Inactive "Updater has stopped working" ... Continuous Popup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 17:11 - 2013-06-15 15:35 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\NetSpeedMonitor
2014-08-07 17:10 - 2014-08-07 17:10 - 00019573 _____ () C:\Users\Dennis\Desktop\FRST.txt
2014-08-07 17:10 - 2014-08-07 17:10 - 00000000 ____D () C:\FRST
2014-08-07 17:10 - 2014-08-03 21:23 - 00000000 ____D () C:\ProgramData\Adguard
2014-08-07 17:08 - 2014-08-07 17:08 - 02094080 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2014-08-07 16:25 - 2013-01-19 17:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 16:25 - 2012-02-25 16:44 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-911639588-1509253152-2454761001-1000UA.job
2014-08-07 16:24 - 2014-08-07 16:24 - 00033098 _____ () C:\ComboFix.txt
2014-08-07 16:24 - 2014-08-07 04:02 - 00000000 ____D () C:\Qoobox
2014-08-07 16:21 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-07 16:14 - 2014-08-07 16:14 - 00000142 _____ () C:\Users\Dennis\Desktop\CFScript.txt
2014-08-07 16:09 - 2013-03-16 12:51 - 00000000 ___RD () C:\Users\Dennis\Desktop\Computer Tips & Comp Misc
2014-08-07 16:05 - 2011-12-22 16:16 - 01671569 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 15:44 - 2014-08-07 15:44 - 00091228 _____ () C:\Users\Dennis\Desktop\OTL.Txt
2014-08-07 15:44 - 2014-08-07 15:44 - 00057944 _____ () C:\Users\Dennis\Desktop\Extras.Txt
2014-08-07 15:19 - 2014-08-07 15:19 - 00602112 _____ (OldTimer Tools) C:\Users\Dennis\Desktop\OTL.exe
2014-08-07 15:15 - 2014-08-07 15:15 - 00005626 _____ () C:\Users\Dennis\Desktop\JRT.txt
2014-08-07 15:10 - 2014-08-07 15:10 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 15:05 - 2014-08-07 15:05 - 01016261 _____ (Thisisu) C:\Users\Dennis\Desktop\JRT.exe
2014-08-07 14:25 - 2013-01-19 17:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 13:23 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:23 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:16 - 2014-08-05 17:28 - 00000336 _____ () C:\Windows\setupact.log
2014-08-07 13:16 - 2014-08-03 21:23 - 00000000 ____D () C:\Program Files (x86)\Adguard
2014-08-07 13:16 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 13:14 - 2014-08-07 12:56 - 00000000 ____D () C:\AdwCleaner
2014-08-07 13:14 - 2014-05-30 15:57 - 00000000 ____D () C:\Users\Dennis\AppData\Local\CrashDumps
2014-08-07 10:55 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 04:33 - 2014-08-05 20:48 - 00703740 _____ () C:\Windows\PFRO.log
2014-08-07 04:22 - 2014-08-07 04:20 - 00001985 _____ () C:\Users\Dennis\Desktop\cuts from to broni aug6-2014.txt
2014-08-07 04:17 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-07 04:12 - 2014-08-07 04:02 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 04:10 - 2012-01-26 13:12 - 00000000 ____D () C:\Users\Dennis
2014-08-07 03:59 - 2014-08-07 03:59 - 05568206 ____R (Swearware) C:\Users\Dennis\Desktop\ComboFix.exe
2014-08-07 03:50 - 2014-08-07 02:47 - 00000000 ____D () C:\Users\Dennis\Desktop\mbar
2014-08-07 03:50 - 2014-08-05 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-07 02:49 - 2014-08-05 19:05 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 02:47 - 2014-08-05 19:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 02:45 - 2014-08-07 02:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Dennis\Desktop\mbar-1.07.0.1012.exe
2014-08-07 02:20 - 2014-08-05 21:06 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-07 02:11 - 2014-08-07 02:11 - 04817496 _____ () C:\Users\Dennis\Desktop\RogueKiller.exe
2014-08-07 02:10 - 2014-06-22 20:57 - 00000000 ____D () C:\Users\Dennis\Desktop\Files I Can't Delete
2014-08-07 01:57 - 2012-06-28 22:06 - 00000000 ___RD () C:\Users\Dennis\Desktop\Security and Firewalls Sept07
2014-08-07 01:19 - 2014-08-05 21:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-07 01:19 - 2014-08-05 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 01:19 - 2014-08-03 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2014-08-07 01:19 - 2014-08-02 13:44 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\TP-LINK
