Solved: Error code 8004FF80

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
I have a problem that every time I get an update to Micrsoft ecurity Essentilas it always fails nowadays.

Having looked through many forums and many interent articles I am totally confused as to the best course of action; it would seem a good idea to uninstall MSE and reinstall a good copy but my machine will not uninstall it.

I have tried starting with services disbaled but don't really know what I am doing and am sure that very soon I will make my computer unworkable if I carry on.

Is there anyone who can explain in words of one syllable what I need to do to cure this problem; or even can you tell me if it is a problem I need to address?

Below is the output from SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Phenom(tm) 9950 Quad-Core Processor, x64 Family 16 Model 2 Stepping 3
Processor Count: 4
RAM: 3583 Mb
Graphics Card: ATI Radeon HD 3600 Series, 512 Mb
Hard Drives: C: Total - 305141 MB, Free - 250064 MB; D: Total - 1907728 MB, Free - 1126109 MB;
Motherboard: ASRock, N68C-S UCC
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
Thanks captainron but I have worked through that article very carefully and also ued Mr Fixit; nothing seems to get rid of it.

When working hrough the article and messing with the registry quite a few of the files I was supposed to delete weren't even there, and I did check very carefully that I was looking in the locations given.

If I just delete all the files I can find relating to MSE would that do it if I then installed a seperate anti-virus? Or would I still keep getting updates from Microsoft which won't install.

I canot believe that something from Microsoft is so difficult to get rid of - if, of course, it is a Microsoft product!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,075
I would try installing MSE again over the top of whatever remnants are there and then reboot the machine then uninstall it and reboot again.
 

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
Thanks for that, I have tried that but it gets so far through updating the app then stops with an error saying it has encountered an unknown error.

I don't think MSE is now running so should I install another anti virus like avast?

I don't suppose that will completely stop the problem though!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,075
Let's run a program that might give some insight into what's still remaining regarding MSE.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

Note: You need to run the version that's compatible with your system (32-bit or 64-bit).

  • Double-click FRST to run it. When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log named (FRST.txt) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
  • The first time the tool is run it makes a second log named (Addition.txt). Please copy and paste the contents of that log as well.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,075
As for installing another anti-virus program you definitely need something running but if you can take the PC offline and only use it to reply here (unless you have another one you can use) until you've run the above before installing one that would be better as Avast may kick out some errors too if it sees some components from MSE.
 

