Endless wait circle #2

[OCD]

Hi Samwise,

I do not currently have an antivirus program.

I can't stress enough that you need to have an Anti-Virus program installed and running at all times if you are on the Internet. You can try one of the free programs below until you work through this issue with SpyBot.

AntiVirus Program
As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials
Avast

= = = = = = = = = = = = = = = = = = = =

C:\windows\system32\msiexec.exe I allowed this before system restore, how about now?

This is Microsoft's Windows Installer program, which processes product installation files in the.MSI format. It normally appears only when invoked by double-clicking on a .MSI file (or having one run automatically as part of an installation process.) Don't terminate this process if it is present, or you will likely mess up an installation in progress.

You should set your firewall to allow this file. Sometimes after malware removal we have to re-teach our security software how to handle certain files.

= = = = = = = = = = = = = = = = = = = =

time to update Itunes software" Following the advice from this forum, I always try to keep all software up to date when prompted.

Yes, keeping software up to date is a good practice. We will look further into iTunes after we resolve the other issues.

= = = = = = = = = = = = = = = = = = = =

OK, a few questions to clarify where we are at the moment:

1. Was the browser log in issue you mentioned above isolated to this website?
2. Adobe is installed w/o McAfee, correct? - Have you encountered any issues?
3. Is Spybot currently installed?

= = = = = = = = = = = = = = = = = = = =

Steps to take:

1. Uninstall Spybot if you haven't already done so, reboot.
2. Install an Anti-Virus, reboot.
3. Are you receiving any error messages at this time? If so take a screenshot or write down the error message to include in your next reply.

= = = = = = = = = = = = = = = = = = = =

I would like you to run this scan to make sure nothing has repopulated after using System Restore.

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

• Answer's to the questions asked.
• FRST.txt
• Addition.txt

[Samwise]

Here are my partial responses before rebooting:

Hi Samwise,

I can't stress enough that you need to have an Anti-Virus program installed and running at all times if you are on the Internet. You can try one of the free programs below until you work through this issue with SpyBot.

AntiVirus Program
As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials I went to install this and it said it was already installed.
Avast

= = = = = = = = = = = = = = = = = = = =



This is Microsoft's Windows Installer program, which processes product installation files in the.MSI format. It normally appears only when invoked by double-clicking on a .MSI file (or having one run automatically as part of an installation process.) Don't terminate this process if it is present, or you will likely mess up an installation in progress.

You should set your firewall to allow this file. Sometimes after malware removal we have to re-teach our security software how to handle certain files. Okay

= = = = = = = = = = = = = = = = = = = =

Yes, keeping software up to date is a good practice. We will look further into iTunes after we resolve the other issues. Okay

= = = = = = = = = = = = = = = = = = = =

OK, a few questions to clarify where we are at the moment:

1. Was the browser log in issue you mentioned above isolated to this website? Yes, it said "database to get to web site not found and error establishing a database" Actually this is what made me re-intall spybot, because I thought I could connect through spybot's help link, but it did not work. I thought maybe you guys were offline for some reason.
2. Adobe is installed w/o McAfee, correct? - Have you encountered any issues? Adobe seemed to work fine, I needed it for some pdf docs. When it was installing I noticed it trying to install mcaffee and tried to cancel it. For some reason it cancelled mcaffee but installed adobe.
3. Is Spybot currently installed? It shouldn't be installed although a search seems to show an older version. I also did a scan and immunization once I re-installed it.

= = = = = = = = = = = = = = = = = = = =

Steps to take:

1. Uninstall Spybot if you haven't already done so, reboot. Okay, it was not in the uninstall list of programs so it must be gone. There is an old file called spyware blaster from 2011.
2. Install an Anti-Virus, reboot.
3. Are you receiving any error messages at this time? If so take a screenshot or write down the error message to include in your next reply.

= = = = = = = = = = = = = = = = = = = =

I would like you to run this scan to make sure nothing has repopulated after using System Restore.

