E-A528-8CE3FB27AE.
The master browser is stopping or an election is being forced.

Error: (02/15/2015 07:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2

Error: (02/14/2015 07:23:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

Error: (02/14/2015 07:21:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

Microsoft Office Sessions:
=========================
Error: (02/15/2015 07:17:59 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:17:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 07:17:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 07:13:18 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:12:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 07:12:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 05:04:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (02/15/2015 05:04:17 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 05:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 03:27:04 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

==================== Memory info ===========================

Processor: AMD Phenom(tm) 9950 Quad-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 3583.3 MB
Available physical RAM: 2510.86 MB
Total Pagefile: 6653.6 MB
Available Pagefile: 5458.18 MB
Total Virtual: 3071.88 MB
Available Virtual: 2904.96 MB

==================== Drives ================================

Drive c: (C - Internal) (Fixed) (Total:297.99 GB) (Free:243.78 GB) NTFS
Drive d: (D - External) (Fixed) (Total:1863.02 GB) (Free:1099.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 06EA17FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 909CF17B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by User (administrator) on JAYCEE on 15-02-2015 19:25:03
Running from C:\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17509232 2015-02-06] (Astonsoft)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\MountPoints2: {89c9251c-739c-11e3-99e8-0025226f6163} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
ShortcutTarget: thunderbird.exe - Shortcut.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...E&Tid=0003295F&OHP=http://www.google.com&OSP=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762
FF SelectedSearchEngine: 
FF Homepage: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2618260354-4144512923-24617707-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-14]

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-07-20]
CHR Extension: (ClipMonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci [2014-02-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl6dad6172; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E8101BD-12FA-4D44-9078-46670F209011}\MpKsl6dad6172.sys [39464 2015-02-15] (Microsoft Corporation)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-08-03] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [61696 2012-06-13] (Silicon Laboratories)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-08-13] (Samsung Electronics) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-09] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 cpuz137; \??\C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:24 - 2015-02-15 19:25 - 00000000 ____D () C:\FRST
2015-02-15 19:11 - 2015-02-15 19:11 - 00000000 ____D () C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures
2015-02-15 17:03 - 2015-02-15 17:03 - 00000000 ____D () C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures
2015-02-15 14:54 - 2015-02-15 14:54 - 00000000 ____D () C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures
2015-02-14 19:22 - 2015-02-14 19:22 - 00000000 ____D () C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures
2015-02-14 19:20 - 2015-02-14 19:20 - 00000000 ____D () C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures
2015-02-14 18:57 - 2015-02-14 18:57 - 00000000 ____D () C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures
2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures
2015-02-14 18:35 - 2015-02-14 18:35 - 00000000 ____D () C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures
2015-02-14 18:18 - 2015-02-14 18:22 - 00001648 _____ () C:\Windows\system32\ASOROSet.bin
2015-02-14 18:18 - 2015-02-14 18:18 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-02-14 18:15 - 2015-02-14 18:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Solvusoft
2015-02-14 18:15 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe
2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures
2015-02-13 19:26 - 2015-02-13 19:26 - 00000000 ____D () C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures
2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures
2015-02-13 18:30 - 2015-02-04 02:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-13 18:30 - 2015-02-04 02:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-13 18:30 - 2015-01-27 23:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-13 18:30 - 2015-01-09 02:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-13 18:30 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 18:29 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-13 10:08 - 2015-02-13 10:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-13 10:08 - 2015-02-13 10:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-12 19:39 - 2015-02-12 19:39 - 00000000 ____D () C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures
2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-02-12 08:00 - 2015-01-23 04:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:52 - 2015-02-15 19:15 - 00009726 _____ () C:\Windows\PFRO.log
2015-02-11 19:11 - 2015-02-11 19:11 - 00000000 ____D () C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures
2015-02-11 07:42 - 2015-01-15 07:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:42 - 2015-01-15 07:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:42 - 2015-01-15 07:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:42 - 2015-01-15 07:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:42 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:42 - 2015-01-15 04:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:42 - 2015-01-09 01:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:41 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 07:41 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:41 - 2015-01-13 05:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:41 - 2015-01-13 05:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:41 - 2015-01-13 05:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:41 - 2015-01-13 04:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:41 - 2015-01-13 03:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 07:41 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:41 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 13:56 - 2015-02-15 19:21 - 00025334 _____ () C:\Windows\setupact.log
2015-02-10 13:56 - 2015-02-10 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 12:42 - 2015-02-10 12:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.5
2015-02-10 12:41 - 2015-02-10 12:43 - 00000000 ____D () C:\Program Files\Scribus 1.4.5
2015-02-10 12:39 - 2015-02-10 12:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 10:55 - 2015-02-10 13:44 - 00000000 ____D () C:\AdwCleaner
2015-02-01 10:53 - 2015-02-01 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-24 10:00 - 2015-01-24 10:00 - 00040900 _____ () C:\Users\User\Documents\cc_20150124_100014.reg
2015-01-21 18:46 - 2015-01-21 18:46 - 00003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:23 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:23 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:17 - 2013-05-24 18:25 - 00002086 _____ () C:\Windows\epplauncher.mif
2015-02-15 19:17 - 2013-05-24 12:02 - 01155351 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 19:16 - 2013-05-24 17:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\EssentialPIM
2015-02-15 19:15 - 2014-04-01 07:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 19:15 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 18:28 - 2014-04-01 07:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 07:54 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-14 19:11 - 2013-05-28 14:50 - 00000000 ____D () C:\Windows\pss
2015-02-14 18:42 - 2010-11-20 21:01 - 00765656 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 18:23 - 2009-07-14 02:03 - 43515904 _____ () C:\Windows\system32\config\software.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 20447232 _____ () C:\Windows\system32\config\system.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-14 18:20 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-14 12:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 07:58 - 2014-02-12 14:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-13 18:33 - 2014-12-11 19:02 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 18:33 - 2014-11-12 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 18:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing
2015-02-13 10:08 - 2014-08-26 13:47 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-02-12 14:08 - 2013-05-25 11:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-12 08:26 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 07:54 - 2013-05-24 20:56 - 00000000 ____D () C:\Windows\Panther
2015-02-12 07:54 - 2009-07-14 04:33 - 00341192 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:19 - 2013-08-14 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 19:14 - 2013-05-26 11:12 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 17:05 - 2013-07-25 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-02-10 17:02 - 2013-10-10 09:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2015-02-10 16:45 - 2013-07-25 17:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-02-10 13:09 - 2014-09-02 14:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 13:01 - 2013-05-28 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-10 13:00 - 2015-01-14 08:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-10 13:00 - 2013-05-24 17:26 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-02-10 12:57 - 2014-09-02 13:15 - 00000000 ____D () C:\Program Files\Speccy
2015-02-10 12:39 - 2014-01-19 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 12:30 - 2014-09-11 10:15 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-10 12:30 - 2013-07-03 21:54 - 00000000 ____D () C:\Program Files\Java
2015-02-10 12:27 - 2014-02-12 14:25 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-10 12:21 - 2014-12-01 19:24 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-02-10 12:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-10 11:59 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 15:14 - 2009-07-14 02:04 - 00000498 _____ () C:\Windows\win.ini
2015-02-01 10:53 - 2013-07-23 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 10:14 - 2014-12-23 14:39 - 00000000 ____D () C:\ProgramData\HP
2015-02-01 10:13 - 2014-12-23 14:55 - 00000000 ____D () C:\Program Files\HP
2015-01-21 08:47 - 2014-12-23 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2015-01-19 20:59 - 2009-07-14 04:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-05-25 09:35 - 2013-05-25 09:35 - 0022513 _____ () C:\Users\User\AppData\Roaming\UserTile.png
2014-01-30 12:13 - 2014-03-10 16:57 - 0000095 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-01-21 18:46 - 2015-01-21 18:46 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-23 14:32 - 2014-07-23 14:32 - 0007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-12-23 14:54 - 2014-12-23 14:54 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 08:23

==================== End Of Log ============================

I have to go offline now till the morning but do so hope that info tells you waht I can do. Thanks again.


----------



## Cookiegal (Aug 27, 2003)

Yes, I see some things in there pertaining to MSE.

There is a removal tool for MSE. Please download it from the following link:

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

*Be sure to click the blue download button for version 2 and higher.*

Run the utility then reboot the machine.

Do you wish to reinstall MSE if this is successful or do you wish to go with Avast instead?


----------



## JayCee6828 (Dec 21, 2010)

I have tried that before with no success and have now tried it again.

It gets so far and then says "Service 'Microsoft antimalware service' (MsMpSvc' could not be stopped verify that you have sufficient priviliges to stop system services"

When I say yes then it jsut keeps getting to there again.


----------



## JayCee6828 (Dec 21, 2010)

Further to the above I have tried to stop MsMpSvc using msconfig and also net stop but nothing seems to be able to stop it running. I did try stopping it in msconfig and then running MR Fixit without restarting the computer but that didn't work either.
This seems to be Big Brother Microsoft going way over the top in denying us control of our own machines.


----------



## JayCee6828 (Dec 21, 2010)

Sorry to come back again but I have forgotten to answer your question about which program for antivirus I want to go to.