2014-08-07 01:19 - 2014-07-14 01:40 - 00000000 ____D () C:\Users\July14-2014\AppData\Roaming\TP-LINK
2014-08-07 01:19 - 2014-07-14 01:39 - 00000000 ____D () C:\Users\July14-2014
2014-08-07 01:19 - 2012-11-19 12:09 - 00000000 ___RD () C:\Users\Dennis\Desktop\Medical July15-2014
2014-08-07 01:19 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-07 01:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-07 01:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-08-07 01:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-07 00:19 - 2014-08-07 00:19 - 00000000 ____D () C:\Users\July14-2014\AppData\Roaming\Insoft LLC
2014-08-07 00:18 - 2014-08-07 00:18 - 00000000 ____D () C:\Users\July14-2014\AppData\Roaming\Logitech
2014-08-05 22:54 - 2014-08-05 22:28 - 00020993 _____ () C:\Users\Dennis\Desktop\New Text Document.txt
2014-08-05 21:10 - 2014-08-05 21:10 - 00000164 _____ () C:\Users\Dennis\Desktop\Rogue Killer Info.url
2014-08-05 20:48 - 2012-01-26 16:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-05 19:05 - 2014-08-05 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-05 19:04 - 2014-08-05 19:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dennis\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-05 19:00 - 2012-06-28 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-05 19:00 - 2012-06-28 22:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-05 17:55 - 2014-08-05 17:55 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-05 17:55 - 2014-08-05 17:55 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-05 17:55 - 2014-08-05 17:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-05 17:55 - 2014-08-05 17:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-05 17:28 - 2014-08-05 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-05 17:25 - 2012-02-25 16:44 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-911639588-1509253152-2454761001-1000Core.job
2014-08-05 16:45 - 2014-08-05 16:45 - 00000000 ____D () C:\Users\Dennis\AppData\Local\Adobe
2014-08-05 00:22 - 2012-02-26 18:36 - 00000000 ___RD () C:\Users\Dennis\Desktop\Games
2014-08-05 00:11 - 2012-07-17 12:11 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-08-04 14:58 - 2011-03-23 01:20 - 00000000 ____D () C:\Program Files (x86)\Acer Games
2014-08-04 14:58 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-04 14:57 - 2011-03-23 01:20 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-04 13:09 - 2014-08-04 13:07 - 00000000 ___RD () C:\Users\Dennis\Desktop\Duplicate Files Aug4-2014
2014-08-04 13:05 - 2013-02-12 14:52 - 00000000 ___RD () C:\Users\Dennis\Desktop\People
2014-08-03 21:23 - 2014-08-03 21:23 - 00000257 _____ () C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2014-08-03 21:23 - 2014-08-03 21:23 - 00000257 _____ () C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2014-08-03 21:23 - 2014-08-03 21:23 - 00000257 _____ () C:\ProgramData\fontcacheev1.dat
2014-08-03 21:22 - 2014-08-03 21:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-03 20:52 - 2014-08-03 20:11 - 00000000 ____D () C:\ProgramData\Auslogics
2014-08-03 20:50 - 2014-08-03 20:50 - 16735688 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dennis\Downloads\boost-speed-setup.exe
2014-08-03 20:38 - 2013-04-13 15:55 - 00000000 ___RD () C:\Users\Dennis\Desktop\TV & Movies
2014-08-03 20:38 - 2012-09-23 20:37 - 00000000 ___RD () C:\Users\Dennis\Desktop\SPORTS Oct30-13
2014-08-03 20:37 - 2014-05-17 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2014-08-03 20:37 - 2013-07-01 12:30 - 00000000 ___RD () C:\Users\Dennis\Desktop\DeskTop Internet Shorts
2014-08-03 20:37 - 2013-03-30 09:58 - 00000000 ___RD () C:\Users\Dennis\Desktop\Articles & Writings Mar30-13
2014-08-03 20:09 - 2014-08-03 20:09 - 06431584 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dennis\Downloads\registry-cleaner-setup.exe
2014-08-03 19:09 - 2013-05-25 17:42 - 00000000 ___RD () C:\Users\Dennis\Desktop\Science