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

• Answer's to the questions asked.
• FRST.txt
• Addition.txt

[Samwise]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by John (administrator) on SAMIAM-PC on 15-02-2014 14:13:38
Running from C:\Users\John\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAhlp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files (x86)\Online Armor\OAui.exe [7558464 2014-01-26] (Emsisoft GmbH)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [SPIRunE] - Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Memeo Backup Premium] - C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe [136416 2010-07-28] (Memeo Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [EMET Notifier] - C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1190624232-1164676516-3757976289-1000\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1190624232-1164676516-3757976289-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1190624232-1164676516-3757976289-1000\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-1190624232-1164676516-3757976289-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1100120 2013-03-20] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B0166BFD00BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0C1ECA7F-6B3A-43FB-BFE1-AEC8654036A0} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {C5006BF6-4F86-47E8-93C1-9D838643AD2C} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
DPF: HKLM-x32 {29C885DE-E209-4832-9387-E4A986A60B89} https://www1.laurisonline.com/scanning/IWWebGetSig.CAB
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://myhrweb.tmhs.org/+CSCOL+/relayp.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.tmhs.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {699F5A74-6F8A-4AC8-B88A-B992A09A0A6D} https://www1.laurisonline.com/scanni...bScanSmall.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {75C38814-0319-44E3-8FE8-41042ACCD180} https://www1.laurisonline.com/scanni...ebGetVoice.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofil...SystemLite.CAB
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\266lf5zo.default-1388406428191
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\266lf5zo.default-1388406428191\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-24]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\266lf5zo.default-1388406428191\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [186200 2013-03-20] (Garmin Ltd or its subsidiaries)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
S2 MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [25824 2010-07-28] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2014-01-26] (Emsisoft GmbH)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2014-01-26] (Emsisoft GmbH)
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2014-01-26] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2014-01-26] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2014-01-26] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2014-01-26] (Emsisoft)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 14:13 - 2014-02-15 14:13 - 00023017 _____ () C:\Users\John\Downloads\FRST.txt
2014-02-15 14:12 - 2014-02-15 14:13 - 00000000 ____D () C:\FRST
2014-02-15 14:12 - 2014-02-15 14:12 - 02152960 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-15 14:12 - 2014-02-15 14:12 - 02152960 _____ (Farbar) C:\Users\John\Downloads\FRST64(1).exe
2014-02-15 13:52 - 2014-02-15 13:52 - 13670584 _____ (Microsoft Corporation) C:\Users\John\Downloads\mseinstall(3).exe
2014-02-15 12:35 - 2014-02-15 12:35 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-15 11:38 - 2014-02-15 11:41 - 00000000 ____D () C:\3f36c4d9689e4843352e9a94080d05b3
2014-02-15 03:09 - 2014-02-15 03:12 - 00000000 ____D () C:\0c378261dcaff05fc93ca17e9a
2014-02-15 03:06 - 2014-02-15 03:09 - 00000000 ____D () C:\249c6060b3580f371cb7eb1cf8
2014-02-14 03:00 - 2014-02-14 03:04 - 00000000 ____D () C:\8647feed28fa7470a2d6e1f2795c60
2014-02-13 03:06 - 2014-02-13 03:08 - 00000000 ____D () C:\4218f922e2c92d124ae48a
2014-02-13 03:03 - 2014-02-13 03:05 - 00000000 ____D () C:\3665ad80702030052f87adff89a55f
2014-01-24 18:40 - 2014-02-15 11:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-24 18:40 - 2014-01-24 18:40 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-24 18:39 - 2014-01-24 18:39 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-24 18:39 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 18:39 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-24 18:39 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-24 18:39 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-24 18:29 - 2014-01-24 18:36 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-01-24 18:29 - 2014-01-24 18:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\OnlineArmor
2014-01-24 18:28 - 2014-01-29 16:41 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-01-24 18:28 - 2014-01-26 03:01 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
2014-01-24 18:28 - 2014-01-26 03:01 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
2014-01-24 18:28 - 2014-01-26 03:01 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
2014-01-24 18:28 - 2014-01-26 03:01 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-01-24 18:27 - 2014-01-24 18:27 - 30185256 _____ (Emsisoft GmbH ) C:\Users\John\Downloads\OnlineArmorSetup(1).exe
2014-01-24 18:26 - 2014-01-24 18:27 - 30185256 _____ (Emsisoft GmbH ) C:\Users\John\Downloads\OnlineArmorSetup.exe
2014-01-24 08:14 - 2014-01-24 08:14 - 00282992 _____ (Mozilla) C:\Users\John\Downloads\Firefox Setup Stub 26.0(1).exe
2014-01-24 08:13 - 2014-01-24 08:20 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla
2014-01-24 08:12 - 2014-02-15 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-24 08:12 - 2014-01-24 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 08:12 - 2014-01-24 08:16 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-23 18:41 - 2014-01-23 18:41 - 00282992 _____ (Mozilla) C:\Users\John\Downloads\Firefox Setup Stub 26.0 (1).exe
2014-01-23 18:16 - 2014-01-23 18:16 - 00282992 _____ (Mozilla) C:\Users\John\Downloads\Firefox Setup Stub 26.0.exe