I would like to carry on with MSE but before doing so would ask your opinion on that - is it worth carrying on if this problem may arise again and if not which anti virus do you folks reccomend? It would be better if it is free but I wouldn't mind a small amount of payment.


----------



## Cookiegal (Aug 27, 2003)

OK so we're going to use FRST to see if we can remove those remnants.

Please download the attached *fixlist.txt* file and save it where you saved FRST (which is your C:\Downloads folder).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST/FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## Cookiegal (Aug 27, 2003)

JayCee6828 said:


> I would like to carry on with MSE but before doing so would ask your opinion on that - is it worth carrying on if this problem may arise again and if not which anti virus do you folks reccomend? It would be better if it is free but I wouldn't mind a small amount of payment.


I have never used MSE so I can't really say. Some think it's good enough and others don't. I personally don't use free anti-virus programs as I feel you get what you pay for and some have annoying nags to purchase it. I'm not saying the free ones won't do a decent job and there is no one piece of software that will detect and/or prevent all infections whether they are free or paid versions so it's really a matter of choice or budget. If you do want to pay for one then I'd recommend Eset (Nod32 anti-virus since you don't need the suite as the Windows firewall should be sufficient) or Kaspersky (which can weigh heavy on resources on some machines).


----------



## JayCee6828 (Dec 21, 2010)

Ran the file as requested and here is the result :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by User at 2015-02-16 14:44:50 Run:1
Running from C:\Downloads
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
HKLM\...\Run: [] => [X]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-07-20]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci [2014-02-10]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
C:\Program Files\Microsoft Security Client
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
C:\Windows\System32\DRIVERS\MpFilter.sys
2015-02-15 19:11 - 2015-02-15 19:11 - 00000000 ____D () C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures
2015-02-15 17:03 - 2015-02-15 17:03 - 00000000 ____D () C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures
2015-02-15 14:54 - 2015-02-15 14:54 - 00000000 ____D () C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures
2015-02-14 19:22 - 2015-02-14 19:22 - 00000000 ____D () C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures
2015-02-14 19:20 - 2015-02-14 19:20 - 00000000 ____D () C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures
2015-02-14 18:57 - 2015-02-14 18:57 - 00000000 ____D () C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures
2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures
2015-02-14 18:35 - 2015-02-14 18:35 - 00000000 ____D () C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures
2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures
2015-02-13 19:26 - 2015-02-13 19:26 - 00000000 ____D () C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures
2015-02-12 19:39 - 2015-02-12 19:39 - 00000000 ____D () C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures
2015-02-11 19:11 - 2015-02-11 19:11 - 00000000 ____D () C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures

*****************

C:\ProgramData\TEMP => ":0CFF5F08" ADS removed successfully.
C:\Program Files\Microsoft Security Client\MsMpEng.exe => Failed to close process.
C:\Program Files\Microsoft Security Client\NisSrv.exe => Failed to close process.
C:\Windows\System32\msiexec.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci => Moved successfully.
MsMpSvc => Unable to stop service
MsMpSvc => Error deleting Service
NisSrv => Unable to stop service
NisSrv => Error deleting Service
"C:\Program Files\Microsoft Security Client" => Warning: FRST is scripted not to move this directory.
MpFilter => Unable to stop service
MpFilter => Error deleting Service
C:\Windows\System32\DRIVERS\MpFilter.sys => Moved successfully.
C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures => Moved successfully.
C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures => Moved successfully.
C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures => Moved successfully.
C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures => Moved successfully.
C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures => Moved successfully.
C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures => Moved successfully.
C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures => Moved successfully.
C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures => Moved successfully.
C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures => Moved successfully.
C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures => Moved successfully.
C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures => Moved successfully.
C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures => Moved successfully.
C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures => Moved successfully.
C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures => Moved successfully.

==== End of Fixlog 14:45:07 ====


----------



## JayCee6828 (Dec 21, 2010)

Should I try uninstalling MSE now?


----------



## Cookiegal (Aug 27, 2003)

Alright so that failed and we'll have to take another route. This is just MSE protecting itself from being disabled by malware so that's why it's difficult to remove.

Let's try MS's tool for for help uninstalling programs.

Click the following link and click on the *Run Now* button:

http://support.microsoft.com/mats/Program_Install_and_Uninstall

After running it the first time select *Run *on the pop-up window and then select *Run *on the Internet Explorer-Security Warning Window.

Select *Detect problems and let me select the files to apply.*

Select *Uninstalling.*

After detecting problems Select *Microsoft Security Client* to uninstall and click *Next.*

Repeat the steps above and, this time select *Microsoft Antimalware* from list to uninstall and click *Next.*

Then reboot the machine and run FRST again and post the frst.txt log. This time that will be the only log it produces.


----------



## Cookiegal (Aug 27, 2003)

JayCee6828 said:


> Should I try uninstalling MSE now?


Not yet. I posted other instructions to try first.


----------



## JayCee6828 (Dec 21, 2010)

I ran the MS tool and selected Microsost Security Client and it reported that it was fixed; I then ran it again but Microsoft Antimalware was not on the list it presented.
I have rebooted the machine, should I now run FIRST for you.


----------



## JayCee6828 (Dec 21, 2010)

Sorry also meant to ask should I run it with Scan or Fix?


----------



## Cookiegal (Aug 27, 2003)

Please run FRST with scan.


----------



## JayCee6828 (Dec 21, 2010)

Here is the file

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by User (administrator) on JAYCEE on 16-02-2015 15:31:06
Running from C:\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17509232 2015-02-06] (Astonsoft)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\MountPoints2: {89c9251c-739c-11e3-99e8-0025226f6163} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
ShortcutTarget: thunderbird.exe - Shortcut.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...E&Tid=0003295F&OHP=http://www.google.com&OSP=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762
FF SelectedSearchEngine: 
FF Homepage: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2618260354-4144512923-24617707-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-14]

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (ClipMonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh [2014-02-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-08-03] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [61696 2012-06-13] (Silicon Laboratories)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-08-13] (Samsung Electronics) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-09] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 cpuz137; \??\C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:17 - 2015-02-16 15:17 - 00000000 ____D () C:\MATS
2015-02-16 14:51 - 2015-02-16 14:51 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-02-16 12:59 - 2015-02-16 12:59 - 00000000 ____D () C:\Windows\Temp7D6CD53A-31FA-ED05-968C-768E9D878B64-Signatures
2015-02-16 07:41 - 2015-02-16 07:41 - 00000000 ____D () C:\Windows\Temp07CB83F4-2B4D-5026-9DB8-FF314E630206-Signatures
2015-02-15 19:33 - 2015-02-15 19:33 - 00000000 ____D () C:\Windows\Temp603416A9-4A9F-A652-35AC-76DAC790ECCA-Signatures
2015-02-15 19:24 - 2015-02-16 15:31 - 00000000 ____D () C:\FRST
2015-02-14 18:18 - 2015-02-14 18:22 - 00001648 _____ () C:\Windows\system32\ASOROSet.bin
2015-02-14 18:18 - 2015-02-14 18:18 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-02-14 18:15 - 2015-02-14 18:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Solvusoft
2015-02-14 18:15 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe
2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-13 18:30 - 2015-02-04 02:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-13 18:30 - 2015-02-04 02:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-13 18:30 - 2015-01-27 23:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-13 18:30 - 2015-01-09 02:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-13 18:30 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 18:29 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-13 10:08 - 2015-02-13 10:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-13 10:08 - 2015-02-13 10:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-02-12 08:00 - 2015-01-23 04:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:52 - 2015-02-16 14:51 - 00011140 _____ () C:\Windows\PFRO.log
2015-02-11 07:42 - 2015-01-15 07:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:42 - 2015-01-15 07:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:42 - 2015-01-15 07:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:42 - 2015-01-15 07:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:42 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:42 - 2015-01-15 04:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:42 - 2015-01-09 01:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:41 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 07:41 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:41 - 2015-01-13 05:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:41 - 2015-01-13 05:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:41 - 2015-01-13 05:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:41 - 2015-01-13 04:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:41 - 2015-01-13 03:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 07:41 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:41 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 13:56 - 2015-02-16 15:29 - 00030486 _____ () C:\Windows\setupact.log
2015-02-10 13:56 - 2015-02-10 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 12:42 - 2015-02-10 12:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.5
2015-02-10 12:41 - 2015-02-10 12:43 - 00000000 ____D () C:\Program Files\Scribus 1.4.5
2015-02-10 12:39 - 2015-02-10 12:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 10:55 - 2015-02-10 13:44 - 00000000 ____D () C:\AdwCleaner
2015-02-01 10:53 - 2015-02-01 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-24 10:00 - 2015-01-24 10:00 - 00040900 _____ () C:\Users\User\Documents\cc_20150124_100014.reg
2015-01-21 18:46 - 2015-01-21 18:46 - 00003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:31 - 2013-05-24 12:02 - 01262992 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 15:29 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 15:29 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 15:28 - 2014-04-01 07:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 15:22 - 2014-04-01 07:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 15:22 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 15:18 - 2013-05-24 18:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-16 15:08 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2015-02-16 13:00 - 2013-05-24 18:25 - 00002113 _____ () C:\Windows\epplauncher.mif
2015-02-15 19:16 - 2013-05-24 17:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\EssentialPIM
2015-02-15 07:54 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-14 19:11 - 2013-05-28 14:50 - 00000000 ____D () C:\Windows\pss
2015-02-14 18:42 - 2010-11-20 21:01 - 00765656 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 18:23 - 2009-07-14 02:03 - 43515904 _____ () C:\Windows\system32\config\software.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 20447232 _____ () C:\Windows\system32\config\system.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-14 18:20 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-14 12:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 07:58 - 2014-02-12 14:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-13 18:33 - 2014-12-11 19:02 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 18:33 - 2014-11-12 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 18:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing
2015-02-13 10:08 - 2014-08-26 13:47 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-02-12 14:08 - 2013-05-25 11:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-12 08:26 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 07:54 - 2013-05-24 20:56 - 00000000 ____D () C:\Windows\Panther
2015-02-12 07:54 - 2009-07-14 04:33 - 00341192 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:19 - 2013-08-14 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 19:14 - 2013-05-26 11:12 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 17:05 - 2013-07-25 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-02-10 17:02 - 2013-10-10 09:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2015-02-10 16:45 - 2013-07-25 17:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-02-10 13:09 - 2014-09-02 14:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 13:01 - 2013-05-28 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-10 13:00 - 2015-01-14 08:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-10 13:00 - 2013-05-24 17:26 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-02-10 12:57 - 2014-09-02 13:15 - 00000000 ____D () C:\Program Files\Speccy
2015-02-10 12:39 - 2014-01-19 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 12:30 - 2014-09-11 10:15 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-10 12:30 - 2013-07-03 21:54 - 00000000 ____D () C:\Program Files\Java
2015-02-10 12:27 - 2014-02-12 14:25 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-10 12:21 - 2014-12-01 19:24 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-02-10 12:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-10 11:59 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 15:14 - 2009-07-14 02:04 - 00000498 _____ () C:\Windows\win.ini
2015-02-01 10:53 - 2013-07-23 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 10:14 - 2014-12-23 14:39 - 00000000 ____D () C:\ProgramData\HP
2015-02-01 10:13 - 2014-12-23 14:55 - 00000000 ____D () C:\Program Files\HP
2015-01-21 08:47 - 2014-12-23 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2015-01-19 20:59 - 2009-07-14 04:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-05-25 09:35 - 2013-05-25 09:35 - 0022513 _____ () C:\Users\User\AppData\Roaming\UserTile.png
2014-01-30 12:13 - 2014-03-10 16:57 - 0000095 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-01-21 18:46 - 2015-01-21 18:46 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-23 14:32 - 2014-07-23 14:32 - 0007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-12-23 14:54 - 2014-12-23 14:54 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 08:23

