1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Error code 8004FF80

Discussion in 'General Security' started by JayCee6828, Feb 15, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    I have a problem that every time I get an update to Micrsoft ecurity Essentilas it always fails nowadays.

    Having looked through many forums and many interent articles I am totally confused as to the best course of action; it would seem a good idea to uninstall MSE and reinstall a good copy but my machine will not uninstall it.

    I have tried starting with services disbaled but don't really know what I am doing and am sure that very soon I will make my computer unworkable if I carry on.

    Is there anyone who can explain in words of one syllable what I need to do to cure this problem; or even can you tell me if it is a problem I need to address?

    Below is the output from SysInfo:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: AMD Phenom(tm) 9950 Quad-Core Processor, x64 Family 16 Model 2 Stepping 3
    Processor Count: 4
    RAM: 3583 Mb
    Graphics Card: ATI Radeon HD 3600 Series, 512 Mb
    Hard Drives: C: Total - 305141 MB, Free - 250064 MB; D: Total - 1907728 MB, Free - 1126109 MB;
    Motherboard: ASRock, N68C-S UCC
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  2. captainron276

    captainron276

    Joined:
    Sep 11, 2010
    Messages:
    3,985
    First Name:
    Ron
  3. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    Thanks captainron but I have worked through that article very carefully and also ued Mr Fixit; nothing seems to get rid of it.

    When working hrough the article and messing with the registry quite a few of the files I was supposed to delete weren't even there, and I did check very carefully that I was looking in the locations given.

    If I just delete all the files I can find relating to MSE would that do it if I then installed a seperate anti-virus? Or would I still keep getting updates from Microsoft which won't install.

    I canot believe that something from Microsoft is so difficult to get rid of - if, of course, it is a Microsoft product!
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,280
    I would try installing MSE again over the top of whatever remnants are there and then reboot the machine then uninstall it and reboot again.
     
  5. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    Thanks for that, I have tried that but it gets so far through updating the app then stops with an error saying it has encountered an unknown error.

    I don't think MSE is now running so should I install another anti virus like avast?

    I don't suppose that will completely stop the problem though!
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,280
    Let's run a program that might give some insight into what's still remaining regarding MSE.

    Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

    Note: You need to run the version that's compatible with your system (32-bit or 64-bit).

    • Double-click FRST to run it. When the tool opens click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log named (FRST.txt) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
    • The first time the tool is run it makes a second log named (Addition.txt). Please copy and paste the contents of that log as well.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,280
    As for installing another anti-virus program you definitely need something running but if you can take the PC offline and only use it to reply here (unless you have another one you can use) until you've run the above before installing one that would be better as Avast may kick out some errors too if it sees some components from MSE.
     
  8. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    Thanks for the advice and interest Cookiegal.

    Here are the files :