==================== One Month Modified Files and Folders =======

2014-02-15 14:13 - 2014-02-15 14:13 - 00023017 _____ () C:\Users\John\Downloads\FRST.txt
2014-02-15 14:13 - 2014-02-15 14:12 - 00000000 ____D () C:\FRST
2014-02-15 14:13 - 2009-07-13 23:45 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 14:13 - 2009-07-13 23:45 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 14:12 - 2014-02-15 14:12 - 02152960 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-15 14:12 - 2014-02-15 14:12 - 02152960 _____ (Farbar) C:\Users\John\Downloads\FRST64(1).exe
2014-02-15 14:11 - 2009-07-14 00:10 - 01554876 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 14:10 - 2013-12-27 18:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-15 14:09 - 2014-01-24 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 14:07 - 2011-02-01 17:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 14:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 14:06 - 2009-07-13 23:51 - 00080868 _____ () C:\Windows\setupact.log
2014-02-15 13:53 - 2011-07-31 10:26 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-02-15 13:52 - 2014-02-15 13:52 - 13670584 _____ (Microsoft Corporation) C:\Users\John\Downloads\mseinstall(3).exe
2014-02-15 13:48 - 2011-02-01 17:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 13:35 - 2012-10-20 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-15 12:35 - 2014-02-15 12:35 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-15 12:35 - 2012-10-20 12:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-15 12:35 - 2012-10-20 12:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 12:35 - 2011-05-16 20:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 11:41 - 2014-02-15 11:38 - 00000000 ____D () C:\3f36c4d9689e4843352e9a94080d05b3
2014-02-15 11:30 - 2011-01-19 21:34 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-15 11:27 - 2013-09-21 10:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 11:25 - 2011-01-25 17:42 - 00000000 ____D () C:\Users\John
2014-02-15 11:24 - 2014-01-24 18:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-15 11:24 - 2011-02-10 16:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 11:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-15 11:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-02-15 03:12 - 2014-02-15 03:09 - 00000000 ____D () C:\0c378261dcaff05fc93ca17e9a
2014-02-15 03:09 - 2014-02-15 03:06 - 00000000 ____D () C:\249c6060b3580f371cb7eb1cf8
2014-02-14 08:45 - 2011-07-23 15:54 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-02-14 08:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-14 08:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 08:43 - 2012-06-25 06:33 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-14 08:43 - 2011-02-06 16:29 - 00000000 ____D () C:\ProgramData\Apple
2014-02-14 08:43 - 2011-01-19 21:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-14 08:42 - 2012-10-20 12:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-14 08:42 - 2011-05-14 14:26 - 00000000 ___RD () C:\MSOCache
2014-02-14 03:04 - 2014-02-14 03:00 - 00000000 ____D () C:\8647feed28fa7470a2d6e1f2795c60
2014-02-13 14:34 - 2011-01-26 16:50 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-02-13 03:08 - 2014-02-13 03:06 - 00000000 ____D () C:\4218f922e2c92d124ae48a
2014-02-13 03:05 - 2014-02-13 03:03 - 00000000 ____D () C:\3665ad80702030052f87adff89a55f
2014-01-30 03:01 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-30 03:00 - 2011-01-30 08:51 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-29 16:41 - 2014-01-24 18:28 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-01-26 03:01 - 2014-01-24 18:28 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
2014-01-26 03:01 - 2014-01-24 18:28 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
2014-01-26 03:01 - 2014-01-24 18:28 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
2014-01-26 03:01 - 2014-01-24 18:28 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-01-25 09:09 - 2013-12-27 13:02 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-01-24 18:40 - 2014-01-24 18:40 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-24 18:40 - 2013-10-20 10:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-24 18:39 - 2014-01-24 18:39 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-24 18:39 - 2011-01-19 21:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-24 18:36 - 2014-01-24 18:29 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-01-24 18:33 - 2014-01-24 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 18:33 - 2011-01-19 23:10 - 00321520 _____ () C:\Windows\PFRO.log
2014-01-24 18:29 - 2014-01-24 18:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\OnlineArmor
2014-01-24 18:27 - 2014-01-24 18:27 - 30185256 _____ (Emsisoft GmbH ) C:\Users\John\Downloads\OnlineArmorSetup(1).exe
2014-01-24 18:27 - 2014-01-24 18:26 - 30185256 _____ (Emsisoft GmbH ) C:\Users\John\Downloads\OnlineArmorSetup.exe
2014-01-24 08:20 - 2014-01-24 08:13 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla
2014-01-24 08:16 - 2014-01-24 08:12 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-24 08:14 - 2014-01-24 08:14 - 00282992 _____ (Mozilla) C:\Users\John\Downloads\Firefox Setup Stub 26.0(1).exe
2014-01-23 18:41 - 2014-01-23 18:41 - 00282992 _____ (Mozilla) C:\Users\John\Downloads\Firefox Setup Stub 26.0 (1).exe
2014-01-23 18:28 - 2009-07-14 00:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-23 18:16 - 2014-01-23 18:16 - 00282992 _____ (Mozilla) C:\Users\John\Downloads\Firefox Setup Stub 26.0.exe
2014-01-19 02:33 - 2011-08-06 22:09 - 00270496 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 03:18 - 2009-07-13 23:45 - 03479968 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\mssinstaller.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 14:11

