willdoak

Here you go: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 Ran by Will (administrator) on WILL-HP2-PC on 12-08-2014 17:10:04 Running from C:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (SanDisk Corporation) C:\Users\Omega\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe () C:\Users\Omega\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe () C:\Users\Omega\AppData\Local\Amazon Music\Amazon Music Helper.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE (inteleXual.com) C:\Program Files (x86)\YCIII\YankClip.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2013-11-19] (Hewlett-Packard) HKU\S-1-5-21-3650626566-3549966248-3755013030-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3650626566-3549966248-3755013030-1001\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] () HKU\S-1-5-21-3650626566-3549966248-3755013030-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [sansaDispatch] => C:\Users\Omega\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-06-18] (SanDisk Corporation) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [Google Update] => C:\Users\Omega\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-26] (Google Inc.) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Omega\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [Amazon Music] => C:\Users\Omega\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) Startup: C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk ShortcutTarget: Yankee Clipper III.lnk -> C:\Program Files (x86)\YCIII\YankClip.exe (inteleXual.com) ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ShellIconOverlayIdentifiers: SugarSyncSharedPending -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.com/?f=1&a=ast_dnldstr_14_31_ff&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyByEzzzz0F0EyByDtBtN0D0Tzu0SzyyEtBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByC0ByC0DtBzy0AtG0D0D0F0AtG0C0ByByCtGyDyD0B0CtGyDzz0F0EyD0FyB0F0C0CyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0F0Czz0DtBtDtGtDtCzztDtGtDzy0EyDtGyB0AyB0EtGtAtAyE0FyBtAtCyBzyzyyEtB2Q&cr=632151138&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 URLSearchHook: HKCU - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM - {50FC6E2E-6294-40A2-902E-27349951F8DD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {50FC6E2E-6294-40A2-902E-27349951F8DD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKCU - DefaultScope {48DEBFF9-726B-40E4-BB3D-0C3F7BFCFA86} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_31_ff&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyByEzzzz0F0EyByDtBtN0D0Tzu0SzyyEtBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByC0ByC0DtBzy0AtG0D0D0F0AtG0C0ByByCtGyDyD0B0CtGyDzz0F0EyD0FyB0F0C0CyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0F0Czz0DtBtDtGtDtCzztDtGtDzy0EyDtGyB0AyB0EtGtAtAyE0FyBtAtCyBzyzyyEtB2Q&cr=632151138&ir= SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_11_ie&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyByEzzzz0F0EyByDtBtN0D0Tzu0SzztDyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CtAyE0EtDtC0BtG0E0A0FyDtGzy0A0EtCtG0E0C0BtAtGtD0EtAzz0Fzy0EtBtCyCtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0F0Czz0DtBtDtGtDtCzztDtGtDzy0EyDtGyB0AyB0EtGtAtAyE0FyBtAtCyBzyzyyEtB2Q&cr=1064226096&ir= SearchScopes: HKCU - {48DEBFF9-726B-40E4-BB3D-0C3F7BFCFA86} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_31_ff&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyByEzzzz0F0EyByDtBtN0D0Tzu0SzyyEtBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByC0ByC0DtBzy0AtG0D0D0F0AtG0C0ByByCtGyDyD0B0CtGyDzz0F0EyD0FyB0F0C0CyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0F0Czz0DtBtDtGtDtCzztDtGtDzy0EyDtGyB0AyB0EtGtAtAyE0FyBtAtCyBzyzyyEtB2Q&cr=632151138&ir= SearchScopes: HKCU - {50FC6E2E-6294-40A2-902E-27349951F8DD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll () BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25 FireFox: ======== FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\w9l2ryrd.default FF DefaultSearchEngine: Astromenda FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Will\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF user.js: detected! => C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\w9l2ryrd.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Conduit Engine - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\w9l2ryrd.default\Extensions\engine@conduit.com [2013-01-16] FF Extension: NoScript - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\w9l2ryrd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-25] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-28] CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-28] CHR Extension: (LastPass) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-09-28] CHR Extension: (Skype Click to Call) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-25] CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-28] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-01-01] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HMuKstE; C:\Windows\System32\DRIVERS\HMuKstE.sys [51024 2010-05-21] (Dritek System Inc.) S2 MCSTRM; No ImagePath R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2009-09-16] (Windows ® Codename Longhorn DDK provider) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-04] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-10-26] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-04] (Acronis International GmbH) S3 ALSysIO; \??\C:\Users\Will\AppData\Local\Temp\ALSysIO64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 KMW_KBD; System32\DRIVERS\KMW_KBD.sys [X] S3 MEMSWEEP2; \??\C:\Windows\system32\33F4.tmp [X] S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 17:10 - 2014-08-12 17:10 - 00028746 _____ () C:\FRST.txt 2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\FRST-OlderVersion 2014-08-12 17:00 - 2014-08-12 17:09 - 02100224 _____ (Farbar) C:\FRST64.exe 2014-08-12 16:57 - 2014-08-12 16:57 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Sling Media 2014-08-12 16:54 - 2014-08-12 16:54 - 00000000 ____D () C:\Program Files (x86)\Sling Media 2014-08-12 16:53 - 2014-08-12 16:54 - 09425696 _____ (Sling Media Inc.) C:\Users\Omega\Downloads\WBSP_IE_Setup.exe 2014-08-11 16:16 - 2014-08-11 16:16 - 00046317 _____ () C:\Users\Omega\Downloads\Addition.txt 2014-08-11 16:15 - 2014-08-11 16:16 - 00051643 _____ () C:\Users\Omega\Downloads\FRST.txt 2014-08-11 16:14 - 2014-08-12 17:10 - 00000000 ____D () C:\FRST 2014-08-11 13:28 - 2014-08-11 13:28 - 02099712 _____ (Farbar) C:\Users\Omega\Downloads\FRST64.exe 2014-08-10 12:57 - 2014-08-10 12:57 - 00085010 _____ () C:\Users\Omega\Downloads\noname(1).eml 2014-08-10 12:28 - 2014-08-10 12:28 - 05985372 _____ () C:\Users\Omega\Downloads\explora1.zip 2014-08-08 13:09 - 2014-08-08 13:10 - 00085010 _____ () C:\Users\Omega\Downloads\noname.eml 2014-08-08 12:57 - 2014-08-08 12:57 - 00002104 _____ () C:\Users\Omega\Documents\cc_20140808_125655.reg 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iPod 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-07 21:00 - 2014-08-07 21:00 - 00000000 ____D () C:\Users\Omega\Desktop\All Commands.