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

OK, I'm going to ask you to run another tool.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## JayCee6828 (Dec 21, 2010)

Here are the two files:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Phenom(tm) 9950 Quad-Core Processor, x64 Family 16 Model 2 Stepping 3
Processor Count: 4
RAM: 3583 Mb
Graphics Card: ATI Radeon HD 3600 Series, 512 Mb
Hard Drives: C: Total - 305141 MB, Free - 249007 MB; D: Total - 1907728 MB, Free - 1125854 MB;
Motherboard: ASRock, N68C-S UCC
Antivirus: Microsoft Security Essentials, Disabled

OTL Extras logfile created on: 16/02/2015 16:00:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17229)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 77.38% Memory free
6.50 Gb Paging File | 5.66 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3584 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 243.17 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 1099.47 Gb Free Space | 59.02% Space Free | Partition Type: NTFS

Computer Name: JAYCEE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Backup using FileFort Backup] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DD7FD8-54ED-4868-84F9-4151F1ACFAC5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0986D55C-373D-48C3-9844-2083FC73865F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0CFF0412-8689-4862-A02E-43ED5F7DAE93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11647566-9416-4777-AC82-5A72F22900C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{133E53DE-9C54-42DC-9672-62D1AAF37DEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{23F0C703-9698-450D-82B8-614FEE177031}" = rport=138 | protocol=17 | dir=out | app=system | 
"{26843D36-0DFE-4FF3-8591-7F7E965B6D17}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 | 
"{292FDF5D-4BF3-4222-9689-E24763BC2644}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CF4B025-C62A-48D7-9FA3-3AD00AB14D5C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{31E1B661-3222-43E9-8C00-FE6CA2B27B96}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3D61FD03-EDDD-4360-86FD-4E3622780169}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4418A3CB-A3A6-462A-94DC-6A445A2B68CB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{450295A3-FEDD-4CD6-80E0-BC09DDC4DE6B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{487FCABF-0BC5-42FB-80FB-A048246B6DDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{511742EC-3B70-4D6E-BFBC-EF1630CC613A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{518CDE36-FE6B-43B4-9246-716F1148CD97}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6564CEAC-34CF-4374-A04D-530A99500B02}" = lport=137 | protocol=17 | dir=in | app=system | 
"{681520A2-AD56-4168-B9FB-EDE523299DAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{6E061CE6-8C52-4022-B448-B339262D75D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71B05280-468C-4F15-9FFF-BBE9A88DAC2C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{775FF102-A43E-47F3-B666-0071AB55D20C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83F05D47-CB0D-4225-8A62-19845496E68A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9097BBFF-C63A-430C-8697-065EBA6FB413}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A2831DB-6812-42E7-B4D4-282AA4963575}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0A5D938-89DC-4628-9897-F20D3C6AA48E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B4E924EB-4CB9-4345-87A6-D9A1A5774995}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEF50C85-E8E9-413A-B631-1BD46B1CE9AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA16D654-894C-4C0B-B810-554F78B3AE45}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DB4DF4D0-38F0-4366-9997-6DAB127469B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB2E90BF-C0F3-47E2-9F34-F354358F9597}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F37EF8B8-6D22-4F32-A2E0-37AA9BEAC6E5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F7614FEF-164C-4253-B51D-E74C2EFAC842}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052448CC-E8AB-40A8-89D3-B66DD333018B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{092221B2-EA74-42D9-AEC5-CAD4B803B925}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C6F4B82-6676-4094-A615-E1311C8C7420}" = dir=in | app=c:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe | 
"{12F4B0FD-CD6A-43A7-9261-33557634C4BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F192085-ECC8-4984-9B4B-B6157B97A700}" = protocol=1 | dir=out | [email protected],-28544 | 
"{2A51E3CB-295C-4E26-8E75-8B57A230B87E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{34327440-731E-4008-A82F-EC44725B7970}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\7zs358b\hpdiagnosticcoreui.exe | 
"{36126202-ACC6-4CD6-AF36-66070F843336}" = protocol=6 | dir=out | app=system | 
"{3984C246-78D9-4B3D-9612-14E8E99DF971}" = protocol=58 | dir=out | [email protected],-28546 | 
"{3F5B5D48-8126-4872-9BF4-7C89354E218B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{42BEDF79-1D17-44B8-9AA8-6B384F80F199}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{48C97599-8E7F-482B-AD32-70E27CD2E3D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{503EE503-6434-4BE4-B7A2-B16E1C5151FA}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{6E5B0C39-05A4-4396-BAE3-9B36D7A2C03F}" = protocol=1 | dir=in | [email protected],-28543 | 
"{9FA9E847-0CD4-4228-B8AF-864D8F131855}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"{ADCAA93B-D795-4F7B-BF94-69C223C2791C}" = dir=in | app=c:\program files\hp\hp envy 4500 series\bin\devicesetup.exe | 
"{B391481A-5A6E-4A65-AB7D-C96E6299A4E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B5F51899-70C7-45EF-9753-B4FFA3A6EA8C}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{C1B4D7F8-BE92-4542-B2EA-5DA42122FDFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8BCD1B0-6BE6-418C-9F94-D0D4DED3FDB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D67F3F3D-E05B-496E-8875-B2ADEF19A622}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\7zs358b\hpdiagnosticcoreui.exe | 
"{D7CAC1CD-8181-4B8A-942F-5174EB4E77C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0959990-655B-4887-B4B9-3220B4A66453}" = protocol=58 | dir=in | [email protected],-28545 | 
"{F85F9B47-331B-4E3F-B337-2863A23C7EA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB88E989-0963-45E6-93A4-D02DC05145E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{8B2650AF-FCA3-4FBA-9FFC-0C8E20899006}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1C2F3561-7DEF-4A31-B0E7-E685FD219348}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = CanoScan Toolbox Ver4.6
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}" = paint.net
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{235EBB33-3DA1-46DF-AADE-9955123409CB}" = Apple Mobile Device Support
"{24C898EC-4181-7812-5644-4E348533B532}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{27CDBA05-80D2-2ABF-3A7B-6A0015C3D219}" = AMD Media Foundation Decoders
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{56E4AD59-6E73-BB97-08EE-891ABBE7F001}" = AMD Accelerated Video Transcoding
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{86F2B095-3998-41D5-833D-1C5075300950}" = OpenOffice 4.1.1
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 3.0.3
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1" = Ashampoo Music Studio 4 v.4.1.2
"{91B33C97-93EB-244C-F687-71D85E45A206}_is1" = Ashampoo Burning Studio 12 v.12.0.5
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{94DF3CE6-8C8B-411D-ADE2-702CF8E98DF5}" = AspexDraw
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}" = HP ENVY 4500 series Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B28470A5-F73F-432C-8066-05BA652AA5D1}" = Meter Drivers for OneTouch(R) Software
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{B9BA9CC8-B0A2-00C8-780E-B82A066E48C6}" = AMD Catalyst Install Manager
"{BCC989C6-7003-4367-8C30-7B88D47D3E79}" = HP ENVY 4500 series Basic Device Software
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{CFE34F17-87E5-4BC7-A339-3E04E5428897}" = Meter Drivers for OneTouch(R) Software
"{D3B3B770-834E-CD77-FA6C-C4C6BF439B1C}" = AMD Fuel
"{D6160F37-7638-4E56-9774-F3C88F30A4A9}" = Msxml4 for LDCF
"{D9941688-1BEF-79EF-0FD9-E0A67E2CFE0F}" = AMD Drag and Drop Transcoding
"{DBB7F606-0C13-4182-AD7F-427A4773580E}" = VibrateGameDeviceDriver
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E2581FA7-87E8-4943-B797-72375F05EA92}" = MAGIX Audio Cleaning Lab MX
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E9618350-E3C0-450b-828A-33EB3F5A941A}" = [email protected] Puzzle 2
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}" = OneTouch Software
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Audacity_is1" = Audacity 2.0.6
"BBC BASIC for Windows_is1" = BBC BASIC for Windows (full version)
"Cardbox 3.0" = Cardbox 3.0
"CCleaner" = CCleaner
"Chuckie Egg for Windows_is1" = Chuckie Egg for Windows 1.1
"ClickCharts" = ClickCharts Diagram Flowchart Software
"EssentialPIM" = EssentialPIM
"FileHippo.com" = FileHippo App Manager
"GPL Ghostscript 9.09" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{CFE34F17-87E5-4BC7-A339-3E04E5428897}" = Meter Drivers for OneTouch(R) Software v1.15.0.0
"LAME_is1" = LAME v3.99.3 (for Windows)
"LFSVCOMM&10C4&85A7" = LifeScan USB Device Driver vSL3.0 (Driver Removal)
"MAGIX_{E2581FA7-87E8-4943-B797-72375F05EA92}" = MAGIX Audio Cleaning Lab MX
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 36.0 (x86 en-US)" = Mozilla Firefox 36.0 (x86 en-US)
"Mozilla Thunderbird 36.0 (x86 en-US)" = Mozilla Thunderbird 36.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Rapport_msi" = Trusteer Endpoint Protection
"Recuva" = Recuva
"Scribus 1.4.5" = Scribus 1.4.5
"SP6" = Logitech SetPoint 6.65
"Space Invaders_is1" = Space Invaders
"Speccy" = Speccy
"SyncBackFree_is1" = SyncBackFree