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
Thanks for the advice and interest Cookiegal.

Here are the files :

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by User at 2015-02-15 19:25:44
Running from C:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{B9BA9CC8-B0A2-00C8-780E-B82A066E48C6}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 12 v.12.0.5 (HKLM\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.1.2 (HKLM\...\{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1) (Version: 4.1.2 - Ashampoo GmbH & Co. KG)
AspexDraw (HKLM\...\{94DF3CE6-8C8B-411D-ADE2-702CF8E98DF5}) (Version: 2.5.0.0 - Aspex Software)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
BBC BASIC for Windows (full version) (HKLM\...\BBC BASIC for Windows_is1) (Version: - )
CanoScan Toolbox Ver4.6 (HKLM\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version: - )
Cardbox 3.0 (HKLM\...\Cardbox 3.0) (Version: - Cardbox Software Limited)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ChessDiagrams14 (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\ChessDiagrams14) (Version: - )
Chuckie Egg for Windows 1.1 (HKLM\...\Chuckie Egg for Windows_is1) (Version: - )
ClickCharts Diagram Flowchart Software (HKLM\...\ClickCharts) (Version: 1.24 - NCH Software)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EssentialPIM (HKLM\...\EssentialPIM) (Version: 6.05 - Astonsoft Ltd)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Free Alarm Clock 3.0.3 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
[email protected] Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LifeScan USB Device Driver vSL3.0 (Driver Removal) (HKLM\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc)
Logitech SetPoint 6.65 (HKLM\...\SP6) (Version: 6.65.62 - Logitech)
MAGIX Audio Cleaning Lab MX (HKLM\...\MAGIX_{E2581FA7-87E8-4943-B797-72375F05EA92}) (Version: 18.0.0.9 - MAGIX AG)
MAGIX Audio Cleaning Lab MX (Version: 18.0.0.9 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Meter Drivers for OneTouch(R) Software (Version: 1.15.0.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software (Version: 1.95.5.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software v1.15.0.0 (HKLM\...\InstallShield_{CFE34F17-87E5-4BC7-A339-3E04E5428897}) (Version: 1.15.0.0 - LifeScan)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 36.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Msxml4 for LDCF (HKLM\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OneTouch Software (HKLM\...\{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}) (Version: - )
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.0 - Prolific Technology INC)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scribus 1.4.5 (HKLM\...\Scribus 1.4.5) (Version: 1.4.5 - The Scribus Team)
Space Invaders (HKLM\...\Space Invaders_is1) (Version: - Paradum Games)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
SyncBackFree (HKLM\...\SyncBackFree_is1) (Version: 7.0.32.0 - 2BrightSparks)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VibrateGameDeviceDriver (HKLM\...\{DBB7F606-0C13-4182-AD7F-427A4773580E}) (Version: 4.07.1112G - VibrateGameDeviceDriver)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points =========================