{ED7BA470-8E54-465E-825C-99712043E01C} 2014-08-06 10:05 - 2014-08-12 10:09 - 00000616 _____ () C:\Windows\setupact.log 2014-08-06 10:05 - 2014-08-06 10:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-03 19:37 - 2014-08-03 19:38 - 00001135 _____ () C:\Users\Omega\Desktop\Amazon Music.lnk 2014-08-03 19:37 - 2014-08-03 19:37 - 38603216 _____ (Amazon) C:\Users\Omega\Downloads\AmazonMusicInstaller.exe 2014-08-03 18:58 - 2014-08-03 18:58 - 02399472 _____ () C:\Users\Omega\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe 2014-08-03 18:58 - 2014-08-03 18:58 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-08-02 17:00 - 2014-08-02 17:00 - 00000000 ____D () C:\Users\Omega\Desktop\Downloaded books 2014-08-01 13:10 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-01 13:10 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-01 13:10 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-01 13:10 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-01 13:10 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-01 13:10 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-01 13:10 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-01 13:10 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-01 13:10 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-31 18:16 - 2014-07-31 18:16 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk 2014-07-30 14:02 - 2014-07-30 14:02 - 10741384 _____ (Irfan Skiljan) C:\Users\Will\Downloads\irfanview_plugins_438_setup.exe 2014-07-30 14:01 - 2014-07-30 14:01 - 01898640 _____ (Irfan Skiljan) C:\Users\Will\Downloads\iview438_setup.exe 2014-07-30 13:58 - 2014-07-30 13:58 - 00000000 ____D () C:\ProgramData\374311380 2014-07-30 13:57 - 2014-07-30 13:57 - 00000000 ____D () C:\Users\Will\Documents\Optimizer Pro 2014-07-30 13:52 - 2014-07-30 13:51 - 18594480 _____ (Adobe Systems Incorporated) C:\Users\Will\Downloads\install_flash_player_ax.exe 2014-07-27 17:21 - 2014-07-27 17:29 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player 2014-07-27 17:21 - 2014-07-27 17:21 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\DISH Anywhere 2014-07-27 17:20 - 2014-07-27 17:20 - 35491648 _____ (DISH Anywhere) C:\Users\Omega\Downloads\DISH_Anywhere_Video_Player_Installer_2.14.1.exe 2014-07-27 16:47 - 2014-07-27 16:47 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Sling Media 2014-07-26 10:45 - 2014-07-26 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-26 10:43 - 2014-07-26 10:43 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Will\Downloads\SkypeSetup.exe 2014-07-25 17:49 - 2014-08-12 15:24 - 00000000 ____D () C:\Users\Omega\Desktop\Pine St 2014-07-25 13:53 - 2014-07-25 13:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-25 09:11 - 2014-07-25 09:12 - 00000000 ____D () C:\Users\Omega\Desktop\Ps lessons 2014-07-24 19:04 - 2014-07-24 19:04 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-07-23 16:37 - 2014-06-20 14:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-23 16:37 - 2014-06-20 13:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-23 16:37 - 2014-06-18 19:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-23 16:37 - 2014-06-18 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-23 16:37 - 2014-06-18 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-23 16:37 - 2014-06-18 18:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-23 16:37 - 2014-06-18 18:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-23 16:37 - 2014-06-18 18:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-23 16:37 - 2014-06-18 18:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-23 16:37 - 2014-06-18 18:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-23 16:37 - 2014-06-18 18:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-23 16:37 - 2014-06-18 18:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-23 16:37 - 2014-06-18 18:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-23 16:37 - 2014-06-18 18:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-23 16:37 - 2014-06-18 18:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-23 16:37 - 2014-06-18 18:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-23 16:37 - 2014-06-18 18:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-23 16:37 - 2014-06-18 18:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-23 16:37 - 2014-06-18 18:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-23 16:37 - 2014-06-18 17:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-23 16:37 - 2014-06-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-23 16:37 - 2014-06-18 17:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-23 16:37 - 2014-06-18 17:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-23 16:37 - 2014-06-18 17:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-23 16:37 - 2014-06-18 17:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-23 16:37 - 2014-06-18 17:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-23 16:37 - 2014-06-18 17:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-23 16:37 - 2014-06-18 17:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-23 16:37 - 2014-06-18 17:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-23 16:37 - 2014-06-18 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-23 16:37 - 2014-06-18 17:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-23 16:37 - 2014-06-18 17:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-23 16:37 - 2014-06-18 17:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-23 16:37 - 2014-06-18 17:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-23 16:37 - 2014-06-18 17:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-23 16:37 - 2014-06-18 17:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-23 16:37 - 2014-06-18 17:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-23 16:37 - 2014-06-18 17:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-23 16:37 - 2014-06-18 17:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-23 16:37 - 2014-06-18 17:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-23 16:37 - 2014-06-18 17:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-23 16:37 - 2014-06-18 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-23 16:37 - 2014-06-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-23 16:37 - 2014-06-18 16:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-23 16:37 - 2014-06-18 16:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-23 16:37 - 2014-06-18 16:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-23 16:37 - 2014-06-18 16:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-23 16:37 - 2014-06-18 16:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-23 16:37 - 2014-06-18 16:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-23 16:37 - 2014-06-18 16:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-23 16:37 - 2014-06-18 16:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-23 16:37 - 2014-06-18 16:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-23 16:37 - 2014-06-18 16:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-23 16:37 - 2014-06-18 16:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-23 16:37 - 2014-06-18 16:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-23 16:37 - 2014-06-18 16:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-23 16:37 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-23 16:37 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-23 16:37 - 2014-06-17 19:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-23 16:37 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-23 16:37 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-23 16:37 - 2014-06-05 08:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-23 16:37 - 2014-06-05 08:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-23 16:37 - 2014-06-05 08:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-23 16:37 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 17:10 - 2014-08-12 17:10 - 00028746 _____ () C:\FRST.txt 2014-08-12 17:10 - 2014-08-11 16:14 - 00000000 ____D () C:\FRST 2014-08-12 17:09 - 2014-08-12 17:09 - 00000000 ____D () C:\FRST-OlderVersion 2014-08-12 17:09 - 2014-08-12 17:00 - 02100224 _____ (Farbar) C:\FRST64.exe 2014-08-12 17:09 - 2014-04-02 17:52 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3650626566-3549966248-3755013030-1003.job 2014-08-12 17:09 - 2012-09-26 10:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-12 17:09 - 2010-04-28 14:01 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Skype 2014-08-12 17:06 - 2010-08-12 09:21 - 00000000 ____D () C:\Users\Omega\Documents\Tech 2014-08-12 17:03 - 2012-09-26 10:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-12 16:57 - 2014-08-12 16:57 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Sling Media 2014-08-12 16:54 - 2014-08-12 16:54 - 00000000 ____D () C:\Program Files (x86)\Sling Media 2014-08-12 16:54 - 2014-08-12 16:53 - 09425696 _____ (Sling Media Inc.) C:\Users\Omega\Downloads\WBSP_IE_Setup.exe 2014-08-12 16:20 - 2014-01-01 16:21 - 01855545 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 16:18 - 2012-04-06 14:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 16:18 - 2011-07-26 10:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003UA.job 2014-08-12 15:24 - 2014-07-25 17:49 - 00000000 ____D () C:\Users\Omega\Desktop\Pine St 2014-08-12 12:18 - 2011-07-26 10:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003Core.job 2014-08-12 10:19 - 2010-04-30 17:28 - 00000000 ____D () C:\Users\Omega\AppData\Local\Adobe 2014-08-12 10:17 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 10:17 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 10:09 - 2014-08-06 10:05 - 00000616 _____ () C:\Windows\setupact.log 2014-08-12 10:09 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-11 16:16 - 2014-08-11 16:16 - 00046317 _____ () C:\Users\Omega\Downloads\Addition.txt 2014-08-11 16:16 - 2014-08-11 16:15 - 00051643 _____ () C:\Users\Omega\Downloads\FRST.txt 2014-08-11 14:15 - 2013-04-05 18:47 - 00000000 ____D () C:\Users\Omega\Documents\Dollars 2014-08-11 13:28 - 2014-08-11 13:28 - 02099712 _____ (Farbar) C:\Users\Omega\Downloads\FRST64.exe 2014-08-11 12:49 - 2012-01-03 08:19 - 00000000 ____D () C:\Users\Omega\Documents\Insurance 2014-08-10 18:11 - 2014-05-12 16:19 - 00016807 _____ () C:\Users\Omega\Desktop\words.zip 2014-08-10 12:57 - 2014-08-10 12:57 - 00085010 _____ () C:\Users\Omega\Downloads\noname(1).eml 2014-08-10 12:28 - 2014-08-10 12:28 - 05985372 _____ () C:\Users\Omega\Downloads\explora1.zip 2014-08-08 14:39 - 2014-06-07 12:39 - 00000000 ____D () C:\Users\Omega\Documents\Pasatiempo 2014-08-08 13:10 - 2014-08-08 13:09 - 00085010 _____ () C:\Users\Omega\Downloads\noname.eml 2014-08-08 12:57 - 2014-08-08 12:57 - 00002104 _____ () C:\Users\Omega\Documents\cc_20140808_125655.reg 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iPod 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-08 12:53 - 2014-03-16 22:26 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-07 21:00 - 2014-08-07 21:00 - 00000000 ____D () C:\Users\Omega\Desktop\All Commands.{ED7BA470-8E54-465E-825C-99712043E01C} 2014-08-07 16:23 - 2012-09-16 16:04 - 00000000 ___RD () C:\Users\Omega\Sync 2014-08-07 16:18 - 2014-04-02 12:33 - 00000000 ____D () C:\Users\Omega\AppData\Local\Deployment 2014-08-06 13:04 - 2009-07-13 23:13 - 00006274 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-06 10:05 - 2014-08-06 10:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-05 23:53 - 2014-04-02 14:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-05 15:14 - 2013-06-23 19:22 - 00002060 _____ () C:\Windows\Sandboxie.ini 2014-08-05 14:28 - 2010-11-05 15:41 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1 2014-08-05 12:00 - 2010-04-28 08:45 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Adobe 2014-08-05 09:19 - 2009-07-13 23:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-04 11:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-08-03 19:38 - 2014-08-03 19:37 - 00001135 _____ () C:\Users\Omega\Desktop\Amazon Music.lnk 2014-08-03 19:37 - 2014-08-03 19:37 - 38603216 _____ (Amazon) C:\Users\Omega\Downloads\AmazonMusicInstaller.exe 2014-08-03 19:10 - 2011-09-08 15:35 - 00870128 _____ () C:\Users\Omega\AppData\Roaming\mcs.rma 2014-08-03 19:10 - 2011-09-08 15:35 - 00000004 _____ () C:\Users\Omega\AppData\Roaming\FE9E44 2014-08-03 18:58 - 2014-08-03 18:58 - 02399472 _____ () C:\Users\Omega\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe 2014-08-03 18:58 - 2014-08-03 18:58 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-08-02 17:00 - 2014-08-02 17:00 - 00000000 ____D () C:\Users\Omega\Desktop\Downloaded books 2014-07-31 21:42 - 2014-04-02 12:45 - 00001113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-07-31 18:16 - 2014-07-31 18:16 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk 2014-07-31 18:15 - 2010-04-27 15:01 - 00000000 ____D () C:\Program Files\Adobe 2014-07-30 14:02 - 2014-07-30 14:02 - 10741384 _____ (Irfan Skiljan) C:\Users\Will\Downloads\irfanview_plugins_438_setup.exe 2014-07-30 14:01 - 2014-07-30 14:01 - 01898640 _____ (Irfan Skiljan) C:\Users\Will\Downloads\iview438_setup.exe 2014-07-30 14:01 - 2012-11-14 06:36 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-30 13:58 - 2014-07-30 13:58 - 00000000 ____D () C:\ProgramData\374311380 2014-07-30 13:57 - 2014-07-30 13:57 - 00000000 ____D () C:\Users\Will\Documents\Optimizer Pro 2014-07-30 13:53 - 2012-04-06 14:45 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-30 13:53 - 2012-04-06 14:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-30 13:53 - 2011-05-18 08:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-30 13:51 - 2014-07-30 13:52 - 18594480 _____ (Adobe Systems Incorporated) C:\Users\Will\Downloads\install_flash_player_ax.exe 2014-07-29 11:20 - 2011-08-21 12:28 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOmega 2014-07-29 11:20 - 2011-08-21 12:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOmega.job 2014-07-27 17:29 - 2014-07-27 17:21 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player 2014-07-27 17:21 - 2014-07-27 17:21 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\DISH Anywhere 2014-07-27 17:20 - 2014-07-27 17:20 - 35491648 _____ (DISH Anywhere) C:\Users\Omega\Downloads\DISH_Anywhere_Video_Player_Installer_2.14.1.exe 2014-07-27 16:47 - 2014-07-27 16:47 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Sling Media 2014-07-26 10:45 - 2014-07-26 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-26 10:45 - 2010-04-28 14:01 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-07-26 10:45 - 2010-04-28 14:01 - 00000000 ____D () C:\ProgramData\Skype 2014-07-26 10:43 - 2014-07-26 10:43 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Will\Downloads\SkypeSetup.exe 2014-07-26 08:11 - 2012-05-28 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-25 13:53 - 2014-07-25 13:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-25 13:43 - 2013-08-16 11:46 - 00000000 ____D () C:\Users\Omega\Documents\Real estate 2014-07-25 09:12 - 2014-07-25 09:11 - 00000000 ____D () C:\Users\Omega\Desktop\Ps lessons 2014-07-24 23:25 - 2010-05-02 17:07 - 00007592 _____ () C:\Users\Will\AppData\Local\resmon.resmoncfg 2014-07-24 19:07 - 2010-05-26 14:23 - 00000000 ____D () C:\Program Files (x86)\CCleaner 2014-07-24 19:04 - 2014-07-24 19:04 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-07-24 19:03 - 2014-04-27 22:26 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-24 19:01 - 2010-04-26 15:11 - 00000000 ____D () C:\Users\Will 2014-07-23 18:58 - 2011-04-12 10:13 - 00000031 _____ () C:\Windows\QUICKEN.INI 2014-07-23 17:08 - 2009-07-13 22:45 - 05397832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-23 16:40 - 2013-07-09 19:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-23 16:38 - 2010-04-27 07:07 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-23 16:26 - 2014-04-02 17:52 - 00003594 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3650626566-3549966248-3755013030-1003 2014-07-23 14:21 - 2013-03-29 15:16 - 00000000 ____D () C:\ProgramData\Google Some content of TEMP: ==================== C:\Users\Omega\AppData\Local\Temp\CreativeCloudSet-Up.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 15:19 ==================== End Of Log ============================