2014-08-03 18:50 - 2014-01-22 15:27 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-08-03 14:41 - 2014-08-03 14:42 - 05338896 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-08-03 14:41 - 2014-08-03 14:41 - 05338896 _____ (PC Cleaners) C:\Users\Dennis\Downloads\app3_Install_eng.exe
2014-08-03 06:07 - 2013-06-02 14:40 - 00000000 ___RD () C:\Users\Dennis\Desktop\Where I've Lived June27-2014
2014-08-03 05:37 - 2014-08-03 05:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dennis\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-03 04:58 - 2011-03-23 01:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-08-03 04:58 - 2011-03-23 01:50 - 00000000 ____D () C:\Program Files\Acer
2014-08-03 04:58 - 2011-03-23 01:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-03 01:35 - 2014-08-03 01:35 - 00985600 _____ () C:\Users\Dennis\Downloads\MicrosoftFixit50123.msi
2014-08-02 22:20 - 2014-06-20 10:02 - 00000000 ___RD () C:\Users\Dennis\Desktop\New Holder June20-2014
2014-08-02 19:18 - 2014-08-02 19:18 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Macromedia
2014-08-02 19:16 - 2011-03-23 01:59 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-02 15:18 - 2014-08-02 15:16 - 00000000 ____D () C:\Temp
2014-08-02 15:06 - 2014-08-02 15:06 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Adobe
2014-08-02 13:45 - 2014-08-02 13:45 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Intel Corporation
2014-08-02 13:45 - 2014-08-02 13:45 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Apple Computer
2014-08-02 13:43 - 2014-08-02 13:43 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Logitech
2014-08-02 02:01 - 2012-07-28 10:39 - 00000000 ___RD () C:\Users\Dennis\Desktop\Intrepid July20-2010
2014-08-02 01:39 - 2012-06-28 21:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-02 00:42 - 2014-08-02 00:42 - 04813544 _____ (Piriform Ltd) C:\Users\Dennis\Downloads\ccsetup416.exe
2014-08-01 19:25 - 2011-03-23 02:05 - 00000000 ____D () C:\Program Files\Common Files\McAfeeFPDetect
2014-08-01 18:27 - 2014-08-01 18:27 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-08-01 18:25 - 2014-02-17 21:35 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-08-01 18:24 - 2014-08-01 18:24 - 00000000 ____D () C:\Program Files\Logitech
2014-08-01 18:24 - 2014-02-17 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-01 18:24 - 2014-02-17 21:35 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-08-01 03:12 - 2014-08-01 03:12 - 00003154 _____ () C:\Windows\System32\Tasks\{11107795-E43B-41AA-B8EC-614D14DD6588}
2014-08-01 03:10 - 2014-08-01 03:09 - 07351376 _____ (Exent Technologies Ltd. ) C:\Users\Dennis\Downloads\FreeRideGamesPlayer.exe
2014-08-01 01:44 - 2014-08-01 00:59 - 00000262 _____ () C:\Users\Dennis\Desktop\malware removal whtsmk.txt
2014-08-01 01:00 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2014-07-31 22:51 - 2014-07-31 22:51 - 00003106 _____ () C:\Windows\System32\Tasks\{64B1B802-3E47-4877-9C9C-D765CD0DCAC1}
2014-07-31 18:41 - 2014-07-31 16:48 - 00000000 ___RD () C:\Users\Dennis\Desktop\Teela has Bugs
2014-07-29 22:24 - 2014-05-30 19:47 - 00000000 ____D () C:\Users\Dennis\Desktop\A to Z temp
2014-07-29 20:45 - 2013-05-02 14:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 20:45 - 2013-05-02 14:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-29 19:38 - 2014-06-10 18:56 - 00000000 ___RD () C:\Users\Dennis\Desktop\Holder Folder for Jade Types
2014-07-29 19:24 - 2012-11-19 17:52 - 00000000 ___RD () C:\Users\Dennis\Desktop\x photos
2014-07-28 12:14 - 2012-10-10 22:09 - 00042717 _____ () C:\Users\Dennis\Desktop\E S-I July28-2014.txt
2014-07-28 12:10 - 2012-11-12 21:39 - 00000000 ____D () C:\Users\Dennis\Desktop\Ancient E-S-I
2014-07-27 20:03 - 2012-08-05 18:05 - 00000000 ___RD () C:\Users\Dennis\Desktop\Jade Type Nasty Nov12-12
2014-07-25 18:02 - 2014-07-25 17:59 - 00000000 ____D () C:\Users\Dennis\Desktop\Clear Stick
2014-07-23 14:36 - 2014-07-23 14:36 - 00001296 _____ () C:\Users\Dennis\Desktop\LL 2014 - Shortcut.lnk
2014-07-23 10:58 - 2013-05-02 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-18 20:52 - 2014-05-02 00:39 - 00000000 ___RD () C:\Users\Dennis\Desktop\DO THIS IMMEDIATELY