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.18
"ChessDiagrams14" = ChessDiagrams14
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/09/2014 09:00:09 | Computer Name = JayCee | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d40 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e00b Exception code: 0xc0000005 Fault offset: 0x00002bdc Faulting process id:
0x6a0 Faulting application start time: 0x01cfc6a73aa5be54 Faulting application path:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module 
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 1109bc38-32a1-11e4-a071-0025226f6163

Error - 02/09/2014 09:02:39 | Computer Name = JayCee | Source = WinMgmt | ID = 10
Description =

Error - 02/09/2014 09:14:07 | Computer Name = JayCee | Source = WinMgmt | ID = 10
Description =

Error - 02/09/2014 10:18:44 | Computer Name = JayCee | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d40 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e00b Exception code: 0xc0000005 Fault offset: 0x00002bdc Faulting process id:
0x760 Faulting application start time: 0x01cfc6af8e33e1d8 Faulting application path:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module 
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 0b5bce05-32ac-11e4-8542-0025226f6163

Error - 02/09/2014 10:21:15 | Computer Name = JayCee | Source = WinMgmt | ID = 10
Description =

Error - 02/09/2014 10:35:49 | Computer Name = JayCee | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d40 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e00b Exception code: 0xc0000005 Fault offset: 0x00002bdc Faulting process id:
0x6d8 Faulting application start time: 0x01cfc6b8ebf2d1b8 Faulting application path:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module 
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 6e1a895f-32ae-11e4-a1b3-0025226f6163

Error - 02/09/2014 10:38:21 | Computer Name = JayCee | Source = WinMgmt | ID = 10
Description =

Error - 02/09/2014 10:56:30 | Computer Name = JayCee | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d40 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e00b Exception code: 0xc0000005 Fault offset: 0x00002bdc Faulting process id:
0x784 Faulting application start time: 0x01cfc6bb4fca49f8 Faulting application path:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module 
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 52373f8c-32b1-11e4-8545-0025226f6163

Error - 02/09/2014 10:59:28 | Computer Name = JayCee | Source = WinMgmt | ID = 10
Description =

Error - 02/09/2014 15:05:19 | Computer Name = JayCee | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4f7e4d40 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e00b Exception code: 0xc0000005 Fault offset: 0x00002bdc Faulting process id:
0x68c Faulting application start time: 0x01cfc6be40eea020 Faulting application path:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module 
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 1494bcf6-32d4-11e4-8882-0025226f6163

[ System Events ]
Error - 16/02/2015 03:39:59 | Computer Name = JayCee | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 16/02/2015 07:14:19 | Computer Name = JayCee | Source = bowser | ID = 8003
Description =

Error - 16/02/2015 09:00:25 | Computer Name = JayCee | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

Error - 16/02/2015 10:51:48 | Computer Name = JayCee | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 16/02/2015 10:51:48 | Computer Name = JayCee | Source = Service Control Manager | ID = 7001
Description = The Microsoft Network Inspection System service depends on the Microsoft
Malware Protection Driver service which failed to start because of the following
error: %%31

Error - 16/02/2015 10:51:55 | Computer Name = JayCee | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 16/02/2015 11:22:11 | Computer Name = JayCee | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147024894

Error - 16/02/2015 11:22:15 | Computer Name = JayCee | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 16/02/2015 11:22:15 | Computer Name = JayCee | Source = Service Control Manager | ID = 7001
Description = The Microsoft Network Inspection System service depends on the Microsoft
Malware Protection Driver service which failed to start because of the following
error: %%31

Error - 16/02/2015 11:22:39 | Computer Name = JayCee | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

< End of report >


----------



## Cookiegal (Aug 27, 2003)

I don't see the OTL.txt log yet.

Also, while I'm having a bit of lunch please do the following:

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Logfile* button and copy and paste the log here please.


----------



## JayCee6828 (Dec 21, 2010)

Sorry I think I pasted the other report over it instead of adding it :

OTL logfile created on: 16/02/2015 16:00:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17229)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 77.38% Memory free
6.50 Gb Paging File | 5.66 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3584 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 243.17 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 1099.47 Gb Free Space | 59.02% Space Free | Partition Type: NTFS

Computer Name: JAYCEE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/02/16 15:59:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2015/02/06 08:23:18 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2014/12/22 17:52:34 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/12/22 17:52:32 | 002,623,768 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/05/19 20:35:16 | 002,303,256 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2014/03/24 22:51:30 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2013/11/04 22:20:46 | 001,339,672 | ---- | M] (Comfort Software Group) -- C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 21:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/23 16:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2015/02/13 18:36:40 | 000,148,080 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/22 17:52:34 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/12/03 06:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/07/22 23:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014/03/24 22:50:36 | 000,293,144 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/26 11:10:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/04/06 02:15:50 | 000,217,600 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/04/05 20:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/01/21 00:52:14 | 000,167,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010/01/21 00:52:12 | 000,370,792 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys -- (cpuz137)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv)
DRV - [2015/02/10 13:09:25 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2015/01/08 09:53:28 | 000,472,792 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys -- (RapportCerberus_80120)
DRV - [2014/12/22 17:52:42 | 000,332,696 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/12/22 17:52:42 | 000,251,640 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/12/22 17:52:42 | 000,208,856 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/09/03 06:49:36 | 000,140,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/03/19 00:24:18 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2014/03/19 00:24:16 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/10/02 00:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/09 12:55:04 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/06/13 13:19:08 | 000,061,696 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2012/04/06 05:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/04/06 05:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/06 01:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012/02/23 12:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/08/03 12:47:44 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/04/09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/10/27 03:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/09/17 11:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007/11/07 18:15:44 | 000,012,928 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DynCal.sys -- (DynCal)
DRV - [2007/08/13 02:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/06/14 08:15:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/02/13 18:36:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/02/13 18:36:27 | 000,000,000 | ---D | M]