==================== End Of Log ============================

[Samwise]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by John at 2014-02-15 14:14:05
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

Accidental Damage Services Agreement (x32 Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 10 Plugin 64-bit (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.7.637 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (x32 Version: 2.010.0517.1741 - )
Bing Bar (x32 Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BUFFALO HD-WIU2/R1 RAID Setup Utility (x32 Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0517.1742.29870 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help English (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help French (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help German (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
ccc-utility64 (Version: 2010.0517.1742.29870 - ATI) Hidden
Cisco AnyConnect VPN Client (x32 Version: 2.3.2016 - Cisco Systems, Inc.)
Consumer In-Home Service Agreement (x32 Version: 2.0.0 - Dell Inc.)
Cozi (x32 Version: 1.0.4323.24051 - Cozi Group, Inc.)
Creative Audio Control Panel (x32 Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version: - Creative Technology Limited)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dell DataSafe Online (x32 Version: 2.8.1.10 - Dell)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (x32 Version: 1.4.156.0 - Fingertapps)
Dell PhotoStage (x32 Version: 1.5.0.130 - ArcSoft)
Dell Stage (x32 Version: 1.7.209.0 - Fingertapps)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (Version: 5.60.48.35 - Dell Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
EMET (x32 Version: 3.0.0 - Microsoft)
ESET Online Scanner v3 (x32 Version: - )
Garmin Express Tray (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToAssist Corporate (x32 Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Host OpenAL (x32 Version: 1.00 - Creative Technology Limited)
iCloud (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation)
Internet TV for Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (x32 Version: 2.1.121.2 - McAfee, Inc.)
Memeo Backup Premium (x32 Version: 4.60.0.7494 - Memeo Inc.)
Memeo LifeAgent Explorer Extension (Version: 3.00.71 - Memeo Inc) Hidden
Memeo LifeAgent Explorer Extension (x32 Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (Version: 3.4.6361.48 - PC-Doctor, Inc.)
NEF Codec (x32 Version: 1.00.0000 - Nikon)
Netflix in Windows Media Center (x32 Version: 3.3.101.0 - Microsoft Corporation)
Nikon File Uploader 2 (x32 Version: 2.0.2 - Nikon)
Nikon Message Center 2 (x32 Version: 2.0.1 - Nikon)
OFFLINE FORMS (x32 Version: 1.0.0 - Integrated Imaging)
Online Armor 6.0 (x32 Version: 6.0 - Emsisoft GmbH)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picture Control Utility (x32 Version: 1.2.1 - Nikon)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8 - VS Revo Group, Ltd.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8.57.4 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skins (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Skype Toolbars (x32 Version: 1.0.4051 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (x32 Version: 1.0 - Creative Technology Limited)
SPORE™ (x32 Version: 1.00.0000 - Electronic Arts)
SpywareBlaster 4.4 (x32 Version: 4.4.0 - Javacool Software LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (x32 Version: 4.5.1.0 - Husdawg, LLC)
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.1.1 - Tweaking.com)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
USER ACCESS (x32 Version: 3.8.3 - Integrated Imaging)
ViewNX 2 (x32 Version: 2.0.2 - Nikon)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (x32 Version: 4.1.2.0 - Microsoft Corporation)
WOT for Internet Explorer (x32 Version: 11.7.20.0 - WOT Services Oy)