2014-07-18 20:51 - 2014-07-18 20:51 - 00003094 _____ () C:\Windows\System32\Tasks\{A4D119AD-C096-4B5C-931B-D49EA0BC455B}
2014-07-18 18:01 - 2014-07-18 18:01 - 04890736 _____ (Piriform Ltd) C:\Users\Dennis\Downloads\spsetup126.exe
2014-07-18 18:01 - 2012-06-28 21:37 - 00000000 ____D () C:\Program Files\Speccy
2014-07-18 17:28 - 2012-02-25 16:45 - 00002374 _____ () C:\Users\Dennis\Desktop\Google Chrome.lnk
2014-07-18 13:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-18 12:24 - 2014-07-14 01:38 - 00000632 __RSH () C:\Users\Dennis\ntuser.pol
2014-07-18 12:24 - 2009-07-13 22:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-17 19:24 - 2014-07-17 19:24 - 04812672 _____ (Piriform Ltd) C:\Users\Dennis\Downloads\ccsetup415.exe
2014-07-17 18:15 - 2014-07-17 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 18:15 - 2014-07-15 23:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 18:15 - 2013-12-17 01:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 18:13 - 2014-07-17 18:13 - 00918952 _____ (Oracle Corporation) C:\Users\Dennis\Downloads\chromeinstall-7u65.exe
2014-07-17 17:18 - 2013-06-21 08:02 - 00000000 ___RD () C:\Users\Dennis\Desktop\Home Projects & Tips
2014-07-17 16:23 - 2014-03-21 15:22 - 00000000 ___RD () C:\Users\Dennis\Desktop\Standard Word Docs & Others
2014-07-16 21:49 - 2012-02-26 13:45 - 00000000 ___RD () C:\Users\Dennis\Desktop\OCHS Versions
2014-07-15 19:31 - 2014-07-15 19:31 - 00929416 _____ (CNET Download.com) C:\Users\Dennis\Downloads\cbsidlm-cbsi188-Free_Ride_Games_Player-SEO-75069474.exe
2014-07-14 17:59 - 2012-12-19 22:54 - 00000000 ___RD () C:\Users\Dennis\Desktop\My Kitty Cats - June12-13
2014-07-14 15:16 - 2014-07-14 15:15 - 11812512 _____ (Exent Technologies Ltd. ) C:\Users\Dennis\Downloads\FreeRideGames (1).exe
2014-07-14 14:38 - 2014-07-14 14:38 - 00851632 _____ (Adobe Systems Incorporated) C:\Users\Dennis\Downloads\uninstall_flash_player.exe
2014-07-14 01:40 - 2014-07-14 01:40 - 00000916 __RSH () C:\Users\July14-2014\ntuser.pol
2014-07-14 01:40 - 2014-07-14 01:40 - 00000000 ____D () C:\Users\July14-2014\AppData\Roaming\Apple Computer
2014-07-14 01:40 - 2014-07-14 01:40 - 00000000 ____D () C:\Users\July14-2014\AppData\Local\VirtualStore
2014-07-14 01:40 - 2014-07-14 01:40 - 00000000 ____D () C:\Users\July14-2014\AppData\Local\EgisTec IPS
2014-07-14 01:40 - 2014-07-14 01:39 - 00086160 _____ () C:\Users\July14-2014\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-14 01:40 - 2014-07-14 01:39 - 00001377 _____ () C:\Users\July14-2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-14 01:38 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-12 18:16 - 2013-05-14 12:12 - 00000000 ___RD () C:\Users\Dennis\Desktop\Contacts July12-2014
2014-07-11 22:19 - 2014-07-11 22:19 - 11812512 _____ (Exent Technologies Ltd. ) C:\Users\Dennis\Downloads\FreeRideGames.exe
2014-07-11 03:02 - 2014-07-17 18:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 18:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 18:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 18:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 12:10 - 2009-07-13 21:45 - 00342664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 12:07 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 12:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 12:00 - 2012-02-11 22:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 11:59 - 2013-08-22 14:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 11:56 - 2012-03-18 14:23 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 16:20 - 2013-02-12 15:53 - 00000000 ___RD () C:\Users\Dennis\Desktop\My Bike
2014-07-09 16:12 - 2014-07-09 16:12 - 00000000 ____D () C:\Users\Dennis\Downloads\Barnett's Bicycle Repair Manual
2014-07-09 13:06 - 2014-01-27 02:10 - 00000000 ___RD () C:\Users\Dennis\Desktop\MAJOR World Categories
2014-07-08 20:42 - 2014-07-08 20:42 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\pclunst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 14:31