Sorry about that! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by Omega (ATTENTION: The logged in user is not administrator) on WILL-HP2-PC on 11-08-2014 16:15:34 Running from C:\Users\Omega\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (SanDisk Corporation) C:\Users\Omega\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe () C:\Users\Omega\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe () C:\Users\Omega\AppData\Local\Amazon Music\Amazon Music Helper.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE (inteleXual.com) C:\Program Files (x86)\YCIII\YankClip.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2013-11-19] (Hewlett-Packard) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [sansaDispatch] => C:\Users\Omega\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-06-18] (SanDisk Corporation) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [Google Update] => C:\Users\Omega\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-26] (Google Inc.) HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Omega\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-3650626566-3549966248-3755013030-1003\...\Run: [Amazon Music] => C:\Users\Omega\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) Startup: C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk ShortcutTarget: Yankee Clipper III.lnk -> C:\Program Files (x86)\YCIII\YankClip.exe (inteleXual.com) ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ShellIconOverlayIdentifiers: SugarSyncSharedPending -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM - {50FC6E2E-6294-40A2-902E-27349951F8DD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {50FC6E2E-6294-40A2-902E-27349951F8DD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKCU - DefaultScope {7DF7437E-5B34-4BF5-BF94-9B12D0E6B712} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {50FC6E2E-6294-40A2-902E-27349951F8DD} URL = SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=u6tv8O8p_ngaLov4lVdbfmLn018?q={searchTerms} SearchScopes: HKCU - {7DF7437E-5B34-4BF5-BF94-9B12D0E6B712} URL = https://www.google.com/search?q={searchTerms} BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll () BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25 FireFox: ======== FF ProfilePath: C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default FF Homepage: about:blank FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Omega\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Omega\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Omega\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Omega\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Omega\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Omega\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Omega\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin HKCU: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Omega\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll (Nagravision) FF user.js: detected! => C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Omega\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Omega\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Omega\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Print pages to PDF - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\printPages2Pdf@reinhold.ripper [2014-06-19] FF Extension: LastPass - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\support@lastpass.com [2014-08-10] FF Extension: Flashblock - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-05-30] FF Extension: WebSlingPlayer - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2014-07-27] FF Extension: Readability - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\readability@readability.com.xpi [2013-11-16] FF Extension: Image Zoom - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-05-25] FF Extension: NoScript - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04] FF Extension: Adblock Plus - C:\Users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\hqv89dfd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-26] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-25] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File CHR Plugin: (Skype Click to Call) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File CHR Plugin: (NPLastPass) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\Omega\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Omega\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) CHR Plugin: (Facebook Plugin) - C:\Users\Omega\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-27] CHR Extension: (Adblock Plus) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-09-27] CHR Extension: (HP Instant Support) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnajakljidldedbomhbacclcmjkldmeb [2013-01-18] CHR Extension: (Google Search) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-27] CHR Extension: (MaskMe) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2012-11-01] CHR Extension: (DoNotTrackMe) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2012-09-27] CHR Extension: (LastPass) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-09-27] CHR Extension: (Feedly - Your News, RSS, Google Reader) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-05-09] CHR Extension: (Skype Click to Call) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-08] CHR Extension: (Spam Blocker for Google™ search) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbhiajmalgdjlojjamonklladcijim [2013-05-23] CHR Extension: (Readability) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2012-09-27] CHR Extension: (Gmail) - C:\Users\Omega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-27] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-01-01] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HMuKstE; C:\Windows\System32\DRIVERS\HMuKstE.sys [51024 2010-05-21] (Dritek System Inc.) S2 MCSTRM; No ImagePath R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2009-09-16] (Windows ® Codename Longhorn DDK provider) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-04] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-10-26] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-04] (Acronis International GmbH) S3 ALSysIO; \??\C:\Users\Will\AppData\Local\Temp\ALSysIO64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 KMW_KBD; System32\DRIVERS\KMW_KBD.sys [X] S3 MEMSWEEP2; \??\C:\Windows\system32\33F4.tmp [X] S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 16:15 - 2014-08-11 16:15 - 00029053 _____ () C:\Users\Omega\Downloads\FRST.txt 2014-08-11 16:14 - 2014-08-11 16:15 - 00000000 ____D () C:\FRST 2014-08-11 13:28 - 2014-08-11 13:28 - 02099712 _____ (Farbar) C:\Users\Omega\Downloads\FRST64.exe 2014-08-10 12:57 - 2014-08-10 12:57 - 00085010 _____ () C:\Users\Omega\Downloads\noname(1).eml 2014-08-10 12:28 - 2014-08-10 12:28 - 05985372 _____ () C:\Users\Omega\Downloads\explora1.zip 2014-08-08 13:09 - 2014-08-08 13:10 - 00085010 _____ () C:\Users\Omega\Downloads\noname.eml 2014-08-08 12:57 - 2014-08-08 12:57 - 00002104 _____ () C:\Users\Omega\Documents\cc_20140808_125655.reg 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iPod 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-07 21:00 - 2014-08-07 21:00 - 00000000 ____D () C:\Users\Omega\Desktop\All Commands.