11-02-2015 19:10:42 Windows Update
12-02-2015 14:07:56 Removed Microsoft Silverlight
12-02-2015 19:38:50 Windows Update
13-02-2015 18:30:29 Windows Update
13-02-2015 19:26:15 Windows Update
14-02-2015 18:00:08 Windows Update
14-02-2015 18:16:40 WinThruster Sat, Feb 14, 15 18:16
14-02-2015 18:27:40 Windows Update
14-02-2015 18:35:06 Windows Update
14-02-2015 18:43:03 Windows Update
14-02-2015 19:19:59 Windows Update
14-02-2015 19:22:19 Windows Update
15-02-2015 11:36:01 Installed Microsoft Fix it 50535
15-02-2015 11:43:45 Installed Microsoft Fix it 50535
15-02-2015 11:47:55 Installed Microsoft Fix it 50535
15-02-2015 15:23:24 Installed Microsoft Fix it 50535
15-02-2015 15:25:23 Installed Microsoft Fix it 50535
15-02-2015 17:02:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {364721D1-B8DB-4BC0-AB01-D8FDF53FE2BB} - System32\Tasks\{6A466E75-FF45-4C89-B53C-A09C34F9DD35} => pcalua.exe -a C:\Downloads\contextmenueditorinstall.exe -d C:\Downloads
Task: {6A200A51-8CD8-453A-9D1E-1AFD13721A2C} - System32\Tasks\2BrightSparks\SyncBackFree\JAYCEE-User\SyncBackFree JayCee Backup => C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe [2015-01-19] (2BrightSparks Pte Ltd)
Task: {740738C9-37A4-4378-BF35-7C29A4FEAE12} - System32\Tasks\Softland\FBackup 5\fba_JayCees => C:\Program Files\Softland\FBackup 5\bBackup.exe
Task: {839A0281-FABF-4658-A56B-0D54EAABEE0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {8E02E06C-0470-47C3-A70E-4F492AD5D10F} - System32\Tasks\Softland\FBackup 5\fba_JayCee Backup => C:\Program Files\Softland\FBackup 5\bBackup.exe
Task: {9A2787A0-4682-4D02-9176-CA3632E9CE4A} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_User => C:\Program Files\Softland\FBackup 5\bTray.exe
Task: {A7D1E7DC-EBB9-4DC3-9D87-43381FA344F4} - System32\Tasks\{F74C0485-5846-49C4-B294-2A1492D0F5EF} => pcalua.exe -a C:\Windows\uninst.exe -c -f"C:\Program Files\Dial Solutions\Oak Draw\DeIsL1.isu" -c"C:\Program Files\Dial Solutions\Oak Draw\_ISREG32.DLL"
Task: {A9624156-B6A7-400E-AB9E-12474F91C86C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {A9FC159A-E662-49A3-8059-6DBF82D13C5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {C59E9686-F30B-410B-8980-43262F5AE3C0} - System32\Tasks\{4547A25A-91DA-479A-9165-8461D458848A} => pcalua.exe -a E:\setup.exe -d E:\
Task: {D132C9FF-93C6-44E9-BFC6-C5713B24D418} - System32\Tasks\{927BD098-C4A0-44BA-B8AA-DB9878A568E8} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\JayCees\Chess\Grading\ST6UNST.LOG"
Task: {E775346E-D797-4629-9769-DB5F7E6CEC4A} - System32\Tasks\Auslogics\Disk Defrag\Scheduled Defragmentation => Rundll32.exe TaskSchedulerHelper.dll,RunTask "DiskDefrag.exe" "-UseTray -Scheduler"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\fba_Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-26 11:30 - 2007-08-13 09:39 - 00022723 _____ () C:\Windows\System32\cl31cl3.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2015-01-14 08:50 - 2015-02-09 02:17 - 00153712 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 08:50 - 2015-02-09 02:17 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00692454.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20752428.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99080728.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00692454.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20752428.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99080728.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nSvcIp => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice 4.0.1.lnk => C:\Windows\pss\OpenOffice 4.0.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iLivid => "C:\Users\User\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: RTBatteryMeter => C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SysMetrix => C:\Program Files\SysMetrix\SysMetrix.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2618260354-4144512923-24617707-500 - Administrator - Disabled)
Guest (S-1-5-21-2618260354-4144512923-24617707-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2618260354-4144512923-24617707-1010 - Limited - Enabled)
User (S-1-5-21-2618260354-4144512923-24617707-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 07:17:59 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:17:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 07:17:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 07:13:18 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:12:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 07:12:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 05:04:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (02/15/2015 05:04:17 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (02/15/2015 05:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 03:27:04 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.