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
Ran by Dennis at 2014-08-07 17:11:31
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3 castles (HKLM-x32\...\3 castles) (Version: - )
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1510 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1510 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adguard (HKLM-x32\...\{2dca9b69-b0bd-4039-8cab-80aaffe9d115}) (Version: 5.9.1081.5529 - Insoft LLC)
Adguard (x32 Version: 5.9.1081.5529 - Insoft LLC) Hidden
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Blast Thru Special Edition (HKLM-x32\...\Blast Thru Special Edition) (Version: - )
Bridge (HKLM-x32\...\Bridge) (Version: - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Celestia 1.6.1 (HKLM-x32\...\Celestia_is1) (Version: - Shatters Software)
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
Colors of War Special Edition (HKLM-x32\...\Colors of War Special Edition) (Version: - )
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cribbage (HKLM-x32\...\Cribbage) (Version: - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3817.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dart Mania (HKLM-x32\...\Dart Mania) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Drop (HKLM-x32\...\Drop) (Version: - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eGames Master's Edition 151 (HKLM-x32\...\eGames Master's Edition 151) (Version: - )
Fishing Special Edition (HKLM-x32\...\Fishing Special Edition) (Version: - )
Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - )
Galaxy Explorer (HKLM-x32\...\Galaxy Explorer) (Version: - )
Galaxy of Games 201 (HKLM-x32\...\Galaxy of Games 201) (Version: - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gonzo Heads (HKLM-x32\...\Gonzo Heads) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jigsaw USA Special Edition (HKLM-x32\...\Jigsaw USA Special Edition) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Aces (HKLM-x32\...\Just Aces) (Version: - )
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Krazy 8's (HKLM-x32\...\Krazy 8's) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Mix Foto (HKLM-x32\...\Max Mix Foto) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Milton Bradley Classic Board Games (HKLM-x32\...\ClassicBoard) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MVP Word Search (HKLM-x32\...\MVP Word Search) (Version: - )
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
NASA World Wind 1.4 (HKLM-x32\...\NASA World Wind 1.4) (Version: - )
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Night Sky Explorer (HKLM-x32\...\Night Sky Explorer) (Version: - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Puzzle Master 2 Special Edition (HKLM-x32\...\Puzzle Master 2 Special Edition) (Version: - )
QSS Installation Program (HKLM-x32\...\{153898EE-EECA-471E-8E33-C8485EA84C07}) (Version: 7.0 - TP-LINK)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Rings of the Magi (HKLM-x32\...\Rings of the Magi) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellarium 0.12.4 (HKLM-x32\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
TP-LINK TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WorldWide Telescope Add-in for Excel (HKLM-x32\...\{8AC4CA26-65CF-49CF-8E6E-7F2ABFDB48C2}) (Version: 1.0.8.0 - Microsoft Research)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-911639588-1509253152-2454761001-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-911639588-1509253152-2454761001-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-911639588-1509253152-2454761001-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