{ED7BA470-8E54-465E-825C-99712043E01C} 2014-08-06 10:05 - 2014-08-11 11:43 - 00000560 _____ () C:\Windows\setupact.log 2014-08-06 10:05 - 2014-08-06 10:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-03 19:37 - 2014-08-03 19:38 - 00001135 _____ () C:\Users\Omega\Desktop\Amazon Music.lnk 2014-08-03 19:37 - 2014-08-03 19:37 - 38603216 _____ (Amazon) C:\Users\Omega\Downloads\AmazonMusicInstaller.exe 2014-08-03 18:58 - 2014-08-03 18:58 - 02399472 _____ () C:\Users\Omega\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe 2014-08-03 18:58 - 2014-08-03 18:58 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-08-02 17:00 - 2014-08-02 17:00 - 00000000 ____D () C:\Users\Omega\Desktop\Downloaded books 2014-08-01 13:10 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-01 13:10 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-01 13:10 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-01 13:10 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-01 13:10 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-01 13:10 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-01 13:10 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-01 13:10 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-01 13:10 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-01 13:10 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-31 18:16 - 2014-07-31 18:16 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk 2014-07-30 14:02 - 2014-07-30 14:02 - 10741384 _____ (Irfan Skiljan) C:\Users\Will\Downloads\irfanview_plugins_438_setup.exe 2014-07-30 14:01 - 2014-07-30 14:01 - 01898640 _____ (Irfan Skiljan) C:\Users\Will\Downloads\iview438_setup.exe 2014-07-30 13:58 - 2014-07-30 13:58 - 00000000 ____D () C:\ProgramData\374311380 2014-07-30 13:57 - 2014-07-30 13:57 - 00000000 ____D () C:\Users\Will\Documents\Optimizer Pro 2014-07-30 13:52 - 2014-07-30 13:51 - 18594480 _____ (Adobe Systems Incorporated) C:\Users\Will\Downloads\install_flash_player_ax.exe 2014-07-27 17:21 - 2014-07-27 17:29 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player 2014-07-27 17:21 - 2014-07-27 17:21 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\DISH Anywhere 2014-07-27 17:20 - 2014-07-27 17:20 - 35491648 _____ (DISH Anywhere) C:\Users\Omega\Downloads\DISH_Anywhere_Video_Player_Installer_2.14.1.exe 2014-07-27 16:47 - 2014-07-27 16:47 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Sling Media 2014-07-26 10:45 - 2014-07-26 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-26 10:43 - 2014-07-26 10:43 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Will\Downloads\SkypeSetup.exe 2014-07-25 17:49 - 2014-08-11 15:55 - 00000000 ____D () C:\Users\Omega\Desktop\Pine St 2014-07-25 13:53 - 2014-07-25 13:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-25 09:11 - 2014-07-25 09:12 - 00000000 ____D () C:\Users\Omega\Desktop\Ps lessons 2014-07-24 19:04 - 2014-07-24 19:04 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-07-23 16:37 - 2014-06-20 14:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-23 16:37 - 2014-06-20 13:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-23 16:37 - 2014-06-18 19:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-23 16:37 - 2014-06-18 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-23 16:37 - 2014-06-18 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-23 16:37 - 2014-06-18 18:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-23 16:37 - 2014-06-18 18:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-23 16:37 - 2014-06-18 18:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-23 16:37 - 2014-06-18 18:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-23 16:37 - 2014-06-18 18:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-23 16:37 - 2014-06-18 18:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-23 16:37 - 2014-06-18 18:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-23 16:37 - 2014-06-18 18:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-23 16:37 - 2014-06-18 18:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-23 16:37 - 2014-06-18 18:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-23 16:37 - 2014-06-18 18:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-23 16:37 - 2014-06-18 18:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-23 16:37 - 2014-06-18 18:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-23 16:37 - 2014-06-18 18:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-23 16:37 - 2014-06-18 17:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-23 16:37 - 2014-06-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-23 16:37 - 2014-06-18 17:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-23 16:37 - 2014-06-18 17:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-23 16:37 - 2014-06-18 17:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-23 16:37 - 2014-06-18 17:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-23 16:37 - 2014-06-18 17:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-23 16:37 - 2014-06-18 17:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-23 16:37 - 2014-06-18 17:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-23 16:37 - 2014-06-18 17:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-23 16:37 - 2014-06-18 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-23 16:37 - 2014-06-18 17:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-23 16:37 - 2014-06-18 17:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-23 16:37 - 2014-06-18 17:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-23 16:37 - 2014-06-18 17:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-23 16:37 - 2014-06-18 17:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-23 16:37 - 2014-06-18 17:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-23 16:37 - 2014-06-18 17:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-23 16:37 - 2014-06-18 17:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-23 16:37 - 2014-06-18 17:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-23 16:37 - 2014-06-18 17:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-23 16:37 - 2014-06-18 17:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-23 16:37 - 2014-06-18 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-23 16:37 - 2014-06-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-23 16:37 - 2014-06-18 16:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-23 16:37 - 2014-06-18 16:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-23 16:37 - 2014-06-18 16:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-23 16:37 - 2014-06-18 16:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-23 16:37 - 2014-06-18 16:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-23 16:37 - 2014-06-18 16:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-23 16:37 - 2014-06-18 16:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-23 16:37 - 2014-06-18 16:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-23 16:37 - 2014-06-18 16:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-23 16:37 - 2014-06-18 16:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-23 16:37 - 2014-06-18 16:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-23 16:37 - 2014-06-18 16:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-23 16:37 - 2014-06-18 16:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-23 16:37 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-23 16:37 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-23 16:37 - 2014-06-17 19:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-23 16:37 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-23 16:37 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-23 16:37 - 2014-06-05 08:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-23 16:37 - 2014-06-05 08:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-23 16:37 - 2014-06-05 08:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-23 16:37 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 16:15 - 2014-08-11 16:15 - 00029053 _____ () C:\Users\Omega\Downloads\FRST.txt 2014-08-11 16:15 - 2014-08-11 16:14 - 00000000 ____D () C:\FRST 2014-08-11 16:09 - 2014-04-02 17:52 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3650626566-3549966248-3755013030-1003.job 2014-08-11 16:03 - 2012-09-26 10:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-11 15:55 - 2014-07-25 17:49 - 00000000 ____D () C:\Users\Omega\Desktop\Pine St 2014-08-11 15:18 - 2012-04-06 14:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-11 15:18 - 2011-07-26 10:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003UA.job 2014-08-11 14:15 - 2013-04-05 18:47 - 00000000 ____D () C:\Users\Omega\Documents\Dollars 2014-08-11 14:03 - 2012-09-26 10:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-11 13:28 - 2014-08-11 13:28 - 02099712 _____ (Farbar) C:\Users\Omega\Downloads\FRST64.exe 2014-08-11 12:49 - 2012-01-03 08:19 - 00000000 ____D () C:\Users\Omega\Documents\Insurance 2014-08-11 12:34 - 2014-01-01 16:21 - 01827038 _____ () C:\Windows\WindowsUpdate.log 2014-08-11 12:34 - 2010-04-30 17:28 - 00000000 ____D () C:\Users\Omega\AppData\Local\Adobe 2014-08-11 12:18 - 2011-07-26 10:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003Core.job 2014-08-11 11:50 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-11 11:50 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-11 11:43 - 2014-08-06 10:05 - 00000560 _____ () C:\Windows\setupact.log 2014-08-11 11:43 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-10 18:11 - 2014-05-12 16:19 - 00016807 _____ () C:\Users\Omega\Desktop\words.zip 2014-08-10 12:57 - 2014-08-10 12:57 - 00085010 _____ () C:\Users\Omega\Downloads\noname(1).eml 2014-08-10 12:28 - 2014-08-10 12:28 - 05985372 _____ () C:\Users\Omega\Downloads\explora1.zip 2014-08-08 14:39 - 2014-06-07 12:39 - 00000000 ____D () C:\Users\Omega\Documents\Pasatiempo 2014-08-08 13:10 - 2014-08-08 13:09 - 00085010 _____ () C:\Users\Omega\Downloads\noname.eml 2014-08-08 12:57 - 2014-08-08 12:57 - 00002104 _____ () C:\Users\Omega\Documents\cc_20140808_125655.reg 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iTunes 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files\iPod 2014-08-08 12:53 - 2014-08-08 12:53 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-08 12:53 - 2014-03-16 22:26 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-07 21:00 - 2014-08-07 21:00 - 00000000 ____D () C:\Users\Omega\Desktop\All Commands.{ED7BA470-8E54-465E-825C-99712043E01C} 2014-08-07 16:23 - 2012-09-16 16:04 - 00000000 ___RD () C:\Users\Omega\Sync 2014-08-07 16:18 - 2014-04-02 12:33 - 00000000 ____D () C:\Users\Omega\AppData\Local\Deployment 2014-08-06 13:04 - 2009-07-13 23:13 - 00006274 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-06 10:07 - 2010-04-28 14:01 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Skype 2014-08-06 10:05 - 2014-08-06 10:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-05 23:53 - 2014-04-02 14:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-05 15:14 - 2013-06-23 19:22 - 00002060 _____ () C:\Windows\Sandboxie.ini 2014-08-05 14:28 - 2010-11-05 15:41 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1 2014-08-05 12:00 - 2010-04-28 08:45 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Adobe 2014-08-05 09:19 - 2009-07-13 23:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-04 11:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-08-03 19:38 - 2014-08-03 19:37 - 00001135 _____ () C:\Users\Omega\Desktop\Amazon Music.lnk 2014-08-03 19:37 - 2014-08-03 19:37 - 38603216 _____ (Amazon) C:\Users\Omega\Downloads\AmazonMusicInstaller.exe 2014-08-03 19:10 - 2011-09-08 15:35 - 00870128 _____ () C:\Users\Omega\AppData\Roaming\mcs.rma 2014-08-03 19:10 - 2011-09-08 15:35 - 00000004 _____ () C:\Users\Omega\AppData\Roaming\FE9E44 2014-08-03 18:58 - 2014-08-03 18:58 - 02399472 _____ () C:\Users\Omega\Downloads\AmazonMP3DownloaderInstall._V383688046_.exe 2014-08-03 18:58 - 2014-08-03 18:58 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-08-02 17:00 - 2014-08-02 17:00 - 00000000 ____D () C:\Users\Omega\Desktop\Downloaded books 2014-07-31 21:42 - 2014-04-02 12:45 - 00001113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-07-31 18:16 - 2014-07-31 18:16 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk 2014-07-31 18:15 - 2010-04-27 15:01 - 00000000 ____D () C:\Program Files\Adobe 2014-07-30 14:02 - 2014-07-30 14:02 - 10741384 _____ (Irfan Skiljan) C:\Users\Will\Downloads\irfanview_plugins_438_setup.exe 2014-07-30 14:01 - 2014-07-30 14:01 - 01898640 _____ (Irfan Skiljan) C:\Users\Will\Downloads\iview438_setup.exe 2014-07-30 14:01 - 2012-11-14 06:36 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-30 13:58 - 2014-07-30 13:58 - 00000000 ____D () C:\ProgramData\374311380 2014-07-30 13:57 - 2014-07-30 13:57 - 00000000 ____D () C:\Users\Will\Documents\Optimizer Pro 2014-07-30 13:53 - 2012-04-06 14:45 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-30 13:53 - 2011-05-18 08:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-30 13:51 - 2014-07-30 13:52 - 18594480 _____ (Adobe Systems Incorporated) C:\Users\Will\Downloads\install_flash_player_ax.exe 2014-07-29 11:20 - 2011-08-21 12:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOmega.job 2014-07-27 17:29 - 2014-07-27 17:21 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player 2014-07-27 17:21 - 2014-07-27 17:21 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\DISH Anywhere 2014-07-27 17:20 - 2014-07-27 17:20 - 35491648 _____ (DISH Anywhere) C:\Users\Omega\Downloads\DISH_Anywhere_Video_Player_Installer_2.14.1.exe 2014-07-27 16:47 - 2014-07-27 16:47 - 00000000 ____D () C:\Users\Omega\AppData\Roaming\Sling Media 2014-07-26 10:45 - 2014-07-26 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-26 10:45 - 2010-04-28 14:01 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-07-26 10:45 - 2010-04-28 14:01 - 00000000 ____D () C:\ProgramData\Skype 2014-07-26 10:43 - 2014-07-26 10:43 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Will\Downloads\SkypeSetup.exe 2014-07-26 08:11 - 2012-05-28 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-25 13:53 - 2014-07-25 13:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-25 13:43 - 2013-08-16 11:46 - 00000000 ____D () C:\Users\Omega\Documents\Real estate 2014-07-25 09:12 - 2014-07-25 09:11 - 00000000 ____D () C:\Users\Omega\Desktop\Ps lessons 2014-07-24 23:25 - 2010-05-02 17:07 - 00007592 _____ () C:\Users\Will\AppData\Local\resmon.resmoncfg 2014-07-24 19:07 - 2010-05-26 14:23 - 00000000 ____D () C:\Program Files (x86)\CCleaner 2014-07-24 19:04 - 2014-07-24 19:04 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-07-24 19:03 - 2014-04-27 22:26 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-24 19:01 - 2010-04-26 15:11 - 00000000 ____D () C:\Users\Will 2014-07-23 18:58 - 2011-04-12 10:13 - 00000031 _____ () C:\Windows\QUICKEN.INI 2014-07-23 17:08 - 2009-07-13 22:45 - 05397832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-23 16:40 - 2013-07-09 19:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-23 16:38 - 2010-04-27 07:07 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-23 14:21 - 2013-03-29 15:16 - 00000000 ____D () C:\ProgramData\Google Some content of TEMP: ==================== C:\Users\Omega\AppData\Local\Temp\CreativeCloudSet-Up.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================

I posted teh frst.txt file in a separate post (immediately before posting the addtion text). Will

Here is the addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01 Ran by Omega at 2014-08-11 16:16:03 Running from C:\Users\Omega\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC) Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 2010 Advanced 9.25 (HKLM-x32\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 3.1.1 - ashampoo GmbH & Co. KG) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002205950.48.56.34082026 - Audible, Inc.) Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.1 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - ) Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version: - ) Capture One 6.4 (HKLM\...\CaptureOne6_is1) (Version: 6.4.65508.156 - Phase One A/S) Capture One 7.2 (HKLM\...\CaptureOne7_is1) (Version: 7.2.2.1 - Phase One A/S) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan) CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version: - ) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DISH Anywhere Video Player (HKLM-x32\...\{7E69DC96-66CA-4C38-B3EC-DDC5B9CAE00C}) (Version: 2.14.1 - DISH Anywhere) Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon) DIYPhotoBits.com Camera Control 5.2 (HKLM-x32\...\{6A5B1D32-CC86-4689-B43C-AD52A9B8773B}) (Version: 5.2 - Raymond Lowe) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Scribe (HKLM-x32\...\Scribe) (Version: - NCH Software) Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline) Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard) HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) HPISDataManager (HKLM-x32\...\{A682ACFC-C295-44F9-B745-6656B3272E7D}) (Version: 1.0.0.27 - Hewlett-Packard Company) Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IHA_MessageCenter (HKLM-x32\...