==================== Restore Points =========================

15-02-2014 16:32:58 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-01-09 16:51 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0CC0C9FA-EAC5-4B10-B107-F92297946183} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-15] (Adobe Systems Incorporated)
Task: {6F10CC9C-D399-498F-915D-710F31A8030E} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {B244D0F1-88E9-4F3A-9659-106EDC509AF3} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {B46301F8-5F1D-4926-AC94-BF97E27333E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {C58C871C-9848-4E53-B901-705AFA7D5C62} - System32\Tasks\{3D81A1A2-C639-4539-B47A-CBC563201042} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {C890559E-9AFE-4C78-AEA0-74F1F7C4ECFE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D2545408-68B6-47D9-A22D-6F0839D368C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D42BE681-3D59-442C-A003-89DB8C85C925} - System32\Tasks\{E6FBEF0B-AC3E-4B6D-AEC1-9AA97927B0E0} => C:\Program Files (x86)\ERUNT\ERUNT.EXE
Task: {D82FCD24-AED1-4D34-B403-40755C56CDE1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DAAE7D6B-B818-458B-B4DD-81826C985A30} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-11-06] (PC-Doctor, Inc.)
Task: {E1572735-A4A1-4915-8588-69B52B19F78A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E4841969-8D22-4C66-8A93-C5E09E6D8E1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01] (Google Inc.)
Task: {F6E655A5-A54D-42C8-AA8D-BCBA3CF0169B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 13:17 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-19 21:16 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2011-01-19 21:16 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2011-01-19 21:16 - 2009-08-26 04:29 - 00150016 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2010-07-28 12:09 - 2010-07-28 12:09 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.UI.dll
2010-07-28 12:09 - 2010-07-28 12:09 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.DriveDetection.dll
2010-04-05 13:52 - 2010-04-05 13:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackupPro\sqlite3.DLL
2014-01-24 08:12 - 2014-02-15 14:09 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-15 02:39 - 2013-08-15 02:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll
2011-01-19 21:19 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"

==================== Faulty Device Manager Devices =============

Name: Hook Test Driver
Description: Hook Test Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SDHookDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2014 11:58:34 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/15/2014 11:41:06 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2898869' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2898869_20140215_113832568-Microsoft .NET Framework 4.5.1-MSP0.txt.

Error: (02/15/2014 11:41:06 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value Assembly to key \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (02/15/2014 11:39:54 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2898869' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2898869_20140215_113832568-Microsoft .NET Framework 4.5.1-MSP0.txt.

Error: (02/15/2014 11:39:53 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value Assembly to key \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (02/15/2014 11:38:23 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2901126' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2901126_20140215_113451762-Microsoft .NET Framework 4.5.1-MSP0.txt.