[2013/05/25 09:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/12/12 18:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/08 11:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/03/10 17:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8k2o8k4f.default\extensions
[2014/02/20 19:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8k2o8k4f.default\extensions\[email protected]
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8k2o8k4f.default\extensions\staged
[2015/02/12 13:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762\extensions
[2014/03/10 17:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jr87nh9y.default\extensions
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jr87nh9y.default\extensions\staged
[2014/09/02 14:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\njlx9uyz.default-1369089727715\extensions
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\njlx9uyz.default-1369089727715\extensions\staged
[2014/09/02 14:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions
[2013/05/26 10:45:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/05/26 10:45:14 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2013/05/26 10:45:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/05/26 10:45:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\[email protected]
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\staged
[2014/09/02 14:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wc6uxbnu.default\extensions
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wc6uxbnu.default\extensions\staged
[2014/01/15 12:12:09 | 000,004,377 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8k2o8k4f.default\extensions\[email protected]
[2015/01/15 13:22:26 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h4sj1p9p.default-1410612891762\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/02/13 18:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/02/13 18:36:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/14 08:15:52 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2013/04/17 13:43:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh\235\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKCU..\Run: [EssentialPIM] C:\Program Files\EssentialPIM\EssentialPIM.exe (Astonsoft)
O4 - HKCU..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{89c9251c-739c-11e3-99e8-0025226f6163}\Shell - "" = AutoRun
O33 - MountPoints2\{89c9251c-739c-11e3-99e8-0025226f6163}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{e294656c-30b0-11e3-90e1-0025226f6163}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/16 15:17:37 | 000,000,000 | ---D | C] -- C:\MATS
[2015/02/16 14:51:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VirtualStore
[2015/02/16 12:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Temp7D6CD53A-31FA-ED05-968C-768E9D878B64-Signatures
[2015/02/16 07:41:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp07CB83F4-2B4D-5026-9DB8-FF314E630206-Signatures
[2015/02/15 19:33:15 | 000,000,000 | ---D | C] -- C:\Windows\Temp603416A9-4A9F-A652-35AC-76DAC790ECCA-Signatures
[2015/02/15 19:24:37 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/14 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Solvusoft
[2015/02/14 18:15:08 | 000,017,840 | ---- | C] (solvusoft) -- C:\Windows\System32\roboot.exe
[2015/02/13 18:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/02/13 18:30:23 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perftrack.dll
[2015/02/13 18:30:23 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powertracker.dll
[2015/02/13 18:30:20 | 001,167,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2015/02/13 18:30:20 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/02/13 18:30:20 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/02/13 18:30:20 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/02/13 18:30:20 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/02/13 18:30:20 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/02/13 18:30:19 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015/02/13 18:30:19 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2015/02/13 10:08:53 | 000,701,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/02/13 10:08:53 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/02/12 08:00:15 | 002,864,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/02/11 07:42:16 | 002,380,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/02/11 07:42:13 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015/02/11 07:42:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015/02/11 07:42:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015/02/11 07:42:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015/02/11 07:42:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015/02/11 07:41:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/02/11 07:41:32 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/02/11 07:41:12 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/02/11 07:41:12 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/02/11 07:41:11 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/02/11 07:41:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/02/11 07:41:11 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/02/11 07:41:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015/02/11 07:41:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2015/02/11 07:41:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/02/11 07:41:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015/02/11 07:41:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015/02/11 07:41:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/02/11 07:41:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015/02/11 07:41:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/02/11 07:41:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/02/10 12:42:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.5
[2015/02/10 12:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Scribus 1.4.5
[2015/02/10 12:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2015/02/01 10:55:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/01 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/16 15:29:41 | 000,028,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/16 15:29:41 | 000,028,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/16 15:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/16 15:22:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/16 15:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/16 15:22:05 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/16 13:00:18 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/02/14 18:42:13 | 000,653,930 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/02/14 18:42:13 | 000,121,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/02/14 18:22:55 | 000,001,648 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2015/02/13 10:08:53 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/02/13 10:08:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/02/12 10:03:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2015/02/12 07:54:22 | 000,341,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/02/10 13:09:25 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/02/10 13:00:28 | 000,002,068 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2015/02/10 12:30:52 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2015/02/04 02:54:02 | 000,482,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/02/04 02:53:44 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/02/04 02:53:39 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/02/04 02:53:37 | 000,767,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/02/04 02:53:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015/02/04 02:53:36 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2015/02/04 02:49:50 | 000,886,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/01/27 23:36:23 | 001,167,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2015/01/24 10:00:21 | 000,040,900 | ---- | M] () -- C:\Users\User\Documents\cc_20150124_100014.reg
[2015/01/23 04:27:48 | 002,864,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/01/21 18:46:35 | 000,003,584 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/14 19:11:42 | 000,001,434 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
[2015/02/14 18:18:50 | 000,001,648 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2015/02/12 10:03:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2015/01/24 10:00:17 | 000,040,900 | ---- | C] () -- C:\Users\User\Documents\cc_20150124_100014.reg
[2015/01/21 18:46:35 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/12/23 14:54:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/23 14:32:10 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2014/02/10 19:22:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/05 09:52:03 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2014/01/30 12:13:13 | 000,000,095 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013/11/16 11:57:05 | 000,001,109 | ---- | C] () -- C:\Users\User\advanced.cfg
[2013/11/02 14:18:53 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2013/09/17 12:46:54 | 000,000,141 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2013/08/14 17:14:55 | 000,000,746 | ---- | C] () -- C:\Windows\XaraX.INI
[2013/07/14 18:28:31 | 000,026,491 | ---- | C] () -- C:\Windows\CSTBox.INI
[2013/06/04 09:38:23 | 000,434,176 | ---- | C] () -- C:\Windows\System32\CNQL3203.DLL
[2013/06/03 08:27:26 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013/05/29 14:44:25 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2013/05/28 09:43:39 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2013/05/28 09:43:39 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2013/05/28 09:43:26 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
[2013/05/28 09:43:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
[2013/05/28 09:43:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
[2013/05/28 09:43:25 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
[2013/05/28 09:43:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll
[2013/05/28 09:43:25 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
[2013/05/26 11:38:45 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/05/26 11:33:30 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/05/26 11:30:15 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2013/05/25 09:35:44 | 000,022,513 | ---- | C] () -- C:\Users\User\AppData\Roaming\UserTile.png
[2013/05/24 16:10:15 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/05/24 11:58:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


----------



## JayCee6828 (Dec 21, 2010)

I already have ADWCleaner in my tools so used that - hope that is OK.

Here is the result:

OTL logfile created on: 16/02/2015 16:00:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17229)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 77.38% Memory free
6.50 Gb Paging File | 5.66 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3584 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 243.17 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 1099.47 Gb Free Space | 59.02% Space Free | Partition Type: NTFS

Computer Name: JAYCEE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/02/16 15:59:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2015/02/06 08:23:18 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2014/12/22 17:52:34 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/12/22 17:52:32 | 002,623,768 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/05/19 20:35:16 | 002,303,256 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2014/03/24 22:51:30 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2013/11/04 22:20:46 | 001,339,672 | ---- | M] (Comfort Software Group) -- C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 21:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/23 16:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2015/02/13 18:36:40 | 000,148,080 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/22 17:52:34 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/12/03 06:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/07/22 23:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014/03/24 22:50:36 | 000,293,144 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/26 11:10:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/04/06 02:15:50 | 000,217,600 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/04/05 20:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/01/21 00:52:14 | 000,167,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010/01/21 00:52:12 | 000,370,792 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys -- (cpuz137)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv)
DRV - [2015/02/10 13:09:25 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2015/01/08 09:53:28 | 000,472,792 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys -- (RapportCerberus_80120)
DRV - [2014/12/22 17:52:42 | 000,332,696 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/12/22 17:52:42 | 000,251,640 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/12/22 17:52:42 | 000,208,856 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/09/03 06:49:36 | 000,140,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/03/19 00:24:18 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2014/03/19 00:24:16 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/10/02 00:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/09 12:55:04 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/06/13 13:19:08 | 000,061,696 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2012/04/06 05:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/04/06 05:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/06 01:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012/02/23 12:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/08/03 12:47:44 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/04/09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010/02/18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/10/27 03:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/09/17 11:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007/11/07 18:15:44 | 000,012,928 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DynCal.sys -- (DynCal)
DRV - [2007/08/13 02:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/06/14 08:15:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/02/13 18:36:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/02/13 18:36:27 | 000,000,000 | ---D | M]