\{329445EA-EBA3-45A0-A7A7-B6A6555DB881}) (Version: 1.8.53 - Verizon) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Lightroom Duplicate Finder (HKLM-x32\...\{0DEC74F4-6F45-45C9-96D5-1DC666A01B4C}) (Version: 1.0.2802 - Jim Keir) LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) Network Recording Player (HKLM-x32\...\{0E6B3568-2337-4429-9E14-0D9D8157D45A}) (Version: 2.23.2500 - Cisco WebEx LLC) Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.0.7 - Google) NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9793 - NVIDIA Corporation) NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.) Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.) Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software) Perfect Photo Suite 7.5 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09C}) (Version: 7.5 - onOne Software) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Portrait Professional 11.3 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.3 - Anthropics Technology Ltd.) PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden ProtectStar Data Shredder v2.1 (HKLM-x32\...\{7A0AFAD4-6266-4A8B-8716-2E6EA710DEEF}) (Version: 2.1.1139 - ProtectStar Inc.) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) Rhapsody (HKCU\...\8aa854a199af1b36) (Version: 6.3.4.0 - Rhapsody International Inc.) Rhapsody (HKLM-x32\...\Rhapsody) (Version: - ) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) Sansa Updater (HKCU\...\Sansa Updater) (Version: - ) Secunia PSI (3.0.0.2004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.2004 - Secunia) SIW version 2010.07.14 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.07.14 - Topala Software Solutions) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1983 - Intuit Inc.) Hidden TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0442 - Intuit Inc.) Hidden TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BD6B5D42-37A7-46A0-912C-E7578E1F03C5}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010 - Leaf Imaging Ltd.) Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (09/28/2010 1.1.0.1) (HKLM\...\0F81152D3B5D40D8F497EC1750B8EFF11FEED116) (Version: 09/28/2010 1.1.0.1 - Phase One / Mamiya) Windows Driver Package - Phase One A/S (WinUSB) USBDevice (05/30/2013 1.12.0.68182) (HKLM\...\1D6C98F8A5FED93B7C062B26DD383655CE271976) (Version: 05/30/2013 1.12.0.68182 - Phase One A/S) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. ) Yankee Clipper III (HKLM-x32\...\Yankee Clipper III) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3650626566-3549966248-3755013030-1003.job => C:\Users\Omega\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003Core.job => C:\Users\Omega\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003UA.job => C:\Users\Omega\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForOmega.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2013-10-01 08:26 - 2013-10-01 08:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2012-07-31 14:16 - 2011-09-08 15:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2009-09-14 18:17 - 2009-09-14 18:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2013-05-22 12:17 - 2013-05-22 12:17 - 00400704 _____ () C:\Users\Omega\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2014-08-03 19:37 - 2014-07-22 14:46 - 03356480 _____ () C:\Users\Omega\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 AlternateDataStreams: C:\Users\Omega\Downloads\noname(1).eml:OECustomProperty AlternateDataStreams: C:\Users\Omega\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ==================== Faulty Device Manager Devices ============= Name: 802.11n Wireless PCI Express Card LAN Adapter Description: 802.11n Wireless PCI Express Card LAN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LITE-ON TECHNOLOGY CORPORATION Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: StorLib bus (virtual storages support) Description: StorLib bus (virtual storages support) Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e} Manufacturer: SugarSync Service: SSCBFS3 Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2014 00:15:00 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/11/2014 00:14:45 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/10/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (08/10/2014 10:58:54 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/10/2014 10:58:38 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/08/2014 02:53:25 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/07/2014 06:42:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: Pen_Tablet.dll_unloaded, version: 0.0.0.0, time stamp: 0x4e694dd7 Exception code: 0xc0000005 Fault offset: 0x63074a98 Faulting process id: 0x19d0 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (08/07/2014 06:40:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2995 Error: (08/07/2014 06:40:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2995 Error: (08/07/2014 06:40:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (08/11/2014 11:45:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/11/2014 11:45:36 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/11/2014 11:43:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (08/10/2014 10:29:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/10/2014 10:29:09 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/10/2014 10:26:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (08/09/2014 04:42:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/09/2014 04:42:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/09/2014 04:39:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (08/09/2014 04:19:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Microsoft Office Sessions: ========================= Error: (11/12/2013 04:48:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4761 seconds with 4380 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2011-01-24 15:34:07.495 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.487 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.456 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.448 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.419 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.412 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.381 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.372 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.338 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.321 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8151.08 MB Available physical RAM: 5494.96 MB Total Pagefile: 16300.34 MB Available Pagefile: 13385.13 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:920.29 GB) (Free:700.05 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.12 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ==================== End Of Log ============================