03-08-2014 08:36:49 Installed Microsoft Fix it 50123
03-08-2014 11:57:55 Removed Acer Updater
03-08-2014 20:18:20 Windows Modules Installer
04-08-2014 00:46:09 Removed Apple Software Update
04-08-2014 00:48:56 Removed Apple Application Support
04-08-2014 00:59:54 Removed QuickTime 7
04-08-2014 01:14:45 Removed Broadcom Gigabit NetLink Controller.
06-08-2014 00:34:50 Windows Update
06-08-2014 03:44:15 avast! antivirus system restore point
06-08-2014 04:23:24 After Rogue Killer & Before Malware Anti-Rootkit
07-08-2014 08:12:59 Restore Operation
07-08-2014 09:43:04 2nd Restore after Rogue Killer & Before 2nd Mbar

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-08-07 04:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1084F680-04AF-4F3F-BC5D-73E785A50B58} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-911639588-1509253152-2454761001-1000Core => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: {15B06BC4-ED1B-4DF2-9B47-4852F04F261C} - System32\Tasks\{941F0430-FBEB-4A3C-8A79-41178C580CBB} => C:\Program Files (x86)\Galaxy Explorer\starrynight.exe [2003-09-11] ()
Task: {326B26E9-E85C-4800-8953-F902EDC803F1} - System32\Tasks\{8CF046B7-9C02-42DA-AD3B-BEA013175303} => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2011-11-18] ()
Task: {3CD5EEFE-8D07-456D-ACED-638F8F7C2076} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-911639588-1509253152-2454761001-1000UA => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: {7AF07401-124C-4C24-BD19-13F1782E5CF2} - System32\Tasks\{EE833980-AB5B-4695-812E-D157F4BEDC71} => C:\Program Files (x86)\Galaxy Explorer\starrynight.exe [2003-09-11] ()
Task: {7BF2DAF5-7411-4AC6-AA38-CC73AB6767A2} - \SidebarExecute No Task File <==== ATTENTION
Task: {99F236CF-12BB-4B55-8DC6-C9C2E54EF1B3} - System32\Tasks\{E3A8EEEA-8024-4FDD-BF04-DBDF35256C3D} => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2011-11-18] ()
Task: {BE4CAD04-D103-4E87-BC28-24D8299229A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {C391068B-B784-44D7-95C0-CD2625B8B5D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {D9BA9909-061B-4187-9101-93AF663C9F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-911639588-1509253152-2454761001-1000Core.job => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-911639588-1509253152-2454761001-1000UA.job => C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-24 00:29 - 2014-06-24 00:29 - 01230568 _____ () C:\Program Files (x86)\Adguard\ProtocolFilters.DLL
2014-06-24 00:29 - 2014-06-24 00:29 - 00104168 _____ () C:\Program Files (x86)\Adguard\nfapi.DLL
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2011-03-23 01:51 - 2009-05-19 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-02-15 05:15 - 2014-02-15 05:15 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2011-03-23 01:07 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-07-18 17:28 - 2014-07-15 02:24 - 00718664 _____ () C:\Users\Dennis\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 17:28 - 2014-07-15 02:24 - 00126280 _____ () C:\Users\Dennis\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 17:28 - 2014-07-15 02:24 - 08537928 _____ () C:\Users\Dennis\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 17:28 - 2014-07-15 02:24 - 00353096 _____ () C:\Users\Dennis\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 17:28 - 2014-07-15 02:24 - 01732936 _____ () C:\Users\Dennis\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 17:28 - 2014-07-15 02:24 - 14664008 _____ () C:\Users\Dennis\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:7AA6FC81
AlternateDataStreams: C:\ProgramData\Temp:98DFF516
AlternateDataStreams: C:\ProgramData\Temp:C98828D3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Software Updater Service => 2
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/07/2014 04:50:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/07/2014 04:21:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/07/2014 04:19:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-08-07 04:10:37.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-07 04:10:37.655
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 5814.71 MB
Available physical RAM: 3143.59 MB
Total Pagefile: 11627.59 MB
Available Pagefile: 9062.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:581.07 GB) (Free:324.7 GB) NTFS
Drive d: (MBCLASSIC) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 0C5461D0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.5 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2014
Ran by Dennis at 2014-08-07 18:14:34 Run:1
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-911639588-1509253152-2454761001-1166\User: Group Policy restriction detected <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
S4 Software Updater Service; "C:\Users\Dennis\AppData\Roaming\Software Updater\SoftwareUpdate.exe" /run "/aff_id=1001" "/app_id=Download-AdobeFlashPlayer" [X]
C:\Users\Dennis\AppData\Roaming\Software Updater
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\pclunst.exe
Task: {7BF2DAF5-7411-4AC6-AA38-CC73AB6767A2} - \SidebarExecute No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:7AA6FC81
AlternateDataStreams: C:\ProgramData\Temp:98DFF516
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-911639588-1509253152-2454761001-1166\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
Software Updater Service => Service deleted successfully.
"C:\Users\Dennis\AppData\Roaming\Software Updater" => File/Directory not found.
catchme => Service deleted successfully.
k57nd60a => Service deleted successfully.
X5XSEx => Service deleted successfully.
X5XSEx_Pr143 => Service deleted successfully.
C:\ProgramData\fontcacheev1.dat => Moved successfully.
C:\ProgramData\pclunst.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BF2DAF5-7411-4AC6-AA38-CC73AB6767A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BF2DAF5-7411-4AC6-AA38-CC73AB6767A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => Key deleted successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\Temp => ":7AA6FC81" ADS removed successfully.
C:\ProgramData\Temp => ":98DFF516" ADS removed successfully.
C:\ProgramData\Temp => ":C98828D3" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====
 