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
    Ran by User at 2015-02-15 19:25:44
    Running from C:\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
    AMD Catalyst Install Manager (HKLM\...\{B9BA9CC8-B0A2-00C8-780E-B82A066E48C6}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ashampoo Burning Studio 12 v.12.0.5 (HKLM\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
    Ashampoo Music Studio 4 v.4.1.2 (HKLM\...\{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1) (Version: 4.1.2 - Ashampoo GmbH & Co. KG)
    AspexDraw (HKLM\...\{94DF3CE6-8C8B-411D-ADE2-702CF8E98DF5}) (Version: 2.5.0.0 - Aspex Software)
    Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
    BBC BASIC for Windows (full version) (HKLM\...\BBC BASIC for Windows_is1) (Version: - )
    CanoScan Toolbox Ver4.6 (HKLM\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version: - )
    Cardbox 3.0 (HKLM\...\Cardbox 3.0) (Version: - Cardbox Software Limited)
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    ChessDiagrams14 (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\ChessDiagrams14) (Version: - )
    Chuckie Egg for Windows 1.1 (HKLM\...\Chuckie Egg for Windows_is1) (Version: - )
    ClickCharts Diagram Flowchart Software (HKLM\...\ClickCharts) (Version: 1.24 - NCH Software)
    eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    EssentialPIM (HKLM\...\EssentialPIM) (Version: 6.05 - Astonsoft Ltd)
    FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
    Free Alarm Clock 3.0.3 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
    HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    [email protected] Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
    LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
    LifeScan USB Device Driver vSL3.0 (Driver Removal) (HKLM\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc)
    Logitech SetPoint 6.65 (HKLM\...\SP6) (Version: 6.65.62 - Logitech)
    MAGIX Audio Cleaning Lab MX (HKLM\...\MAGIX_{E2581FA7-87E8-4943-B797-72375F05EA92}) (Version: 18.0.0.9 - MAGIX AG)
    MAGIX Audio Cleaning Lab MX (Version: 18.0.0.9 - MAGIX AG) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Meter Drivers for OneTouch(R) Software (Version: 1.15.0.0 - LifeScan) Hidden
    Meter Drivers for OneTouch(R) Software (Version: 1.95.5.0 - LifeScan) Hidden
    Meter Drivers for OneTouch(R) Software v1.15.0.0 (HKLM\...\InstallShield_{CFE34F17-87E5-4BC7-A339-3E04E5428897}) (Version: 1.15.0.0 - LifeScan)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
    Mozilla Thunderbird 36.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Msxml4 for LDCF (HKLM\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
    OneTouch Software (HKLM\...\{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}) (Version: - )
    OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
    paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
    PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.0 - Prolific Technology INC)
    Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
    Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Scribus 1.4.5 (HKLM\...\Scribus 1.4.5) (Version: 1.4.5 - The Scribus Team)
    Space Invaders (HKLM\...\Space Invaders_is1) (Version: - Paradum Games)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Spotify (HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
    SyncBackFree (HKLM\...\SyncBackFree_is1) (Version: 7.0.32.0 - 2BrightSparks)
    Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
    VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    VibrateGameDeviceDriver (HKLM\...\{DBB7F606-0C13-4182-AD7F-427A4773580E}) (Version: 4.07.1112G - VibrateGameDeviceDriver)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
    CustomCLSID: HKU\S-1-5-21-2618260354-4144512923-24617707-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

    ==================== Restore Points =========================

    11-02-2015 19:10:42 Windows Update
    12-02-2015 14:07:56 Removed Microsoft Silverlight
    12-02-2015 19:38:50 Windows Update
    13-02-2015 18:30:29 Windows Update
    13-02-2015 19:26:15 Windows Update
    14-02-2015 18:00:08 Windows Update
    14-02-2015 18:16:40 WinThruster Sat, Feb 14, 15 18:16
    14-02-2015 18:27:40 Windows Update
    14-02-2015 18:35:06 Windows Update
    14-02-2015 18:43:03 Windows Update
    14-02-2015 19:19:59 Windows Update
    14-02-2015 19:22:19 Windows Update
    15-02-2015 11:36:01 Installed Microsoft Fix it 50535
    15-02-2015 11:43:45 Installed Microsoft Fix it 50535
    15-02-2015 11:47:55 Installed Microsoft Fix it 50535
    15-02-2015 15:23:24 Installed Microsoft Fix it 50535
    15-02-2015 15:25:23 Installed Microsoft Fix it 50535
    15-02-2015 17:02:16 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {364721D1-B8DB-4BC0-AB01-D8FDF53FE2BB} - System32\Tasks\{6A466E75-FF45-4C89-B53C-A09C34F9DD35} => pcalua.exe -a C:\Downloads\contextmenueditorinstall.exe -d C:\Downloads
    Task: {6A200A51-8CD8-453A-9D1E-1AFD13721A2C} - System32\Tasks\2BrightSparks\SyncBackFree\JAYCEE-User\SyncBackFree JayCee Backup => C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe [2015-01-19] (2BrightSparks Pte Ltd)
    Task: {740738C9-37A4-4378-BF35-7C29A4FEAE12} - System32\Tasks\Softland\FBackup 5\fba_JayCees => C:\Program Files\Softland\FBackup 5\bBackup.exe
    Task: {839A0281-FABF-4658-A56B-0D54EAABEE0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {8E02E06C-0470-47C3-A70E-4F492AD5D10F} - System32\Tasks\Softland\FBackup 5\fba_JayCee Backup => C:\Program Files\Softland\FBackup 5\bBackup.exe
    Task: {9A2787A0-4682-4D02-9176-CA3632E9CE4A} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_User => C:\Program Files\Softland\FBackup 5\bTray.exe
    Task: {A7D1E7DC-EBB9-4DC3-9D87-43381FA344F4} - System32\Tasks\{F74C0485-5846-49C4-B294-2A1492D0F5EF} => pcalua.exe -a C:\Windows\uninst.exe -c -f"C:\Program Files\Dial Solutions\Oak Draw\DeIsL1.isu" -c"C:\Program Files\Dial Solutions\Oak Draw\_ISREG32.DLL"
    Task: {A9624156-B6A7-400E-AB9E-12474F91C86C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
    Task: {A9FC159A-E662-49A3-8059-6DBF82D13C5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
    Task: {C59E9686-F30B-410B-8980-43262F5AE3C0} - System32\Tasks\{4547A25A-91DA-479A-9165-8461D458848A} => pcalua.exe -a E:\setup.exe -d E:\
    Task: {D132C9FF-93C6-44E9-BFC6-C5713B24D418} - System32\Tasks\{927BD098-C4A0-44BA-B8AA-DB9878A568E8} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\JayCees\Chess\Grading\ST6UNST.LOG"
    Task: {E775346E-D797-4629-9769-DB5F7E6CEC4A} - System32\Tasks\Auslogics\Disk Defrag\Scheduled Defragmentation => Rundll32.exe TaskSchedulerHelper.dll,RunTask "DiskDefrag.exe" "-UseTray -Scheduler"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\fba_Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-05-26 11:30 - 2007-08-13 09:39 - 00022723 _____ () C:\Windows\System32\cl31cl3.dll
    2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
    2015-01-14 08:50 - 2015-02-09 02:17 - 00153712 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
    2015-01-14 08:50 - 2015-02-09 02:17 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00692454.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20752428.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99080728.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00692454.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20752428.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99080728.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 8.8.8.8 - 8.8.4.4