[2013/05/25 09:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/12/12 18:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/08 11:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/03/10 17:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8k2o8k4f.default\extensions
[2014/02/20 19:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8k2o8k4f.default\extensions\[email protected]
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8k2o8k4f.default\extensions\staged
[2015/02/12 13:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762\extensions
[2014/03/10 17:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jr87nh9y.default\extensions
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jr87nh9y.default\extensions\staged
[2014/09/02 14:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\njlx9uyz.default-1369089727715\extensions
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\njlx9uyz.default-1369089727715\extensions\staged
[2014/09/02 14:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions
[2013/05/26 10:45:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/05/26 10:45:14 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2013/05/26 10:45:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/05/26 10:45:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\[email protected]
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\otbbrdcx.default\extensions\staged
[2014/09/02 14:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wc6uxbnu.default\extensions
[2014/11/02 10:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wc6uxbnu.default\extensions\staged
[2014/01/15 12:12:09 | 000,004,377 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8k2o8k4f.default\extensions\[email protected]
[2015/01/15 13:22:26 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h4sj1p9p.default-1410612891762\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/02/13 18:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/02/13 18:36:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/14 08:15:52 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2013/04/17 13:43:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh\235\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKCU..\Run: [EssentialPIM] C:\Program Files\EssentialPIM\EssentialPIM.exe (Astonsoft)
O4 - HKCU..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{89c9251c-739c-11e3-99e8-0025226f6163}\Shell - "" = AutoRun
O33 - MountPoints2\{89c9251c-739c-11e3-99e8-0025226f6163}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{e294656c-30b0-11e3-90e1-0025226f6163}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/16 15:17:37 | 000,000,000 | ---D | C] -- C:\MATS
[2015/02/16 14:51:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VirtualStore
[2015/02/16 12:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Temp7D6CD53A-31FA-ED05-968C-768E9D878B64-Signatures
[2015/02/16 07:41:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp07CB83F4-2B4D-5026-9DB8-FF314E630206-Signatures
[2015/02/15 19:33:15 | 000,000,000 | ---D | C] -- C:\Windows\Temp603416A9-4A9F-A652-35AC-76DAC790ECCA-Signatures
[2015/02/15 19:24:37 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/14 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Solvusoft
[2015/02/14 18:15:08 | 000,017,840 | ---- | C] (solvusoft) -- C:\Windows\System32\roboot.exe
[2015/02/13 18:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/02/13 18:30:23 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perftrack.dll
[2015/02/13 18:30:23 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powertracker.dll
[2015/02/13 18:30:20 | 001,167,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2015/02/13 18:30:20 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/02/13 18:30:20 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/02/13 18:30:20 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/02/13 18:30:20 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/02/13 18:30:20 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/02/13 18:30:19 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015/02/13 18:30:19 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2015/02/13 10:08:53 | 000,701,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/02/13 10:08:53 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/02/12 08:00:15 | 002,864,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/02/11 07:42:16 | 002,380,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/02/11 07:42:13 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015/02/11 07:42:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015/02/11 07:42:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015/02/11 07:42:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015/02/11 07:42:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015/02/11 07:41:32 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/02/11 07:41:32 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/02/11 07:41:12 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/02/11 07:41:12 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/02/11 07:41:11 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/02/11 07:41:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/02/11 07:41:11 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/02/11 07:41:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015/02/11 07:41:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2015/02/11 07:41:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/02/11 07:41:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015/02/11 07:41:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015/02/11 07:41:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/02/11 07:41:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015/02/11 07:41:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/02/11 07:41:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/02/10 12:42:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.5
[2015/02/10 12:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Scribus 1.4.5
[2015/02/10 12:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2015/02/01 10:55:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/01 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/16 15:29:41 | 000,028,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/16 15:29:41 | 000,028,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/16 15:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/16 15:22:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/16 15:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/16 15:22:05 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/16 13:00:18 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/02/14 18:42:13 | 000,653,930 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/02/14 18:42:13 | 000,121,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/02/14 18:22:55 | 000,001,648 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2015/02/13 10:08:53 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/02/13 10:08:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/02/12 10:03:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2015/02/12 07:54:22 | 000,341,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/02/10 13:09:25 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/02/10 13:00:28 | 000,002,068 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2015/02/10 12:30:52 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2015/02/04 02:54:02 | 000,482,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/02/04 02:53:44 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/02/04 02:53:39 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/02/04 02:53:37 | 000,767,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/02/04 02:53:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015/02/04 02:53:36 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2015/02/04 02:49:50 | 000,886,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/01/27 23:36:23 | 001,167,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2015/01/24 10:00:21 | 000,040,900 | ---- | M] () -- C:\Users\User\Documents\cc_20150124_100014.reg
[2015/01/23 04:27:48 | 002,864,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/01/21 18:46:35 | 000,003,584 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/14 19:11:42 | 000,001,434 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
[2015/02/14 18:18:50 | 000,001,648 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2015/02/12 10:03:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2015/01/24 10:00:17 | 000,040,900 | ---- | C] () -- C:\Users\User\Documents\cc_20150124_100014.reg
[2015/01/21 18:46:35 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/12/23 14:54:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/07/23 14:32:10 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2014/02/10 19:22:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/05 09:52:03 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2014/01/30 12:13:13 | 000,000,095 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013/11/16 11:57:05 | 000,001,109 | ---- | C] () -- C:\Users\User\advanced.cfg
[2013/11/02 14:18:53 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2013/09/17 12:46:54 | 000,000,141 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2013/08/14 17:14:55 | 000,000,746 | ---- | C] () -- C:\Windows\XaraX.INI
[2013/07/14 18:28:31 | 000,026,491 | ---- | C] () -- C:\Windows\CSTBox.INI
[2013/06/04 09:38:23 | 000,434,176 | ---- | C] () -- C:\Windows\System32\CNQL3203.DLL
[2013/06/03 08:27:26 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013/05/29 14:44:25 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2013/05/28 09:43:39 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2013/05/28 09:43:39 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2013/05/28 09:43:26 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
[2013/05/28 09:43:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
[2013/05/28 09:43:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
[2013/05/28 09:43:25 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
[2013/05/28 09:43:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll
[2013/05/28 09:43:25 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
[2013/05/26 11:38:45 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/05/26 11:33:30 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/05/26 11:30:15 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2013/05/25 09:35:44 | 000,022,513 | ---- | C] () -- C:\Users\User\AppData\Roaming\UserTile.png
[2013/05/24 16:10:15 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/05/24 11:58:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Hope you are enjoying your lunch - I am bout to have tea!!


----------



## JayCee6828 (Dec 21, 2010)

Trouble with CTRL-C and CTRL-V - here is the right file:

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 16:40:49
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : User - JAYCEE
# Running from : C:\JayCees\Tools\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Users\User\AppData\Roaming\Solvusoft

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\Softonic

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v36.0 (x86 en-US)

-\\ Google Chrome v

-\\ Chrome Canary v

*************************

AdwCleaner[R10].txt - [1076 bytes] - [01/02/2015 10:56:03]
AdwCleaner[R11].txt - [1138 bytes] - [01/02/2015 11:09:42]
AdwCleaner[R12].txt - [1052 bytes] - [10/02/2015 13:30:31]
AdwCleaner[R13].txt - [1113 bytes] - [10/02/2015 13:34:28]
AdwCleaner[R14].txt - [364 bytes] - [16/02/2015 16:31:28]
AdwCleaner[R15].txt - [1429 bytes] - [16/02/2015 16:34:16]
AdwCleaner[R16].txt - [299 bytes] - [16/02/2015 16:40:13]
AdwCleaner[R17].txt - [1290 bytes] - [16/02/2015 16:40:49]
AdwCleaner[S7].txt - [1212 bytes] - [01/02/2015 11:14:47]
AdwCleaner[S8].txt - [1191 bytes] - [10/02/2015 13:41:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R17].txt - [1468 bytes] ##########


----------



## Cookiegal (Aug 27, 2003)

Yes, lunch was good. 

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
:Files
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\drivers\NisDrvWFP.sys
C:\Program Files\Microsoft Security Client
C:\Program Files\Windows Defender
:Commands
[EMPTYTEMP]
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## Cookiegal (Aug 27, 2003)

Also, please run AdwCleaner again and this time select the "cleaning" option and post the resulting log.


----------



## JayCee6828 (Dec 21, 2010)

Here is the OTL one :

All processes killed
========== OTL ==========
Error: No service named NisSrv was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisSrv deleted successfully.
File C:\Program Files\Microsoft Security Client\NisSrv.exe not found.
Error: No service named MsMpSvc was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsMpSvc deleted successfully.
C:\Program Files\Microsoft Security Client\MsMpEng.exe moved successfully.
Service WinDefend stopped successfully!
Service WinDefend deleted successfully!
File move failed. C:\Program Files\Windows Defender\MpSvc.dll scheduled to be moved on reboot.
Error: No service named NisDrv was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisDrv deleted successfully.
C:\Windows\System32\drivers\NisDrvWFP.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Microsoft Security Client\MsMpEng.exe not found.
File\Folder C:\Windows\System32\drivers\NisDrvWFP.sys not found.
C:\Program Files\Microsoft Security Client\en-us folder moved successfully.
C:\Program Files\Microsoft Security Client\Drivers\NisDrv folder moved successfully.
C:\Program Files\Microsoft Security Client\Drivers\mpfilter folder moved successfully.
C:\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv folder moved successfully.
C:\Program Files\Microsoft Security Client\Drivers\Backup\mpfilter folder moved successfully.
C:\Program Files\Microsoft Security Client\Drivers\Backup folder moved successfully.
C:\Program Files\Microsoft Security Client\Drivers folder moved successfully.
C:\Program Files\Microsoft Security Client\Backup\x86 folder moved successfully.
C:\Program Files\Microsoft Security Client\Backup\en-us folder moved successfully.
C:\Program Files\Microsoft Security Client\Backup folder moved successfully.
C:\Program Files\Microsoft Security Client folder moved successfully.
C:\Program Files\Windows Defender\en-US folder moved successfully.
Folder move failed. C:\Program Files\Windows Defender scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Public

User: User
->Temp folder emptied: 6220356 bytes
->Temporary Internet Files folder emptied: 5895060 bytes
->Java cache emptied: 496276 bytes
->FireFox cache emptied: 392219097 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3187 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1929204 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63358 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 20765055 bytes

Total Files Cleaned = 408.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02162015_173058

Files\Folders moved on Reboot...
File move failed. C:\Program Files\Windows Defender\MpSvc.dll scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Windows Defender scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

The ADW will not let me run 'cleaning' that is greyed out!