Good.
Is the updater message gone?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni ...

The Updater message was gone days ago. I sent you this post telling you about it:

=============== Complete Post ======================

Hello,


I did an internet search to try to find out how to find and disable Microsoft Security Essentials (Windows Defender). I was directed by one advice to go to msconfig --> startup. It wasn't there. Another had me go to msconfig --> Services. There it was, but right in the neighbourhood was a strange item, Software Updater Service, supplied by Auto-Update.me

It looked suspiciously close to the program that seemed to be causing all the trouble. I saw that it was running, so I stopped it. I haven't had that popup since.


Start --> All Programs --> Msconfig --> Services tab


Service Manufacturer Status Date Disabled

Software Updater Service Auto-Update.me Stopped 8/04/14 8:43:32 PM


After I completed that task, I thought my problem was fixed with no need for further help from you. But then I was no longer able to access certain files because of permissions. I am the admisnistrator and only user on this laptop, although it looks like I've created some other user in the past.

I'm in way over my head and have no idea what's going on or what I'm doing. I think my computer problems are more widespread that the simple popup annoyance that got me writing to you in the first place.



================== End Post ======================

I.m on my way to the next steps you just sent ...

Again, thank you so much for all the work you've done.

Dennis
 
Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 60
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 21-07-2014
Ran by Dennis (administrator) on 07-08-2014 at 18:46:56
Running from "C:\Users\Dennis\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys
[2014-07-10 11:52] - [2014-05-29 23:45] - 0497152 ____A (Microsoft Corporation) FA886682CFC5D36718D3E436AACF10B9

C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 396 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dennis
->Temp folder emptied: 177975 bytes
->Temporary Internet Files folder emptied: 217372344 bytes
->Java cache emptied: 6070603 bytes
->Google Chrome cache emptied: 354071119 bytes
->Flash cache emptied: 446 bytes

User: July14-2014
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 195 bytes
->Flash cache emptied: 57868 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 257 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1848 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10844423 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 16910066 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 2094080 bytes
Process complete!

Total Files Cleaned = 579.00 mb
 
I have ESET ready to go. Since I use Chrome, I had to download the ESET installer.

It also tells me it has detected MSE, but it's already disabled.