Here is the FRST text: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01 Ran by Omega at 2014-08-11 16:16:03 Running from C:\Users\Omega\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC) Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 2010 Advanced 9.25 (HKLM-x32\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 3.1.1 - ashampoo GmbH & Co. KG) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002205950.48.56.34082026 - Audible, Inc.) Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.1 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - ) Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version: - ) Capture One 6.4 (HKLM\...\CaptureOne6_is1) (Version: 6.4.65508.156 - Phase One A/S) Capture One 7.2 (HKLM\...\CaptureOne7_is1) (Version: 7.2.2.1 - Phase One A/S) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan) CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version: - ) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DISH Anywhere Video Player (HKLM-x32\...\{7E69DC96-66CA-4C38-B3EC-DDC5B9CAE00C}) (Version: 2.14.1 - DISH Anywhere) Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon) DIYPhotoBits.com Camera Control 5.2 (HKLM-x32\...\{6A5B1D32-CC86-4689-B43C-AD52A9B8773B}) (Version: 5.2 - Raymond Lowe) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Scribe (HKLM-x32\...\Scribe) (Version: - NCH Software) Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline) Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard) HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) HPISDataManager (HKLM-x32\...\{A682ACFC-C295-44F9-B745-6656B3272E7D}) (Version: 1.0.0.27 - Hewlett-Packard Company) Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IHA_MessageCenter (HKLM-x32\...\{329445EA-EBA3-45A0-A7A7-B6A6555DB881}) (Version: 1.8.53 - Verizon) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Lightroom Duplicate Finder (HKLM-x32\...\{0DEC74F4-6F45-45C9-96D5-1DC666A01B4C}) (Version: 1.0.2802 - Jim Keir) LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) Network Recording Player (HKLM-x32\...\{0E6B3568-2337-4429-9E14-0D9D8157D45A}) (Version: 2.23.2500 - Cisco WebEx LLC) Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.0.7 - Google) NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9793 - NVIDIA Corporation) NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.) Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.) Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software) Perfect Photo Suite 7.5 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09C}) (Version: 7.5 - onOne Software) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Portrait Professional 11.3 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.3 - Anthropics Technology Ltd.) PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden ProtectStar Data Shredder v2.1 (HKLM-x32\...\{7A0AFAD4-6266-4A8B-8716-2E6EA710DEEF}) (Version: 2.1.1139 - ProtectStar Inc.) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) Rhapsody (HKCU\...\8aa854a199af1b36) (Version: 6.3.4.0 - Rhapsody International Inc.) Rhapsody (HKLM-x32\...\Rhapsody) (Version: - ) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) Sansa Updater (HKCU\...\Sansa Updater) (Version: - ) Secunia PSI (3.0.0.2004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.2004 - Secunia) SIW version 2010.07.14 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.07.14 - Topala Software Solutions) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1983 - Intuit Inc.) Hidden TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0442 - Intuit Inc.) Hidden TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BD6B5D42-37A7-46A0-912C-E7578E1F03C5}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010 - Leaf Imaging Ltd.) Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (09/28/2010 1.1.0.1) (HKLM\...\0F81152D3B5D40D8F497EC1750B8EFF11FEED116) (Version: 09/28/2010 1.1.0.1 - Phase One / Mamiya) Windows Driver Package - Phase One A/S (WinUSB) USBDevice (05/30/2013 1.12.0.68182) (HKLM\...\1D6C98F8A5FED93B7C062B26DD383655CE271976) (Version: 05/30/2013 1.12.0.68182 - Phase One A/S) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. ) Yankee Clipper III (HKLM-x32\...\Yankee Clipper III) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3650626566-3549966248-3755013030-1003.job => C:\Users\Omega\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003Core.job => C:\Users\Omega\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650626566-3549966248-3755013030-1003UA.job => C:\Users\Omega\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForOmega.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2013-10-01 08:26 - 2013-10-01 08:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2012-07-31 14:16 - 2011-09-08 15:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2009-09-14 18:17 - 2009-09-14 18:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2013-05-22 12:17 - 2013-05-22 12:17 - 00400704 _____ () C:\Users\Omega\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2014-08-03 19:37 - 2014-07-22 14:46 - 03356480 _____ () C:\Users\Omega\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 AlternateDataStreams: C:\Users\Omega\Downloads\noname(1).eml:OECustomProperty AlternateDataStreams: C:\Users\Omega\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ==================== Faulty Device Manager Devices ============= Name: 802.11n Wireless PCI Express Card LAN Adapter Description: 802.11n Wireless PCI Express Card LAN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LITE-ON TECHNOLOGY CORPORATION Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: StorLib bus (virtual storages support) Description: StorLib bus (virtual storages support) Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e} Manufacturer: SugarSync Service: SSCBFS3 Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2014 00:15:00 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/11/2014 00:14:45 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/10/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (08/10/2014 10:58:54 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/10/2014 10:58:38 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/08/2014 02:53:25 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/07/2014 06:42:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: Pen_Tablet.dll_unloaded, version: 0.0.0.0, time stamp: 0x4e694dd7 Exception code: 0xc0000005 Fault offset: 0x63074a98 Faulting process id: 0x19d0 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (08/07/2014 06:40:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2995 Error: (08/07/2014 06:40:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2995 Error: (08/07/2014 06:40:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (08/11/2014 11:45:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/11/2014 11:45:36 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/11/2014 11:43:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (08/10/2014 10:29:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/10/2014 10:29:09 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/10/2014 10:26:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (08/09/2014 04:42:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/09/2014 04:42:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/09/2014 04:39:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (08/09/2014 04:19:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Microsoft Office Sessions: ========================= Error: (11/12/2013 04:48:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4761 seconds with 4380 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2011-01-24 15:34:07.495 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.487 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.456 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.448 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.419 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.412 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.381 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.372 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.338 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-01-24 15:34:07.321 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\33F4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8151.08 MB Available physical RAM: 5494.96 MB Total Pagefile: 16300.34 MB Available Pagefile: 13385.13 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:920.29 GB) (Free:700.05 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.12 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ==================== End Of Log ============================

I have run farbar and am attaching the log files. Thanks for your help. Will

I have been having exactly the same issue, as well as a recurring finding of an astromedia key in my directory. This followed an upgrade of Flash from a bogus site that downloaded a bunch of crap and hijacked my homepage. Here is the log I find every time I run Malawarebytes. Thanks, Will