System errors:
=============
Error: (02/15/2015 07:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (02/15/2015 05:04:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

Error: (02/15/2015 04:59:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (02/15/2015 02:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (02/15/2015 11:46:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (02/15/2015 10:08:35 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GLORIAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F6263575-FF53-481E-A528-8CE3FB27AE.
The master browser is stopping or an election is being forced.

Error: (02/15/2015 09:25:02 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GLORIAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F6263575-FF53-481E-A528-8CE3FB27AE.
The master browser is stopping or an election is being forced.

Error: (02/15/2015 07:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (02/14/2015 07:23:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

Error: (02/14/2015 07:21:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).


Microsoft Office Sessions:
=========================
Error: (02/15/2015 07:17:59 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:17:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 07:17:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 07:13:18 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.

Error: (02/15/2015 07:12:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 07:12:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 05:04:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
Description: HRESULT:0x8004FF80
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

Error: (02/15/2015 05:04:17 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2015 05:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2015 03:27:04 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: AMD Phenom(tm) 9950 Quad-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 3583.3 MB
Available physical RAM: 2510.86 MB
Total Pagefile: 6653.6 MB
Available Pagefile: 5458.18 MB
Total Virtual: 3071.88 MB
Available Virtual: 2904.96 MB

==================== Drives ================================

Drive c: (C - Internal) (Fixed) (Total:297.99 GB) (Free:243.78 GB) NTFS
Drive d: (D - External) (Fixed) (Total:1863.02 GB) (Free:1099.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 06EA17FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 909CF17B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by User (administrator) on JAYCEE on 15-02-2015 19:25:03
Running from C:\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17509232 2015-02-06] (Astonsoft)
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\MountPoints2: {89c9251c-739c-11e3-99e8-0025226f6163} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
ShortcutTarget: thunderbird.exe - Shortcut.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...E&Tid=0003295F&OHP=http://www.google.com&OSP=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762
FF SelectedSearchEngine:
FF Homepage:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2618260354-4144512923-24617707-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-14]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-07-20]
CHR Extension: (ClipMonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci [2014-02-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl6dad6172; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E8101BD-12FA-4D44-9078-46670F209011}\MpKsl6dad6172.sys [39464 2015-02-15] (Microsoft Corporation)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-08-03] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [61696 2012-06-13] (Silicon Laboratories)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-08-13] (Samsung Electronics) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-09] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 cpuz137; \??\C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:24 - 2015-02-15 19:25 - 00000000 ____D () C:\FRST
2015-02-15 19:11 - 2015-02-15 19:11 - 00000000 ____D () C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures
2015-02-15 17:03 - 2015-02-15 17:03 - 00000000 ____D () C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures
2015-02-15 14:54 - 2015-02-15 14:54 - 00000000 ____D () C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures
2015-02-14 19:22 - 2015-02-14 19:22 - 00000000 ____D () C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures
2015-02-14 19:20 - 2015-02-14 19:20 - 00000000 ____D () C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures
2015-02-14 18:57 - 2015-02-14 18:57 - 00000000 ____D () C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures
2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures
2015-02-14 18:35 - 2015-02-14 18:35 - 00000000 ____D () C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures
2015-02-14 18:18 - 2015-02-14 18:22 - 00001648 _____ () C:\Windows\system32\ASOROSet.bin
2015-02-14 18:18 - 2015-02-14 18:18 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-02-14 18:15 - 2015-02-14 18:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Solvusoft
2015-02-14 18:15 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe
2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures
2015-02-13 19:26 - 2015-02-13 19:26 - 00000000 ____D () C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures
2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures
2015-02-13 18:30 - 2015-02-04 02:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-13 18:30 - 2015-02-04 02:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-13 18:30 - 2015-02-04 02:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-13 18:30 - 2015-01-27 23:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-13 18:30 - 2015-01-09 02:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-13 18:30 - 2015-01-09 02:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-13 18:30 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 18:29 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-13 10:08 - 2015-02-13 10:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-13 10:08 - 2015-02-13 10:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-12 19:39 - 2015-02-12 19:39 - 00000000 ____D () C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures
2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-02-12 08:00 - 2015-01-23 04:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:52 - 2015-02-15 19:15 - 00009726 _____ () C:\Windows\PFRO.log