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: !SASCORE => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMD FUEL Service => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: LBTServ => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: nSvcIp => 2
    MSCONFIG\Services: SpyHunter 4 Service => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice 4.0.1.lnk => C:\Windows\pss\OpenOffice 4.0.1.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    MSCONFIG\startupreg: iLivid => "C:\Users\User\AppData\Local\iLivid\iLivid.exe" -autorun
    MSCONFIG\startupreg: RTBatteryMeter => C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: SysMetrix => C:\Program Files\SysMetrix\SysMetrix.exe

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2618260354-4144512923-24617707-500 - Administrator - Disabled)
    Guest (S-1-5-21-2618260354-4144512923-24617707-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2618260354-4144512923-24617707-1010 - Limited - Enabled)
    User (S-1-5-21-2618260354-4144512923-24617707-1000 - Administrator - Enabled) => C:\Users\User

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/15/2015 07:17:59 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
    Description: HRESULT:0x8004FF80
    Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.

    Error: (02/15/2015 07:17:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (02/15/2015 07:17:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/15/2015 07:13:18 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
    Description: HRESULT:0x8004FF80
    Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.

    Error: (02/15/2015 07:12:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (02/15/2015 07:12:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (02/15/2015 05:04:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
    Description: HRESULT:0x8004FF80
    Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

    Error: (02/15/2015 05:04:17 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (02/15/2015 05:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/15/2015 03:27:04 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.


    System errors:
    =============
    Error: (02/15/2015 07:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%2

    Error: (02/15/2015 05:04:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

    Error: (02/15/2015 04:59:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%2

    Error: (02/15/2015 02:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%2

    Error: (02/15/2015 11:46:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%2

    Error: (02/15/2015 10:08:35 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer GLORIAN
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F6263575-FF53-481E-A528-8CE3FB27AE.
    The master browser is stopping or an election is being forced.

    Error: (02/15/2015 09:25:02 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer GLORIAN
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F6263575-FF53-481E-A528-8CE3FB27AE.
    The master browser is stopping or an election is being forced.

    Error: (02/15/2015 07:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%2

    Error: (02/14/2015 07:23:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).

    Error: (02/14/2015 07:21:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).


    Microsoft Office Sessions:
    =========================
    Error: (02/15/2015 07:17:59 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
    Description: HRESULT:0x8004FF80
    Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.

    Error: (02/15/2015 07:17:51 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/15/2015 07:17:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/15/2015 07:13:18 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
    Description: HRESULT:0x8004FF80
    Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF80.

    Error: (02/15/2015 07:12:39 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/15/2015 07:12:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/15/2015 05:04:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: JAYCEE)
    Description: HRESULT:0x8004FF80
    Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80.