----------



## JayCee6828 (Dec 21, 2010)

I have looked on MSCONFIG and there is no listing there anymore for Microsoft Antimalware and in Programs and Features MSE has also disappeared.

If you have a time what do you think of Panda antivirus at http://www.pcmag.com/article2/0,2817,2463592,00.asp

Should I get some antivirus installed as soon as possible given that I am unprotected right now?

Also should I turn Windows Defender on?

Sorry to bombard you with questions -- But you are so helpful!!!!


----------



## Cookiegal (Aug 27, 2003)

Yes, you need to get something installed for anti-virus protection. Panda should be on par with the other free ones.

But I thought you wanted to reinstall MSE. You could try reinstalling it now if you want.


----------



## Cookiegal (Aug 27, 2003)

I suggest you delete AdwCleaner and download a fresh copy of the latest version, run it again and choose the cleaning option.


----------



## JayCee6828 (Dec 21, 2010)

I am in two minds regarding MSE - my main worry is the same problem may occur again - what do you think are the chances of that?

Regarding ADW I thought you would suggest that so I had done it already, it still didn't allow 'cleaning' but then I had a brainwave (!!) it won't allow cleaning unless you scan first, so I scanned and here is the report after cleaning was run as well.

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 19:03:25
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : User - JAYCEE
# Running from : C:\JayCees\Tools\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\User\AppData\Roaming\Solvusoft
File Deleted : C:\Windows\system32\roboot.exe

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v36.0 (x86 en-US)

-\\ Google Chrome v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [1002 bytes] - [16/02/2015 19:00:13]
AdwCleaner[S0].txt - [941 bytes] - [16/02/2015 19:03:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [999 bytes] ##########


----------



## Cookiegal (Aug 27, 2003)

It's hard to say regarding MSE but I think I'd give it a shot if it's the one you'd prefer to use.


----------



## JayCee6828 (Dec 21, 2010)

Thanks for the comments but I think it's a case of once bitten, twice shy and I will give Panda a try - hopefully if I decide to get rid of that it won't be quite so hard as this was.

I really want to thank you for your help, I have been singing the praises of Tech Supprt Guys all afternoon to my wife.

I need to sign off now till the morning but thanks once again, I am truly grateful for all you have done for me.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure but once you get Panda installed I would like to see another FRST log please. There was something there that I thought AdwCleaner would remove but it didn't seem to.


----------



## JayCee6828 (Dec 21, 2010)

Here is the log after installing Panda; I really have to go now so if you need anything doing I will do it first thing in the morning. Goodnight!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by User (administrator) on JAYCEE on 16-02-2015 19:32:03
Running from C:\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17509232 2015-02-06] (Astonsoft)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\MountPoints2: {89c9251c-739c-11e3-99e8-0025226f6163} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
ShortcutTarget: thunderbird.exe - Shortcut.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...E&Tid=0003295F&OHP=http://www.google.com&OSP=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762
FF SelectedSearchEngine: 
FF Homepage: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2618260354-4144512923-24617707-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-14]

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (ClipMonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh [2014-02-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-08-03] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [61696 2012-06-13] (Silicon Laboratories)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-08-13] (Samsung Electronics) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-09] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 cpuz137; \??\C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:19 - 2015-02-16 19:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Panda Security
2015-02-16 19:19 - 2014-03-25 13:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-16 19:18 - 2015-02-16 19:19 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-16 19:18 - 2015-02-16 19:19 - 00000000 ____D () C:\Program Files\Panda Security
2015-02-16 19:18 - 2015-02-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-16 18:56 - 2015-02-16 19:05 - 00000000 ____D () C:\AdwCleaner
2015-02-16 17:30 - 2015-02-16 17:30 - 00000000 ____D () C:\_OTL
2015-02-16 15:17 - 2015-02-16 15:17 - 00000000 ____D () C:\MATS
2015-02-16 14:51 - 2015-02-16 14:51 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-02-16 12:59 - 2015-02-16 12:59 - 00000000 ____D () C:\Windows\Temp7D6CD53A-31FA-ED05-968C-768E9D878B64-Signatures
2015-02-16 07:41 - 2015-02-16 07:41 - 00000000 ____D () C:\Windows\Temp07CB83F4-2B4D-5026-9DB8-FF314E630206-Signatures
2015-02-15 19:33 - 2015-02-15 19:33 - 00000000 ____D () C:\Windows\Temp603416A9-4A9F-A652-35AC-76DAC790ECCA-Signatures
2015-02-15 19:24 - 2015-02-16 19:32 - 00000000 ____D () C:\FRST
2015-02-14 18:18 - 2015-02-14 18:22 - 00001648 _____ () C:\Windows\system32\ASOROSet.bin
2015-02-14 18:18 - 2015-02-14 18:18 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-13 18:30 - 2015-02-04 02:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-13 18:30 - 2015-02-04 02:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-13 18:30 - 2015-01-27 23:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-13 18:30 - 2015-01-09 02:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-13 18:30 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 18:29 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-13 10:08 - 2015-02-13 10:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-13 10:08 - 2015-02-13 10:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-02-12 08:00 - 2015-01-23 04:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:52 - 2015-02-16 18:04 - 00011556 _____ () C:\Windows\PFRO.log
2015-02-11 07:42 - 2015-01-15 07:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:42 - 2015-01-15 07:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:42 - 2015-01-15 07:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:42 - 2015-01-15 07:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:42 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:42 - 2015-01-15 04:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:42 - 2015-01-09 01:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:41 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 07:41 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:41 - 2015-01-13 05:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:41 - 2015-01-13 05:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:41 - 2015-01-13 05:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:41 - 2015-01-13 04:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:41 - 2015-01-13 03:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 07:41 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:41 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 13:56 - 2015-02-16 19:31 - 00033118 _____ () C:\Windows\setupact.log
2015-02-10 13:56 - 2015-02-10 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 12:42 - 2015-02-10 12:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.5
2015-02-10 12:41 - 2015-02-10 12:43 - 00000000 ____D () C:\Program Files\Scribus 1.4.5
2015-02-10 12:39 - 2015-02-10 12:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 10:53 - 2015-02-01 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-24 10:00 - 2015-01-24 10:00 - 00040900 _____ () C:\Users\User\Documents\cc_20150124_100014.reg
2015-01-21 18:46 - 2015-01-21 18:46 - 00003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:28 - 2014-04-01 07:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 19:19 - 2013-05-24 18:25 - 00087568 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-16 19:11 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 19:11 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 19:05 - 2013-05-24 12:02 - 01281352 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 19:04 - 2014-04-01 07:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 19:04 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 18:36 - 2013-05-28 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-16 17:31 - 2009-07-14 04:52 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-16 15:08 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2015-02-16 13:00 - 2013-05-24 18:25 - 00002113 _____ () C:\Windows\epplauncher.mif
2015-02-15 19:16 - 2013-05-24 17:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\EssentialPIM
2015-02-15 07:54 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-14 19:11 - 2013-05-28 14:50 - 00000000 ____D () C:\Windows\pss
2015-02-14 18:42 - 2010-11-20 21:01 - 00765656 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 18:23 - 2009-07-14 02:03 - 43515904 _____ () C:\Windows\system32\config\software.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 20447232 _____ () C:\Windows\system32\config\system.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-14 18:20 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-14 12:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 07:58 - 2014-02-12 14:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-13 18:33 - 2014-12-11 19:02 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 18:33 - 2014-11-12 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 18:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing
2015-02-13 10:08 - 2014-08-26 13:47 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-02-12 14:08 - 2013-05-25 11:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-12 08:26 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 07:54 - 2013-05-24 20:56 - 00000000 ____D () C:\Windows\Panther
2015-02-12 07:54 - 2009-07-14 04:33 - 00341192 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:19 - 2013-08-14 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 19:14 - 2013-05-26 11:12 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 17:05 - 2013-07-25 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-02-10 17:02 - 2013-10-10 09:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2015-02-10 16:45 - 2013-07-25 17:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-02-10 13:09 - 2014-09-02 14:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 13:00 - 2015-01-14 08:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-10 13:00 - 2013-05-24 17:26 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-02-10 12:57 - 2014-09-02 13:15 - 00000000 ____D () C:\Program Files\Speccy
2015-02-10 12:39 - 2014-01-19 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 12:30 - 2014-09-11 10:15 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-10 12:30 - 2013-07-03 21:54 - 00000000 ____D () C:\Program Files\Java
2015-02-10 12:27 - 2014-02-12 14:25 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-10 12:21 - 2014-12-01 19:24 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-02-10 12:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-10 11:59 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 15:14 - 2009-07-14 02:04 - 00000498 _____ () C:\Windows\win.ini
2015-02-01 10:53 - 2013-07-23 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 10:14 - 2014-12-23 14:39 - 00000000 ____D () C:\ProgramData\HP
2015-02-01 10:13 - 2014-12-23 14:55 - 00000000 ____D () C:\Program Files\HP
2015-01-21 08:47 - 2014-12-23 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2015-01-19 20:59 - 2009-07-14 04:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-05-25 09:35 - 2013-05-25 09:35 - 0022513 _____ () C:\Users\User\AppData\Roaming\UserTile.png
2014-01-30 12:13 - 2014-03-10 16:57 - 0000095 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-01-21 18:46 - 2015-01-21 18:46 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-23 14:32 - 2014-07-23 14:32 - 0007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-12-23 14:54 - 2014-12-23 14:54 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 08:23

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

No problem. I'll take a look at that later and post any further instructions if necessary.