Error: (02/15/2014 11:38:22 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value RuntimeVersion to key \Software\Classes\CLSID\{B71E484D-93ED-4B56-BFB9-CEED5134822B}\InprocServer32\10.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (02/15/2014 11:37:08 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2901126' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2901126_20140215_113451762-Microsoft .NET Framework 4.5.1-MSP0.txt.

Error: (02/15/2014 11:37:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value RuntimeVersion to key \Software\Classes\CLSID\{B71E484D-93ED-4B56-BFB9-CEED5134822B}\InprocServer32\10.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (02/15/2014 11:33:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/15/2014 02:08:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SDHookDriver

Error: (02/15/2014 02:08:20 PM) (Source: Service Control Manager) (User: )
Description: The MemeoBackgroundService service terminated unexpectedly. It has done this 1 time(s).

Error: (02/15/2014 02:07:18 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (02/15/2014 02:07:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (02/15/2014 02:06:37 PM) (Source: Service Control Manager) (User: )
Description: The Avira Realtime Protection service failed to start due to the following error:
%%2

Error: (02/15/2014 02:06:35 PM) (Source: Service Control Manager) (User: )
Description: The Avira Scheduler service failed to start due to the following error:
%%2

Error: (02/15/2014 11:41:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5.1 on Windows 7, Vista, Server 2008, and Server 2008 R2 for x64 (KB2898869).

Error: (02/15/2014 11:39:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.3973.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/15/2014 11:39:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.3973.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/15/2014 11:39:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.3973.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (02/15/2014 11:58:34 AM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (02/15/2014 11:41:06 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB28988691603C:\Windows\TEMP\KB2898869_20140215_113832568-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)

Error: (02/15/2014 11:41:06 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value Assembly to key \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2014 11:39:54 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB28988691603C:\Windows\TEMP\KB2898869_20140215_113832568-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)

Error: (02/15/2014 11:39:53 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value Assembly to key \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2014 11:38:23 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB29011261603C:\Windows\TEMP\KB2901126_20140215_113451762-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)

Error: (02/15/2014 11:38:22 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value RuntimeVersion to key \Software\Classes\CLSID\{B71E484D-93ED-4B56-BFB9-CEED5134822B}\InprocServer32\10.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2014 11:37:08 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB29011261603C:\Windows\TEMP\KB2901126_20140215_113451762-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)

Error: (02/15/2014 11:37:07 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- Error 1406. Could not write value RuntimeVersion to key \Software\Classes\CLSID\{B71E484D-93ED-4B56-BFB9-CEED5134822B}\InprocServer32\10.0.0.0. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/15/2014 11:33:23 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe


CodeIntegrity Errors:
===================================
Date: 2014-02-15 11:15:08.821
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 09:49:00.145
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 09:19:34.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-09 13:38:05.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-09 12:31:41.204
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-09 12:05:13.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-09 10:35:09.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-09 10:12:53.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-08 19:19:57.215
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-01-08 19:07:45.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8174.46 MB
Available physical RAM: 5567.98 MB
Total Pagefile: 16347.09 MB
Available Pagefile: 13639.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:712.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Samwise]

Hopefully you found my other responses, they bled into your quotes.

I rebooted and got these two messages, which I now remember came up after the system restore as well:

Could not load file or assembly
'sorrtbls.nlp'
or one of its dependencies. The system cannot find the file specified.

It had an okay button that I was able to click.

EMET Notifier
EMET notifier has stopped working-Windows is checking for a solution to the problem.

This one had one of those green wait bars and it eventually went away on its own.

[Samwise]

I was not able to run it as system administrator as it opened right up vs. having a desktop icon.

[OCD]

Hi Samwise,

We have a few issues to deal with here.

Hopefully you found my other responses, they bled into your quotes.
1. Yes, I did find your replies. In the future if you need to quote the question, highlight your reply in a different color text so it will not be overlooked.

=========================

2. Spybot appears to be encountering an issue on boot up. Let's ensure all remnants of Spybot are removed.

=========================

If you need to re-download this the link is provided.