    Error: (02/15/2015 05:04:17 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/15/2015 05:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/15/2015 03:27:04 PM) (Source: MsiInstaller) (EventID: 11921) (User: JAYCEE)
    Description: Product: Microsoft Fix it 50535 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) 9950 Quad-Core Processor
    Percentage of memory in use: 29%
    Total physical RAM: 3583.3 MB
    Available physical RAM: 2510.86 MB
    Total Pagefile: 6653.6 MB
    Available Pagefile: 5458.18 MB
    Total Virtual: 3071.88 MB
    Available Virtual: 2904.96 MB

    ==================== Drives ================================

    Drive c: (C - Internal) (Fixed) (Total:297.99 GB) (Free:243.78 GB) NTFS
    Drive d: (D - External) (Fixed) (Total:1863.02 GB) (Free:1099.47 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 06EA17FA)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 1863 GB) (Disk ID: 909CF17B)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
    Ran by User (administrator) on JAYCEE on 15-02-2015 19:25:03
    Running from C:\Downloads
    Loaded Profiles: User (Available profiles: User)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
    HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17509232 2015-02-06] (Astonsoft)
    HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-2618260354-4144512923-24617707-1000\...\MountPoints2: {89c9251c-739c-11e3-99e8-0025226f6163} - F:\HTC_Sync_Manager_PC.exe
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
    ShortcutTarget: thunderbird.exe - Shortcut.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\S-1-5-21-2618260354-4144512923-24617707-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...E&Tid=0003295F&OHP=http://www.google.com&OSP=
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F6263575-FF53-481E-A528-8CE3FB27AE62}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762
    FF SelectedSearchEngine:
    FF Homepage:
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2618260354-4144512923-24617707-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h4sj1p9p.default-1410612891762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
    FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-14]