There are 2 radio buttons, both unchecked:

- Enable detection of potentially unwanted applications
- Disable detection of potentially unwanted applications

What do I do with these?
 
In ESET, there are also advanced settings with checkboxes:

- Remove found threats (checked)
- Scan archives (unchecked)
- Scan for potentially unsafe applications (unchecked)
- Enable Anti-Stealth technology (checked)

I need to know how you want these checkboxes.
 
It doesn't look like anything's happening. ESET is still on step 1, but task manager says ESET is running. It's been 1.5 hours since I started running ESET.
 
Hey Broni ... I love the thumbs up, but you're probably not going to want to hear this ...

When I got up this morning, ESET was still stuck on step 1 so I tried to stop it, uninstall it, and run it again. That was 4 hours ago and it's still on step 1 of 4.

Is this that important? It doesn't seem to be doing anything. There should be something on the ESET window that shows a progress bar or gives some kind of indication that it's actually working.

Task bar showed it was running, but could that just have meant the open window was running?

So ... what now?
 
Please run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Click on Run now button.
    NOTE. If you're using non-IE browser you'll be asked to download small file (F-SecureOnlineScanner.exe). After downloading double click on the file to run the scan.
  • Click on Start button.
  • Click on "Accept" button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
I ran F-Secure as per your instructions. It completed in less than 5 minutes and showed nothing harmful.

Even though I'm using Google Chrome, I was not asked to download the small installer program ... I had to with ESET.

I was never given the Step 3 - Clean Files option.

There also was not a "Full Report" button.
 
redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Okay, Broni, got finished all the latest instructions except the reading part. I've copied the links (all our correspondence, in fact) and I'll get to it soon.

These past few days have been exhausting and I just want to be able to start using my computer again.

I'm usually very careful when I go online, but even when users like me don't know much, we still proceed anyway and sometimes get hit with nasty stuff.

I imagine you found a lot of stuff that shouldn't have been on my computer, but it's experts like you who put it there in the first place. Only they're experts who like to cause problems for people like me. And then we need to talk to experts like you.

Is this the time now to talk about "PERMISSIONS"?
 
I tried to find out how to fix this problem myself and was successful a time or 2, but I keep running into another case -- it seems to be never-ending. I would like to be able to do a single fix so it never happens again. I don't want to go through the many steps with ownership/security/etc every time the problem surfaces. Especially when I don't think I went through that many steps to set permissions in the first place.

Like I told you during the cleaning process, I'm the Administrator and only user for this laptop. I think I created another user account in the past in case someone wanted to use my computer and I didn't want them to have access to everything in my user account.

Here are some examples of instances when the problem happens.

------------------------------------------------------------------

In Desktop --> Computer Tips & Comp Misc

mbar - 1st time we ran it

I couldn't move or delete this file.

After we were finished cleaning my computer, no problem

------------------------------------------------------------------

This is a typical example:

Desktop --> Folder (Ancient ESI) -->

Notepad

My New Song - PLEASE TELL ME I'M WRONG Oct18-13


This Notepad ended up in a wrong folder.


When I try to open it by double clicking OR right click --> open, an error message says:
Access is Denied

When I tried to move it by copy/paste, an error message says:

You need permission to perform this action.
You require permission from Dennis-PC\Dennis to make changes to this file
then it shows filename and details
There are 2 buttons below:
Try Again Cancel


Clicking on properties (General tab), and in Attributes, the checkbox is CHECKED for Read Only (Only applies to files in folder)

Security tab --> Group or user names
No permissions have been assigned for this object.
Warning: ...


When I removed the check mark and closed properties, then opened properties again, the check mark was back beside Read Only

IF I TRY TO CLICK/DRAG to my desktop, I can open the Notepad and do anything I want to the Notepad file.

------------------------------------------------------------------

Other problems happen when I'm online and try to copy a picture.

Right click --> save as --> anyname.jpg

error message says I don't have permission to save in that location


if I try to save another picture from the same web site to the same location , with a different filename, I'm successful.

------------------------------------------------------------------

I tried to delete a shortcut to an online game in my Games folder

error message said I did not have the permission

When you fixed my computer, I could delete it.

------------------------------------------------------------------
 
Back