2015-02-11 19:11 - 2015-02-11 19:11 - 00000000 ____D () C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures
2015-02-11 07:42 - 2015-01-15 07:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:42 - 2015-01-15 07:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:42 - 2015-01-15 07:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:42 - 2015-01-15 07:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:42 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:42 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:42 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:42 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:42 - 2015-01-15 04:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:42 - 2015-01-09 01:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:41 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 07:41 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:41 - 2015-01-13 05:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:41 - 2015-01-13 05:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:41 - 2015-01-13 05:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:41 - 2015-01-13 05:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:41 - 2015-01-13 05:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:41 - 2015-01-13 04:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:41 - 2015-01-13 03:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 07:41 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:41 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 13:56 - 2015-02-15 19:21 - 00025334 _____ () C:\Windows\setupact.log
2015-02-10 13:56 - 2015-02-10 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 12:42 - 2015-02-10 12:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.5
2015-02-10 12:41 - 2015-02-10 12:43 - 00000000 ____D () C:\Program Files\Scribus 1.4.5
2015-02-10 12:39 - 2015-02-10 12:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 10:55 - 2015-02-10 13:44 - 00000000 ____D () C:\AdwCleaner
2015-02-01 10:53 - 2015-02-01 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-24 10:00 - 2015-01-24 10:00 - 00040900 _____ () C:\Users\User\Documents\cc_20150124_100014.reg
2015-01-21 18:46 - 2015-01-21 18:46 - 00003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:23 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:23 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:17 - 2013-05-24 18:25 - 00002086 _____ () C:\Windows\epplauncher.mif
2015-02-15 19:17 - 2013-05-24 12:02 - 01155351 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 19:16 - 2013-05-24 17:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\EssentialPIM
2015-02-15 19:15 - 2014-04-01 07:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 19:15 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 18:28 - 2014-04-01 07:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 07:54 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-14 19:11 - 2013-05-28 14:50 - 00000000 ____D () C:\Windows\pss
2015-02-14 18:42 - 2010-11-20 21:01 - 00765656 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 18:23 - 2009-07-14 02:03 - 43515904 _____ () C:\Windows\system32\config\software.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 20447232 _____ () C:\Windows\system32\config\system.bak
2015-02-14 18:23 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-14 18:20 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-14 12:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 07:58 - 2014-02-12 14:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-13 18:33 - 2014-12-11 19:02 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 18:33 - 2014-11-12 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 18:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing
2015-02-13 10:08 - 2014-08-26 13:47 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-02-12 14:08 - 2013-05-25 11:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-12 08:26 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 07:54 - 2013-05-24 20:56 - 00000000 ____D () C:\Windows\Panther
2015-02-12 07:54 - 2009-07-14 04:33 - 00341192 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:19 - 2013-08-14 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 19:14 - 2013-05-26 11:12 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 17:05 - 2013-07-25 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-02-10 17:02 - 2013-10-10 09:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2015-02-10 16:45 - 2013-07-25 17:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-02-10 13:09 - 2014-09-02 14:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 13:01 - 2013-05-28 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-10 13:00 - 2015-01-14 08:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-10 13:00 - 2013-05-24 17:26 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-02-10 12:57 - 2014-09-02 13:15 - 00000000 ____D () C:\Program Files\Speccy
2015-02-10 12:39 - 2014-01-19 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 12:30 - 2014-09-11 10:15 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-10 12:30 - 2013-07-03 21:54 - 00000000 ____D () C:\Program Files\Java
2015-02-10 12:27 - 2014-02-12 14:25 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-10 12:21 - 2014-12-01 19:24 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-02-10 12:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-10 11:59 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration
2015-02-06 15:14 - 2009-07-14 02:04 - 00000498 _____ () C:\Windows\win.ini
2015-02-01 10:53 - 2013-07-23 11:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 10:14 - 2014-12-23 14:39 - 00000000 ____D () C:\ProgramData\HP
2015-02-01 10:13 - 2014-12-23 14:55 - 00000000 ____D () C:\Program Files\HP
2015-01-21 08:47 - 2014-12-23 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
2015-01-19 20:59 - 2009-07-14 04:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-05-25 09:35 - 2013-05-25 09:35 - 0022513 _____ () C:\Users\User\AppData\Roaming\UserTile.png
2014-01-30 12:13 - 2014-03-10 16:57 - 0000095 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-01-21 18:46 - 2015-01-21 18:46 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-23 14:32 - 2014-07-23 14:32 - 0007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-12-23 14:54 - 2014-12-23 14:54 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 08:23