Revo Uninstaller Pro

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• From the list of programs click on
  Spybot - Search & Destroy 2
  Spybot - Search & Destroy
• Chose "Uninstall". When prompted click Yes.
• Make sure the advanced option is checked... then click Next.
• The program will run, when prompted... click Yes... then Next.
• Once the program has searched for leftovers click Next.
• Check ONLY the bolded items on the list then... click Next... then Yes.
• When done click Finish.

=========================

Download the McAfee Consumer Product Removal tool and run it.

MCPR.exe

• Click Save, and save the file to a folder on your computer.
• Navigate to the folder where the file was saved.
• Ensure that all McAfee windows are closed.
• Double-click MCPR.exe to run the removal tool.
  
  • NOTE: Windows Vista , 7, 8 users must right-click MCPR.exe and select Run as Administrator.
• Restart your computer after receiving the message CleanUp Successful.
• Your McAfee product will not be fully removed until the system is restarted.

=========================

Reboot

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
2014-01-24 18:40 - 2014-02-15 11:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-24 18:40 - 2014-01-24 18:40 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-02-14 08:43 - 2012-06-25 06:33 - 00000000 ____D () C:\ProgramData\McAfee
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
2014-02-15 11:27 - 2013-09-21 10:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 11:24 - 2011-02-10 16:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Reboot

=========================

System File Checker (SFC)

• Click on the Start button and in the Search programs and files box type the following:
  
  
  • command
  
  
• Don't press Enter, just let the search results populate above.
• In the search results, locate the Programs section.
• Locate the Command Prompt shortcut and right-click on it.
• Select Run as administrator.
• Click Yes on the User Account Control window that appears.
• Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
• Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
• An elevated Command Prompt window will appear.
  
  
  • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
  
  
• After the scan runs type exit to close the command prompt window

=========================

In your next post please provide the following:

• Fixlog.txt
• Any error messages encountered?

[Samwise]

1. windows updated and automatically rebooted last night with no problems.
2. I reloaded revo and ran as admin, it keeps asking for the serial number I got upon purchase. It opens a website but I don't see where I can even purchase it.
3. MCPR seemed to work fine as did the reboot.
4. FRST could not find the txt file, stating it needed to be in the same folder, so I found where FRST was hiding and dragged the text there and it seemed to work. Here is the log:
5. I will reboot now, but am waiting to here from you due to the spybot removal not working, before proceeding with the .command
Thanks!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by John at 2014-02-16 10:02:19 Run:1
Running from C:\Users\John\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
2014-01-24 18:40 - 2014-02-15 11:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-24 18:40 - 2014-01-24 18:40 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-02-14 08:43 - 2012-06-25 06:33 - 00000000 ____D () C:\ProgramData\McAfee
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
2014-02-15 11:27 - 2013-09-21 10:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 11:24 - 2011-02-10 16:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
*****************

[3416] C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe => Process closed successfully.
McComponentHostService => Service deleted successfully.
C:\ProgramData\McAfee Security Scan => Moved successfully.
C:\Program Files (x86)\McAfee Security Scan => Moved successfully.
"C:\ProgramData\McAfee" => File/Directory not found.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Value deleted successfully.
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Key not found.
AntiVirSchedulerService => Service deleted successfully.
AntiVirService => Service deleted successfully.
SDHookDriver => Service deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.

==== End of Fixlog ====

[OCD]

Hi Samwise,

2. I reloaded revo and ran as admin, it keeps asking for the serial number I got upon purchase. It opens a website but I don't see where I can even purchase it.

You should not have to purchase Revo, it is a fully functional 30 day free trial. If it has been more than 30 days since you downloaded the program you may have to uninstall Revo, than reboot and proceed to download a fresh copy and install it.

4. FRST could not find the txt file, stating it needed to be in the same folder, so I found where FRST was hiding and dragged the text there and it seemed to work. Here is the log:

Yes this can present a problem if the program is not saved to the desktop as instructed. In order for the fix script to work it needs to be saved in the same directory as the program. But you seem to have moved the fix script to the correct location to get the script to work properly.

[Samwise]

I uninstalled revo and reinstalled but got the same results. It also does not react when I try to right click and run as admin, this happened earlier as well.