----------



## Cookiegal (Aug 27, 2003)

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*Blekko*
*conduit*
*babylon*
*ilivid*
:folderfind
*Blekko*
*conduit*
*babylon*
*ilivid*
:regfind
Blekko
conduit
babylon
ilivid
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## JayCee6828 (Dec 21, 2010)

Good evening,

Here is the file :

SystemLook 04.09.10 by jpshortstuff
Log created at 18:28 on 17/02/2015 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "*Blekko*"
No files found.

Searching for "*conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1339720 bytes [14:10 07/10/2014] [14:10 07/10/2014] 372942114D93D63B052A08BA3E30C85E

Searching for "*babylon*"
No files found.

Searching for "*ilivid*"
No files found.

========== folderfind ==========

Searching for "*Blekko*"
No folders found.

Searching for "*conduit*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*ilivid*"
No folders found.

========== regfind ==========

Searching for "Blekko"
No data found.

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"33BBE5321AD3FD64AAED9955214390BC"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "ilivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\244bef0_0]
@="{0.0.0.00000000}.{c1962f1b-acb8-4a5c-83f2-e41944b02bd2}|\Device\HarddiskVolume2\Users\User\AppData\Local\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\85399d0b_0]
@="{0.0.0.00000000}.{c1962f1b-acb8-4a5c-83f2-e41944b02bd2}|\Device\HarddiskVolume2\Users\User\AppData\Local\iLivid\iLivid.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
@="iLivid.torrent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@="iLivid.torrent"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\User\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\User\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Magnet]
@="iLivid.torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
@="iLivid.torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r20-n-bf.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r2150-n-bf.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r696-n-bf.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet]
@="iLivid.torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid]
"item"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid]
"command"=""C:\Users\User\AppData\Local\iLivid\iLivid.exe" -autorun"
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\244bef0_0]
@="{0.0.0.00000000}.{c1962f1b-acb8-4a5c-83f2-e41944b02bd2}|\Device\HarddiskVolume2\Users\User\AppData\Local\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\85399d0b_0]
@="{0.0.0.00000000}.{c1962f1b-acb8-4a5c-83f2-e41944b02bd2}|\Device\HarddiskVolume2\Users\User\AppData\Local\iLivid\iLivid.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\User\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\User\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Classes\Magnet]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\Magnet]
@="iLivid.torrent"

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please download the free version of Malwarebytes' Anti-Malware (not the 14-day Please download Malwarebytes' Anti-Malware Free from *here*  and place it on your Desktop.

Double-click the file to install the program
When you see the "Completing the Malwarebytes' Anti-Malware Setup Wizard", uncheck the box that says "enable free trial of Malwarebytes Anti-Malware Premium"
When the Dashboard appears with an alert to update - click the green button that says *Update Now*
When the update is complete select *Settings* - *Detection and Protection* and make sure the box *Scan for rootkits* is checked
Go back to the Dashboard and click on the green *Scan Now* button
If threats are detected click the *Apply Actions* button. If MBAM asks for a reboot please allow it
Once the scan is complete (or after the reboot) select *View Detailed Log* (to the right on the light green strip)
Click on the *Export* button and select *Text file* and save it to the Desktop

Please copy and paste the log here.


----------



## JayCee6828 (Dec 21, 2010)

I use that version of MBAM quite regularly; here is the log from the scan I just ran

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/02/2015
Scan Time: 19:33:25
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.17.09
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369915
Time Elapsed: 17 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Now have to log off so see you in the morning (maybe!)


----------



## Cookiegal (Aug 27, 2003)

OK. MBAM should have detected this as a PUP but perhaps you didn't select that option? If not can you run another scan with PUPs and PUAs included please?

Ilivid is considered a PUP but many see it as malware as it's a downloader that bundles other unwanted programs with it.

I assume you don't want or use software called Magnet or Trolltech?


----------



## Cookiegal (Aug 27, 2003)

I see MBAM's settings say:

PUP: Warn
PUM: Enabled

It's odd that it didn't detect those entries.


----------



## JayCee6828 (Dec 21, 2010)

I changed the settings to 'Treat PUP (and PUM) as malware' and ran it again this morning with he following result:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>

<date>2015/02/18 08:16:56 GMT</date>
<logfile>mbam-log-2015-02-18 (08-16-47).xml</logfile>
<isadmin>yes</isadmin>

<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.02.18.04</malware-database>
<rootkit-database>v2015.02.03.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>User</username>
<filesys>NTFS</filesys>
</system>

<type>threat</type>
<result>completed</result>
<objects>370117</objects>
934
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>

<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

I am not sure what those other programes you mention are - I do use TDSSKiller regularly as well which is a root kit killer.


----------



## Cookiegal (Aug 27, 2003)

That's not a scan log but something to do with settings. There should be a scan log in there. Please post that.


----------



## JayCee6828 (Dec 21, 2010)

I will just run another scan with MBAM and post it in a few minutes.


----------



## JayCee6828 (Dec 21, 2010)

Here is the log I just ran :

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/02/2015
Scan Time: 15:50:49
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.18.06
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370812
Time Elapsed: 18 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## Cookiegal (Aug 27, 2003)

Thanks. I'll prepare a registry fix and post it later on today.

Some of the entries found by SystemLook are legitimate but others should be removed and I still have to research some of them.


----------



## JayCee6828 (Dec 21, 2010)

Thanks very much - I appreciate it


----------



## JayCee6828 (Dec 21, 2010)

I meant to tell you before that I have C:\Program Files\BBC BASIC for Windows\APLIB.DLL in my MBAM exclusions list - I seem to recall from many moons ago it sees it as malware but it is necessary to have it to run the BBC BASIC Program which I use a fair bit.


----------



## JayCee6828 (Dec 21, 2010)

Sorry to come back yet again but I understand that NCH software is sometimes seen as malware but I use a piece of NCH software- A flowcharting program a lot.


----------



## Cookiegal (Aug 27, 2003)

You're welcome and thanks for the additional information. I'll keep that in mind when I'm checking those entries.


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Regfix.zip file. Please download and save it to your desktop. Unzip it (extract the file) and then run the Regfix.reg file as Administrator and allow it to merge into the registry.

Let me know once that's done please.


----------



## JayCee6828 (Dec 21, 2010)

I downloaded that Regdix.zip but when I click on it I just get a text file open up - should I do something with that?


----------



## Cookiegal (Aug 27, 2003)

You have to right-click on it and select "Extract All...." Did you do that?


----------



## JayCee6828 (Dec 21, 2010)

Yes I did that and it put another folder in my downloads folder called Regfix but when I clicked on that it just shows another text file - Regfix.txt which opens a text file as follows :

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\244bef0_0]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\85399d0b_0]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\User\AppData\Local\iLivid]

[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\User\AppData\Local\iLivid]

[-HKEY_CURRENT_USER\Software\Classes\Magnet]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r20-n-bf.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r2150-n-bf.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r696-n-bf.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid]

[-HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\244bef0_0]

[-HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\85399d0b_0]

[-HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[-HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\User\AppData\Local\iLivid]

[-HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\User\AppData\Local\iLivid]

[-HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Classes\Magnet]

[-HKEY_USERS\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\Magnet]


----------



## Cookiegal (Aug 27, 2003)

I apologize. It was my mistake. I forgot to convert it to a .reg file before zipping it. 

Please delete that one then download the new one I'm attaching here which should extract with a .reg file extension and look like a blue Rubik's cube with some squares breaking away and a white piece of paper in the background.


----------



## JayCee6828 (Dec 21, 2010)

Thanks - that ran OK and said successfully added to the registry.

Am I OK now?


----------



## Cookiegal (Aug 27, 2003)

It would seem so. Are there any problems with the computer that need to be addressed?


----------



## JayCee6828 (Dec 21, 2010)

I think it is all OK now thank you - you deserve a rest as I am sure you have helped over and above the call of duty!! Thanks again for all the help.


----------



## Cookiegal (Aug 27, 2003)

You're welcome. 

Here are some final instructions for you.

Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTL program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

Follow the instructions in the link below to turn off system protection. This will delete all existing system restore points to flush them out. Then be sure to turn it back on again:

http://www.sevenforums.com/tutorials/330-system-protection-turn-off.html

Then follow the instructions in the link below to create a new restore point:

http://www.sevenforums.com/tutorials/697-system-restore-point-create.html


----------



## JayCee6828 (Dec 21, 2010)

OK I have done all that - everything is fine now thanks.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------