    Chrome:
    =======
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil [2014-02-10]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-07-20]
    CHR Extension: (ClipMonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh [2014-02-10]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm [2014-02-10]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci [2014-02-10]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
    S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
    S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
    R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
    R3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd) [File not signed]
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R1 MpKsl6dad6172; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E8101BD-12FA-4D44-9078-46670F209011}\MpKsl6dad6172.sys [39464 2015-02-15] (Microsoft Corporation)
    R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-08] (IBM Corp.)
    R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
    R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
    R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
    S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-08-03] (Silicon Laboratories)
    S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [61696 2012-06-13] (Silicon Laboratories)
    R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-08-13] (Samsung Electronics) [File not signed]
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-09] ()
    R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
    S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
    S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
    S3 cpuz137; \??\C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [X]
    S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-15 19:24 - 2015-02-15 19:25 - 00000000 ____D () C:\FRST
    2015-02-15 19:11 - 2015-02-15 19:11 - 00000000 ____D () C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures
    2015-02-15 17:03 - 2015-02-15 17:03 - 00000000 ____D () C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures
    2015-02-15 14:54 - 2015-02-15 14:54 - 00000000 ____D () C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures
    2015-02-14 19:22 - 2015-02-14 19:22 - 00000000 ____D () C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures
    2015-02-14 19:20 - 2015-02-14 19:20 - 00000000 ____D () C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures
    2015-02-14 18:57 - 2015-02-14 18:57 - 00000000 ____D () C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures
    2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures
    2015-02-14 18:35 - 2015-02-14 18:35 - 00000000 ____D () C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures
    2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures
    2015-02-14 18:18 - 2015-02-14 18:22 - 00001648 _____ () C:\Windows\system32\ASOROSet.bin
    2015-02-14 18:18 - 2015-02-14 18:18 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
    2015-02-14 18:15 - 2015-02-14 18:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Solvusoft
    2015-02-14 18:15 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe
    2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures
    2015-02-13 19:26 - 2015-02-13 19:26 - 00000000 ____D () C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures
    2015-02-13 18:36 - 2015-02-13 18:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures
    2015-02-13 18:30 - 2015-02-04 02:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-13 18:30 - 2015-02-04 02:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-13 18:30 - 2015-02-04 02:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-13 18:30 - 2015-02-04 02:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-13 18:30 - 2015-02-04 02:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-13 18:30 - 2015-02-04 02:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-13 18:30 - 2015-02-04 02:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-13 18:30 - 2015-01-27 23:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-13 18:30 - 2015-01-09 02:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-13 18:30 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-13 18:30 - 2015-01-09 02:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-13 18:30 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-13 18:29 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-13 10:08 - 2015-02-13 10:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-13 10:08 - 2015-02-13 10:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-12 19:39 - 2015-02-12 19:39 - 00000000 ____D () C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures
    2015-02-12 10:03 - 2015-02-12 10:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
    2015-02-12 08:00 - 2015-01-23 04:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 07:52 - 2015-02-15 19:15 - 00009726 _____ () C:\Windows\PFRO.log
    2015-02-11 19:11 - 2015-02-11 19:11 - 00000000 ____D () C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures
    2015-02-11 07:42 - 2015-01-15 07:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 07:42 - 2015-01-15 07:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 07:42 - 2015-01-15 07:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 07:42 - 2015-01-15 07:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 07:42 - 2015-01-15 07:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 07:42 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 07:42 - 2015-01-15 07:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 07:42 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 07:42 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 07:42 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 07:42 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 07:42 - 2015-01-15 04:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 07:42 - 2015-01-09 01:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-11 07:41 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-02-11 07:41 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 07:41 - 2015-01-13 05:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 07:41 - 2015-01-13 05:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 07:41 - 2015-01-13 05:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 07:41 - 2015-01-13 05:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 07:41 - 2015-01-13 05:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 07:41 - 2015-01-13 05:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 07:41 - 2015-01-13 04:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 07:41 - 2015-01-13 03:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-11 07:41 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 07:41 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 13:56 - 2015-02-15 19:21 - 00025334 _____ () C:\Windows\setupact.log
    2015-02-10 13:56 - 2015-02-10 13:56 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-10 12:42 - 2015-02-10 12:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.5
    2015-02-10 12:41 - 2015-02-10 12:43 - 00000000 ____D () C:\Program Files\Scribus 1.4.5
    2015-02-10 12:39 - 2015-02-10 12:39 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-02-01 10:55 - 2015-02-10 13:44 - 00000000 ____D () C:\AdwCleaner
    2015-02-01 10:53 - 2015-02-01 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-01-24 10:00 - 2015-01-24 10:00 - 00040900 _____ () C:\Users\User\Documents\cc_20150124_100014.reg
    2015-01-21 18:46 - 2015-01-21 18:46 - 00003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-15 19:23 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-15 19:23 - 2009-07-14 04:34 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-15 19:17 - 2013-05-24 18:25 - 00002086 _____ () C:\Windows\epplauncher.mif
    2015-02-15 19:17 - 2013-05-24 12:02 - 01155351 _____ () C:\Windows\WindowsUpdate.log
    2015-02-15 19:16 - 2013-05-24 17:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\EssentialPIM
    2015-02-15 19:15 - 2014-04-01 07:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-15 19:15 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-15 18:28 - 2014-04-01 07:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-15 07:54 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-02-14 19:11 - 2013-05-28 14:50 - 00000000 ____D () C:\Windows\pss
    2015-02-14 18:42 - 2010-11-20 21:01 - 00765656 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-14 18:23 - 2009-07-14 02:03 - 43515904 _____ () C:\Windows\system32\config\software.bak
    2015-02-14 18:23 - 2009-07-14 02:03 - 20447232 _____ () C:\Windows\system32\config\system.bak
    2015-02-14 18:23 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
    2015-02-14 18:20 - 2009-07-14 02:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
    2015-02-14 12:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
    2015-02-14 07:58 - 2014-02-12 14:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-13 18:33 - 2014-12-11 19:02 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-13 18:33 - 2014-11-12 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-13 18:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing
    2015-02-13 10:08 - 2014-08-26 13:47 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
    2015-02-12 14:08 - 2013-05-25 11:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-02-12 08:26 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
    2015-02-12 07:54 - 2013-05-24 20:56 - 00000000 ____D () C:\Windows\Panther
    2015-02-12 07:54 - 2009-07-14 04:33 - 00341192 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-11 19:19 - 2013-08-14 10:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 19:14 - 2013-05-26 11:12 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 17:05 - 2013-07-25 17:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
    2015-02-10 17:02 - 2013-10-10 09:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
    2015-02-10 16:45 - 2013-07-25 17:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
    2015-02-10 13:09 - 2014-09-02 14:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-10 13:01 - 2013-05-28 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-10 13:00 - 2015-01-14 08:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
    2015-02-10 13:00 - 2013-05-24 17:26 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2015-02-10 12:57 - 2014-09-02 13:15 - 00000000 ____D () C:\Program Files\Speccy
    2015-02-10 12:39 - 2014-01-19 09:27 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-10 12:30 - 2014-09-11 10:15 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-02-10 12:30 - 2013-07-03 21:54 - 00000000 ____D () C:\Program Files\Java
    2015-02-10 12:27 - 2014-02-12 14:25 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-10 12:21 - 2014-12-01 19:24 - 00000000 ____D () C:\Program Files\FileHippo.com
    2015-02-10 12:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\wfp
    2015-02-10 11:59 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration
    2015-02-06 15:14 - 2009-07-14 02:04 - 00000498 _____ () C:\Windows\win.ini
    2015-02-01 10:53 - 2013-07-23 11:40 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-01 10:14 - 2014-12-23 14:39 - 00000000 ____D () C:\ProgramData\HP
    2015-02-01 10:13 - 2014-12-23 14:55 - 00000000 ____D () C:\Program Files\HP
    2015-01-21 08:47 - 2014-12-23 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate
    2015-01-19 20:59 - 2009-07-14 04:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    ==================== Files in the root of some directories =======