==================== End Of Log ============================

I have to go offline now till the morning but do so hope that info tells you waht I can do. Thanks again.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,075

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
I have tried that before with no success and have now tried it again.

It gets so far and then says "Service 'Microsoft antimalware service' (MsMpSvc' could not be stopped verify that you have sufficient priviliges to stop system services"

When I say yes then it jsut keeps getting to there again.
 

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
Further to the above I have tried to stop MsMpSvc using msconfig and also net stop but nothing seems to be able to stop it running. I did try stopping it in msconfig and then running MR Fixit without restarting the computer but that didn't work either.
This seems to be Big Brother Microsoft going way over the top in denying us control of our own machines.
 

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
Sorry to come back again but I have forgotten to answer your question about which program for antivirus I want to go to.

I would like to carry on with MSE but before doing so would ask your opinion on that - is it worth carrying on if this problem may arise again and if not which anti virus do you folks reccomend? It would be better if it is free but I wouldn't mind a small amount of payment.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,075
OK so we're going to use FRST to see if we can remove those remnants.

Please download the attached fixlist.txt file and save it where you saved FRST (which is your C:\Downloads folder).

NOTE: It's important that both files, FRST and fixlist.txt are in the same location (preferably on the desktop) or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.
 

Attachments

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,075
I would like to carry on with MSE but before doing so would ask your opinion on that - is it worth carrying on if this problem may arise again and if not which anti virus do you folks reccomend? It would be better if it is free but I wouldn't mind a small amount of payment.
I have never used MSE so I can't really say. Some think it's good enough and others don't. I personally don't use free anti-virus programs as I feel you get what you pay for and some have annoying nags to purchase it. I'm not saying the free ones won't do a decent job and there is no one piece of software that will detect and/or prevent all infections whether they are free or paid versions so it's really a matter of choice or budget. If you do want to pay for one then I'd recommend Eset (Nod32 anti-virus since you don't need the suite as the Windows firewall should be sufficient) or Kaspersky (which can weigh heavy on resources on some machines). :)
 

JayCee6828

Thread Starter
Joined
Dec 21, 2010
Messages
195
Ran the file as requested and here is the result :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by User at 2015-02-16 14:44:50 Run:1
Running from C:\Downloads
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
HKLM\...\Run: [] => [X]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-07-20]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm [2014-02-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci [2014-02-10]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
C:\Program Files\Microsoft Security Client
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
C:\Windows\System32\DRIVERS\MpFilter.sys
2015-02-15 19:11 - 2015-02-15 19:11 - 00000000 ____D () C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures
2015-02-15 17:03 - 2015-02-15 17:03 - 00000000 ____D () C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures
2015-02-15 14:54 - 2015-02-15 14:54 - 00000000 ____D () C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures
2015-02-14 19:22 - 2015-02-14 19:22 - 00000000 ____D () C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures
2015-02-14 19:20 - 2015-02-14 19:20 - 00000000 ____D () C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures
2015-02-14 18:57 - 2015-02-14 18:57 - 00000000 ____D () C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures
2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures
2015-02-14 18:35 - 2015-02-14 18:35 - 00000000 ____D () C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures
2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures
2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures
2015-02-13 19:26 - 2015-02-13 19:26 - 00000000 ____D () C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures
2015-02-12 19:39 - 2015-02-12 19:39 - 00000000 ____D () C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures
2015-02-11 19:11 - 2015-02-11 19:11 - 00000000 ____D () C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures

*****************

C:\ProgramData\TEMP => ":0CFF5F08" ADS removed successfully.
C:\Program Files\Microsoft Security Client\MsMpEng.exe => Failed to close process.
C:\Program Files\Microsoft Security Client\NisSrv.exe => Failed to close process.
C:\Windows\System32\msiexec.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci => Moved successfully.
MsMpSvc => Unable to stop service
MsMpSvc => Error deleting Service
NisSrv => Unable to stop service
NisSrv => Error deleting Service
"C:\Program Files\Microsoft Security Client" => Warning: FRST is scripted not to move this directory.
MpFilter => Unable to stop service
MpFilter => Error deleting Service
C:\Windows\System32\DRIVERS\MpFilter.sys => Moved successfully.
C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures => Moved successfully.
C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures => Moved successfully.
C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures => Moved successfully.
C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures => Moved successfully.
C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures => Moved successfully.
C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures => Moved successfully.
C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures => Moved successfully.
C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures => Moved successfully.
C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures => Moved successfully.
C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures => Moved successfully.
C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures => Moved successfully.
C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures => Moved successfully.
C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures => Moved successfully.
C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures => Moved successfully.

==== End of Fixlog 14:45:07 ====
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top