    2013-05-25 09:35 - 2013-05-25 09:35 - 0022513 _____ () C:\Users\User\AppData\Roaming\UserTile.png
    2014-01-30 12:13 - 2014-03-10 16:57 - 0000095 _____ () C:\Users\User\AppData\Roaming\WB.CFG
    2015-01-21 18:46 - 2015-01-21 18:46 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-07-23 14:32 - 2014-07-23 14:32 - 0007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
    2014-12-23 14:54 - 2014-12-23 14:54 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-13 08:23

    ==================== End Of Log ============================

    I have to go offline now till the morning but do so hope that info tells you waht I can do. Thanks again.
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,280
  10. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    I have tried that before with no success and have now tried it again.

    It gets so far and then says "Service 'Microsoft antimalware service' (MsMpSvc' could not be stopped verify that you have sufficient priviliges to stop system services"

    When I say yes then it jsut keeps getting to there again.
     
  11. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    Further to the above I have tried to stop MsMpSvc using msconfig and also net stop but nothing seems to be able to stop it running. I did try stopping it in msconfig and then running MR Fixit without restarting the computer but that didn't work either.
    This seems to be Big Brother Microsoft going way over the top in denying us control of our own machines.
     
  12. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    Sorry to come back again but I have forgotten to answer your question about which program for antivirus I want to go to.

    I would like to carry on with MSE but before doing so would ask your opinion on that - is it worth carrying on if this problem may arise again and if not which anti virus do you folks reccomend? It would be better if it is free but I wouldn't mind a small amount of payment.
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,280
    OK so we're going to use FRST to see if we can remove those remnants.

    Please download the attached fixlist.txt file and save it where you saved FRST (which is your C:\Downloads folder).

    NOTE: It's important that both files, FRST and fixlist.txt are in the same location (preferably on the desktop) or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and then wait.

    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

    The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.
     

    Attached Files:

  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,280
    I have never used MSE so I can't really say. Some think it's good enough and others don't. I personally don't use free anti-virus programs as I feel you get what you pay for and some have annoying nags to purchase it. I'm not saying the free ones won't do a decent job and there is no one piece of software that will detect and/or prevent all infections whether they are free or paid versions so it's really a matter of choice or budget. If you do want to pay for one then I'd recommend Eset (Nod32 anti-virus since you don't need the suite as the Windows firewall should be sufficient) or Kaspersky (which can weigh heavy on resources on some machines). :)
     
  15. JayCee6828

    JayCee6828 Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    195
    Ran the file as requested and here is the result :

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
    Ran by User at 2015-02-16 14:44:50 Run:1
    Running from C:\Downloads
    Loaded Profiles: User (Available profiles: User)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    HKLM\...\Run: [] => [X]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil [2014-02-10]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-07-20]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm [2014-02-10]
    CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci [2014-02-10]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    C:\Program Files\Microsoft Security Client
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    C:\Windows\System32\DRIVERS\MpFilter.sys
    2015-02-15 19:11 - 2015-02-15 19:11 - 00000000 ____D () C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures
    2015-02-15 17:03 - 2015-02-15 17:03 - 00000000 ____D () C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures
    2015-02-15 14:54 - 2015-02-15 14:54 - 00000000 ____D () C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures
    2015-02-14 19:22 - 2015-02-14 19:22 - 00000000 ____D () C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures
    2015-02-14 19:20 - 2015-02-14 19:20 - 00000000 ____D () C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures
    2015-02-14 18:57 - 2015-02-14 18:57 - 00000000 ____D () C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures
    2015-02-14 18:43 - 2015-02-14 18:43 - 00000000 ____D () C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures
    2015-02-14 18:35 - 2015-02-14 18:35 - 00000000 ____D () C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures
    2015-02-14 18:28 - 2015-02-14 18:28 - 00000000 ____D () C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures
    2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures
    2015-02-13 19:26 - 2015-02-13 19:26 - 00000000 ____D () C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures
    2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures
    2015-02-12 19:39 - 2015-02-12 19:39 - 00000000 ____D () C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures
    2015-02-11 19:11 - 2015-02-11 19:11 - 00000000 ____D () C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures

    *****************

    C:\ProgramData\TEMP => ":0CFF5F08" ADS removed successfully.
    C:\Program Files\Microsoft Security Client\MsMpEng.exe => Failed to close process.
    C:\Program Files\Microsoft Security Client\NisSrv.exe => Failed to close process.
    C:\Windows\System32\msiexec.exe => No running process found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfaegpilihmhdljdojhdghipekmgil => Moved successfully.
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp => Moved successfully.
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkjpplpjpanhemjpakfelajopkooacm => Moved successfully.
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpehmgegbgfeiadgeeaceolncmgckmci => Moved successfully.
    MsMpSvc => Unable to stop service
    MsMpSvc => Error deleting Service
    NisSrv => Unable to stop service
    NisSrv => Error deleting Service
    "C:\Program Files\Microsoft Security Client" => Warning: FRST is scripted not to move this directory.
    MpFilter => Unable to stop service
    MpFilter => Error deleting Service
    C:\Windows\System32\DRIVERS\MpFilter.sys => Moved successfully.
    C:\Windows\TempEC170437-598F-9384-FCB4-89E1F96888B4-Signatures => Moved successfully.
    C:\Windows\Temp01CAD3E3-3CF3-1E21-7B5F-EE1A1B95F3FB-Signatures => Moved successfully.
    C:\Windows\TempC31A8775-E14B-263B-37A2-FB15D18BF5B5-Signatures => Moved successfully.
    C:\Windows\Temp3706AEBD-A81A-98B3-F4A1-49F2C9A34AB7-Signatures => Moved successfully.
    C:\Windows\TempB4C7C207-C23A-62CF-0992-6393DDA894CA-Signatures => Moved successfully.
    C:\Windows\TempE12FC093-1C6F-23C1-1CAD-89D4A892CF10-Signatures => Moved successfully.
    C:\Windows\Temp39005004-7C45-0689-0754-25D1D1F6F514-Signatures => Moved successfully.
    C:\Windows\TempCC98D97D-D04D-5843-E4B6-DD724340E8AB-Signatures => Moved successfully.
    C:\Windows\Temp1E0FC768-18FF-5586-7B69-2AE34C41CA66-Signatures => Moved successfully.
    C:\Windows\TempFB2EF155-9955-48E1-C862-33630F4D5EDC-Signatures => Moved successfully.
    C:\Windows\TempDA32C5FE-BC25-3B75-8A74-34874E6C251D-Signatures => Moved successfully.
    C:\Windows\Temp9383F249-369A-B93E-F571-FE99022B2718-Signatures => Moved successfully.
    C:\Windows\Temp4CDC990C-9238-959F-6821-DEFAE8C68DBD-Signatures => Moved successfully.
    C:\Windows\Temp9807D095-C24D-427E-E3AF-32BF36825262-Signatures => Moved successfully.

    ==== End of Fixlog 14:45:07 ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Error code
  1. fromaway77
    Replies:
    2
    Views:
    2,382
  2. connie189
    Replies:
    3
    Views:
    12,552
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143090

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice