Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD/ Important security updates won't install‏


  • This topic is locked This topic is locked
30 replies to this topic

#1 nevans07

nevans07

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 AM

Posted 18 August 2014 - 08:51 AM

 
Dear Bleepingcomputer Staff,
 

About 5 weeks ago. I thought all was well. Problems started when updating java on my ninite installer. Emsisoft would no longer install java with ninite. Emsisoft put 4 files in quarantine. I was confused by this but did nothing. A week later 7/20/14 I fell asleep listening to music on windows media player. Only to awake with media player off and a black screen saying nic card is not present or corrupt." I unplugged the computer and turned it back on only to be greeted with my first ever BSOD." My e725 emachine acer notebook came with win 7 pre installed. After much trial and error and dumb luck I got windows to system repair screen. It took 2 and a half full days for my computer to repair corrupt files. I ran chdsk and sfc. Nothing came back on chdsk. Sfc fixed most but not all corrupt files. Ran full scans with Emsisoft, Malwarebytes, and MSEssentials. No malware detected. I ran sfc again and it said problems resolved there are no windows integrity problems. Windows 7 Important Security Update no longer install. I tried hotfixes, SURL, error code 643 trouble shooting update one by one. Nothing worked. Computer hangs at times for no reason. It tells me at times MBAnti exploit, Comodo application startup has closed unexpectedly. Roguekiller hangs at checking services: A2DDA. Only works in safe mode. That's how I got the log to you. I am Not a computer person by any stretch. I am a huge fan of your site. I am at wits end. Please help!!

 

Sincerely Yours,

Nathaniel Evans

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Nate at 8:58:54 on 2014-08-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3002.741 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273605108745l04f4z175r44m20249
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273605108745l04f4z175r44m20249
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067} : DHCPNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067}\13030225F636B60274575637470223 : DHCPNameServer = 4.2.2.2 209.192.129.1
TCP: Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067}\461627B66756C6675647 : DHCPNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067}\D48325B413 : DHCPNameServer = 192.168.1.1 71.250.0.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SynTPEnh] "C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\jkjr2yor.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z138&form=ZGAADF&install_date=20111014&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-7-27 17600]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Nate\Desktop\For when awake\WindowsCleanUp\Run\a2ddax64.sys [2014-7-30 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-3-15 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-3-15 23088]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2010-4-9 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-4-9 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-4-9 48360]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-14 62168]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-7-27 20672]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-10 172344]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-3-15 4754256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-11-5 844320]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-3-15 71472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-3-15 57024]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-5 58880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-5-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-8 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-8 63704]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [?]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2009-9-3 316928]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2009-9-3 62976]
S3 cm_net;C-motech USB Network Adapter Drivers;C:\Windows\System32\drivers\cm_net.sys [2010-5-30 133120]
S3 cm_ser;C-motech USB Serial Port2 Driver;C:\Windows\System32\drivers\cm_ser.sys [2010-5-30 118272]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-4-16 2264280]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-4-16 91352]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-19 56832]
S3 yzceep;yzceep;C:\Program Files\COMODO\COMODO Internet Security\ccekrnl.dat [2014-4-16 168376]
.
=============== Created Last 30 ================
.
2014-08-18 12:56:56    10924376    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{782B7DA9-2C8B-4CD7-A842-08894D853A35}\mpengine.dll
2014-08-15 19:47:25    10924376    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-14 02:17:58    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-14 02:17:54    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-08-13 04:28:04    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6A986319-5A97-455D-8AF2-90C4C47834E5}\gapaengine.dll
2014-08-12 05:54:21    --------    d-----w-    C:\Program Files (x86)\Ruiware
2014-08-09 08:55:17    --------    d-----w-    C:\Users\Nate\AppData\Local\Secunia PSI
2014-08-09 08:51:57    --------    d-----w-    C:\Program Files (x86)\Secunia
2014-08-02 13:57:14    2620928    ----a-w-    C:\Windows\System32\wucltux.dll
2014-08-02 13:55:55    97792    ----a-w-    C:\Windows\System32\wudriver.dll
2014-08-02 13:55:55    92672    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2014-08-02 13:53:22    33792    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2014-08-02 13:53:22    179656    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2014-08-02 13:53:21    198600    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-08-02 13:53:14    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-08-02 13:03:06    30312    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-08-02 13:03:06    --------    d-----w-    C:\ProgramData\RogueKiller
2014-07-27 23:11:06    20672    ----a-w-    C:\Windows\System32\drivers\GUBootStartup.sys
2014-07-27 23:11:00    17600    ----a-w-    C:\Windows\System32\drivers\BootDefragDriver.sys
2014-07-27 23:11:00    118048    ----a-w-    C:\Windows\System32\BootDefrag.exe
2014-07-27 23:10:57    --------    d-----w-    C:\Users\Nate\AppData\Roaming\DiskDefrag
2014-07-27 23:10:56    --------    d-----w-    C:\Users\Nate\AppData\Roaming\GlarySoft
2014-07-27 23:09:27    --------    d-----w-    C:\Program Files (x86)\Glary Utilities 5
2014-07-27 23:08:13    46704    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-07-26 12:03:35    --------    d-----w-    C:\Windows\CheckSur
2014-07-23 20:31:54    --------    d-----w-    C:\Users\Nate\AppData\Roaming\EurekaLab s.a.s
2014-07-22 15:05:54    --------    d-sh--w-    C:\found.000
.
==================== Find3M  ====================
.
2014-08-18 12:54:37    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-07 13:11:34    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-09 14:14:24    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 14:14:24    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-29 12:41:04    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-29 12:33:27    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH:  9:07:23.85 ===============

 

 

 

 

 

 

 

 

 

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Nate [Admin rights]
Mode : Scan -- Date : 08/14/2014  15:14:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\A2DDA -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A2DDA -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\A2DDA -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1    localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++
--- User ---
[MBR] f730546ffdce073a3f0d666421bfbcb3
[BSP] f701716d6416a243068700663178d626 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 25173855 | Size: 101 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25382700 | Size: 226080 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Passport 07A8 USB Device +++++
--- User ---
[MBR] 8752273f349251cedf7c6209cdd11aac
[BSP] 804dbf71ce7b1f906f09fbead2fc17a2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_08022014_092247.log - RKreport_SCN_08022014_091419.logAttached File  attach (2).txt   29.67KB   0 downloads



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 AM

Posted 22 August 2014 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  •  
    IMPORTANT
     
    • If you click the Clean button all items listed in the report will be removed.
     
    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
     
    • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the  version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #3 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 23 August 2014 - 04:19 AM

    I am Sooo thankful and grateful for your help!!! Nasdaq Thank You. Thank You for taking the time. Nasdaq I Really appreciate your Help.

     

    Here are the logs requested. I wasn't sure what to clean on adwcleaner. So I just closed it. To answer your question computer sporadically hangs or freezes intermittenly still. Important Security updates still Do Not install. I have files quarantined in Emsisoft I don't understand since I tried to update firefox, java, glary utilities using Ninite installer 6 weeks ago.Roguekiller only works in safe mode. It hangs at Services: A2DDA in Normal Mode. A week later the computer crashed.

     

    # AdwCleaner v3.308 - Report created 23/08/2014 at 04:32:11
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Nate - NATE-PC
    # Running from : C:\Users\Nate\Desktop\For when awake\WindowsCleanUp\adwcleaner_3.308Latest!!!!.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\jkjr2yor.default\prefs.js ]


    -\\ Google Chrome v36.0.1985.143

    *************************

    AdwCleaner[R0].txt - [2890 octets] - [15/03/2014 07:38:12]
    AdwCleaner[R10].txt - [1304 octets] - [23/08/2014 04:32:11]
    AdwCleaner[R1].txt - [1688 octets] - [15/03/2014 08:01:57]
    AdwCleaner[R2].txt - [1149 octets] - [15/03/2014 08:12:26]
    AdwCleaner[R3].txt - [1269 octets] - [15/03/2014 08:23:11]
    AdwCleaner[R4].txt - [1390 octets] - [15/03/2014 08:40:53]
    AdwCleaner[R5].txt - [1510 octets] - [15/03/2014 10:34:07]
    AdwCleaner[R6].txt - [1630 octets] - [18/03/2014 16:09:15]
    AdwCleaner[R7].txt - [1748 octets] - [19/03/2014 09:10:53]
    AdwCleaner[R8].txt - [2189 octets] - [01/05/2014 11:16:24]
    AdwCleaner[R9].txt - [1799 octets] - [14/08/2014 15:25:53]
    AdwCleaner[S0].txt - [2977 octets] - [15/03/2014 07:50:59]
    AdwCleaner[S1].txt - [1767 octets] - [15/03/2014 08:04:11]
    AdwCleaner[S2].txt - [1211 octets] - [15/03/2014 08:14:57]
    AdwCleaner[S3].txt - [1331 octets] - [15/03/2014 08:26:10]
    AdwCleaner[S4].txt - [1451 octets] - [15/03/2014 08:42:37]
    AdwCleaner[S5].txt - [1571 octets] - [15/03/2014 10:36:12]
    AdwCleaner[S6].txt - [1691 octets] - [18/03/2014 16:11:26]
    AdwCleaner[S7].txt - [1809 octets] - [19/03/2014 09:13:01]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [2385 octets] ##########
     

     

    FRST Notepad:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
    Ran by Nate (administrator) on NATE-PC on 23-08-2014 04:44:21
    Running from C:\Users\Nate\Desktop\For when awake\WindowsCleanUp
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
    (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    (Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
    (Farbar) C:\Users\Nate\Desktop\For when awake\WindowsCleanUp\FRST64RecoveryScanToolLatest!!!.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4857256 2014-08-13] (Emsisoft GmbH)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2903082870-3299367565-4098537659-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-05] (Google Inc.)
    HKU\S-1-5-21-2903082870-3299367565-4098537659-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-13] (SUPERAntiSpyware)
    HKU\S-1-5-21-2903082870-3299367565-4098537659-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-03] (Glarysoft Ltd)
    HKU\S-1-5-21-2903082870-3299367565-4098537659-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
    HKU\S-1-5-21-2903082870-3299367565-4098537659-1001\...\MountPoints2: E - E:\SoftwareDownloader.exe
    HKU\S-1-5-21-2903082870-3299367565-4098537659-1001\...\MountPoints2: {58e6926d-f52c-11e2-a06c-705ab614b561} - E:\SoftwareDownloader.exe
    BootExecute: autocheck autochk *  BootDefrag.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273605108745l04f4z175r44m20249
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273605108745l04f4z175r44m20249
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273605108745l04f4z175r44m20249
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
    SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS379US380
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS379US380
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Hosts: 127.0.0.1    localhost
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12

    FireFox:
    ========
    FF ProfilePath: C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\jkjr2yor.default
    FF Homepage: hxxp://www.google.com
    FF Keyword.URL: hxxp://www.bing.com/search?pc=Z138&form=ZGAADF&install_date=20111014&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

    Chrome:
    =======
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4754256 2014-08-13] (Emsisoft GmbH)
    S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed]
    R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
    R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
    S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
    R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
    S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-30] (SurfRight B.V.)
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
    S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
    R1 A2DDA; C:\USERS\NATE\DESKTOP\FOR WHEN AWAKE\WINDOWSCLEANUP\RUN\a2ddax64.sys [26176 2014-03-14] (Emsisoft GmbH)
    R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
    R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
    S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [316928 2009-09-03] (Beceem communications pvt ltd.)
    S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2009-09-03] (Beceem communications pvt ltd.)
    R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
    R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
    S3 cm_net; C:\Windows\System32\DRIVERS\cm_net.sys [133120 2008-05-29] (C-motech Co.,Ltd.)
    S3 cm_ser; C:\Windows\System32\DRIVERS\cm_ser.sys [118272 2008-05-29] (C-motech Co.,Ltd.)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-12] (Glarysoft Ltd)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-08-07] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-23] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2009-09-25] (Research in Motion Ltd)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [34304 2009-12-02] ()
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-18] ()
    S3 yzceep; C:\Program Files\COMODO\COMODO Internet Security\ccekrnl.dat [168376 2014-03-25] (COMODO)
    S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-23 04:39 - 2014-08-23 04:44 - 00000000 ____D () C:\FRST
    2014-08-23 04:36 - 2014-08-23 04:36 - 00002470 _____ () C:\Users\Nate\Desktop\AdwCleaner[R10].txt
    2014-08-13 22:17 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-13 22:17 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-12 01:54 - 2014-08-12 01:54 - 00000000 ____D () C:\Program Files (x86)\Ruiware
    2014-08-09 13:13 - 2014-08-09 13:27 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(4).diagcab
    2014-08-09 04:55 - 2014-08-09 04:55 - 00000000 ____D () C:\Users\Nate\AppData\Local\Secunia PSI
    2014-08-09 04:51 - 2014-08-11 19:20 - 00000000 ____D () C:\Program Files (x86)\Secunia
    2014-08-09 04:46 - 2014-08-09 04:46 - 00000888 _____ () C:\Users\Nate\Documents\SecurityCheckcheckup.txt
    2014-08-06 14:19 - 2014-08-08 18:36 - 00000000 ____D () C:\Users\Nate\Desktop\Limitless
    2014-08-04 14:54 - 2014-08-04 16:01 - 00000000 ____D () C:\Users\Nate\Desktop\Culinary Genius
    2014-08-02 09:57 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-08-02 09:57 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-08-02 09:57 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-08-02 09:57 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-08-02 09:55 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-08-02 09:55 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-08-02 09:55 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-08-02 09:55 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-08-02 09:55 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-08-02 09:55 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-08-02 09:53 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-08-02 09:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-08-02 09:53 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-08-02 09:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-08-02 09:03 - 2014-08-18 09:15 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-02 09:03 - 2014-08-02 09:03 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-02 08:43 - 2014-08-04 12:01 - 00000000 ____D () C:\Users\Nate\Desktop\RK_Quarantine
    2014-07-31 09:22 - 2014-07-31 09:23 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(3).diagcab
    2014-07-31 09:22 - 2014-07-31 09:22 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(2).diagcab
    2014-07-30 20:33 - 2014-07-30 20:34 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic.diagcab
    2014-07-30 20:33 - 2014-07-30 20:34 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(1).diagcab
    2014-07-30 16:28 - 2014-07-30 16:28 - 00000809 _____ () C:\Users\Nate\Desktop\Emsisoft Emergency Kit.lnk
    2014-07-29 17:28 - 2014-07-29 17:28 - 00033663 _____ () C:\Users\Nate\Documents\CisReport_x64_v7.0.317799.4142_20140729-172814.zip
    2014-07-27 19:11 - 2014-08-12 01:19 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2014-07-27 19:11 - 2014-08-12 01:19 - 00001093 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2014-07-27 19:11 - 2014-08-12 01:18 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
    2014-07-27 19:11 - 2014-08-12 01:18 - 00002968 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
    2014-07-27 19:11 - 2014-08-12 01:18 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
    2014-07-27 19:11 - 2014-08-12 01:18 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
    2014-07-27 19:11 - 2014-07-27 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
    2014-07-27 19:11 - 2014-07-20 23:01 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
    2014-07-27 19:11 - 2014-07-18 03:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
    2014-07-27 19:10 - 2014-08-19 08:54 - 00000000 ____D () C:\Users\Nate\AppData\Roaming\DiskDefrag
    2014-07-27 19:10 - 2014-07-27 19:10 - 00000000 ____D () C:\Users\Nate\AppData\Roaming\GlarySoft
    2014-07-27 19:09 - 2014-08-23 01:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
    2014-07-27 19:09 - 2014-07-27 19:09 - 00001890 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    2014-07-27 19:09 - 2014-07-27 19:09 - 00001878 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
    2014-07-27 19:09 - 2014-07-27 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    2014-07-27 19:08 - 2014-07-27 19:09 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
    2014-07-27 18:50 - 2014-07-27 18:50 - 00270848 _____ (Secure By Design Inc.) C:\Users\Nate\Desktop\Ninite Essentials Firefox Glary ImgBurn QuickTime Installer.exe
    2014-07-27 18:19 - 2014-07-27 18:20 - 00032203 _____ () C:\HijackPatrol.log
    2014-07-26 13:50 - 2014-07-26 13:50 - 00985600 _____ () C:\Users\Nate\Downloads\MicrosoftFixit50123(1).msi
    2014-07-26 08:03 - 2014-07-26 08:03 - 00000000 ____D () C:\Windows\CheckSur

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-23 04:44 - 2014-08-23 04:39 - 00000000 ____D () C:\FRST
    2014-08-23 04:36 - 2014-08-23 04:36 - 00002470 _____ () C:\Users\Nate\Desktop\AdwCleaner[R10].txt
    2014-08-23 04:34 - 2014-03-15 07:38 - 00000000 ____D () C:\AdwCleaner
    2014-08-23 04:30 - 2014-03-13 07:18 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
    2014-08-23 04:27 - 2010-05-16 00:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-23 04:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
    2014-08-23 04:13 - 2013-02-15 10:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-23 04:09 - 2014-04-08 20:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-23 03:29 - 2010-01-17 11:02 - 01538490 _____ () C:\Windows\WindowsUpdate.log
    2014-08-23 01:56 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-23 01:56 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-23 01:55 - 2010-05-21 23:54 - 00000000 ____D () C:\ProgramData\TEMP
    2014-08-23 01:52 - 2014-04-03 15:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-08-23 01:52 - 2010-05-21 23:54 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-08-23 01:50 - 2014-07-27 19:09 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
    2014-08-23 01:48 - 2010-05-16 00:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-23 01:37 - 2010-05-27 06:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-08-23 01:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-23 01:36 - 2013-01-24 12:09 - 00048664 _____ () C:\Windows\setupact.log
    2014-08-23 00:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-19 08:54 - 2014-07-27 19:10 - 00000000 ____D () C:\Users\Nate\AppData\Roaming\DiskDefrag
    2014-08-18 09:15 - 2014-08-02 09:03 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-18 08:56 - 2014-06-21 04:33 - 00000000 ____D () C:\Users\Nate\Desktop\NateE
    2014-08-18 07:44 - 2009-07-14 00:45 - 00446360 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-14 17:49 - 2014-03-14 12:42 - 00000000 ____D () C:\Users\Nate\Desktop\RealPCSecurity
    2014-08-14 15:45 - 2014-05-31 12:30 - 00000000 ____D () C:\Users\Nate\Desktop\For when awake
    2014-08-14 06:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-14 03:01 - 2009-11-05 13:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-08-14 01:17 - 2013-08-14 13:25 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-14 00:51 - 2010-05-16 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-13 22:53 - 2014-05-06 15:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-13 15:34 - 2010-05-21 15:09 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-13 14:45 - 2014-06-11 15:56 - 00000000 ____D () C:\Users\Nate\Desktop\wkout
    2014-08-12 02:51 - 2013-01-31 18:49 - 00776776 _____ () C:\Windows\PFRO.log
    2014-08-12 02:01 - 2013-01-24 10:39 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-08-12 02:01 - 2013-01-24 10:39 - 00000831 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-08-12 02:01 - 2013-01-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-08-12 02:01 - 2013-01-24 10:39 - 00000000 ____D () C:\Program Files\CCleaner
    2014-08-12 01:54 - 2014-08-12 01:54 - 00000000 ____D () C:\Program Files (x86)\Ruiware
    2014-08-12 01:54 - 2014-03-19 02:32 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-08-12 01:54 - 2010-05-21 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
    2014-08-12 01:19 - 2014-07-27 19:11 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2014-08-12 01:19 - 2014-07-27 19:11 - 00001093 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2014-08-12 01:18 - 2014-07-27 19:11 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
    2014-08-12 01:18 - 2014-07-27 19:11 - 00002968 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
    2014-08-12 01:18 - 2014-07-27 19:11 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
    2014-08-12 01:18 - 2014-07-27 19:11 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
    2014-08-11 19:20 - 2014-08-09 04:51 - 00000000 ____D () C:\Program Files (x86)\Secunia
    2014-08-09 13:27 - 2014-08-09 13:13 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(4).diagcab
    2014-08-09 07:38 - 2014-04-02 19:29 - 00000000 ____D () C:\Users\Nate\AppData\Local\CrashDumps
    2014-08-09 04:55 - 2014-08-09 04:55 - 00000000 ____D () C:\Users\Nate\AppData\Local\Secunia PSI
    2014-08-09 04:46 - 2014-08-09 04:46 - 00000888 _____ () C:\Users\Nate\Documents\SecurityCheckcheckup.txt
    2014-08-08 18:36 - 2014-08-06 14:19 - 00000000 ____D () C:\Users\Nate\Desktop\Limitless
    2014-08-07 09:19 - 2014-03-14 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-07 09:11 - 2013-04-16 09:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-07 09:04 - 2014-07-04 11:38 - 00000000 ____D () C:\Users\Nate\Desktop\MyNewHypnosisClear
    2014-08-06 22:06 - 2014-08-13 22:17 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-06 22:01 - 2014-08-13 22:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-04 16:01 - 2014-08-04 14:54 - 00000000 ____D () C:\Users\Nate\Desktop\Culinary Genius
    2014-08-04 15:33 - 2014-05-13 03:45 - 00000000 ____D () C:\Users\Nate\Desktop\SM1&2
    2014-08-04 12:01 - 2014-08-02 08:43 - 00000000 ____D () C:\Users\Nate\Desktop\RK_Quarantine
    2014-08-02 09:03 - 2014-08-02 09:03 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-07-31 09:23 - 2014-07-31 09:22 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(3).diagcab
    2014-07-31 09:22 - 2014-07-31 09:22 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(2).diagcab
    2014-07-30 20:34 - 2014-07-30 20:33 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic.diagcab
    2014-07-30 20:34 - 2014-07-30 20:33 - 00302011 _____ () C:\Users\Nate\Downloads\WindowsUpdateDiagnostic(1).diagcab
    2014-07-30 16:28 - 2014-07-30 16:28 - 00000809 _____ () C:\Users\Nate\Desktop\Emsisoft Emergency Kit.lnk
    2014-07-29 17:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-07-29 17:28 - 2014-07-29 17:28 - 00033663 _____ () C:\Users\Nate\Documents\CisReport_x64_v7.0.317799.4142_20140729-172814.zip
    2014-07-28 17:58 - 2014-01-31 13:09 - 00003622 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
    2014-07-28 16:35 - 2012-04-26 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-27 19:11 - 2014-07-27 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
    2014-07-27 19:10 - 2014-07-27 19:10 - 00000000 ____D () C:\Users\Nate\AppData\Roaming\GlarySoft
    2014-07-27 19:09 - 2014-07-27 19:09 - 00001890 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    2014-07-27 19:09 - 2014-07-27 19:09 - 00001878 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
    2014-07-27 19:09 - 2014-07-27 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    2014-07-27 19:09 - 2014-07-27 19:08 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
    2014-07-27 19:08 - 2014-02-17 03:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-27 19:08 - 2011-05-02 11:43 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-07-27 19:08 - 2010-05-21 15:18 - 00001160 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-07-27 18:50 - 2014-07-27 18:50 - 00270848 _____ (Secure By Design Inc.) C:\Users\Nate\Desktop\Ninite Essentials Firefox Glary ImgBurn QuickTime Installer.exe
    2014-07-27 18:48 - 2014-02-06 07:55 - 00000000 ____D () C:\Users\Nate\Desktop\Motivation
    2014-07-27 18:48 - 2013-09-20 19:16 - 00000000 ____D () C:\Users\Nate\Desktop\Youtube Download
    2014-07-27 18:43 - 2013-11-07 17:47 - 00000000 ____D () C:\Users\Nate\Desktop\Griswald2
    2014-07-27 18:20 - 2014-07-27 18:19 - 00032203 _____ () C:\HijackPatrol.log
    2014-07-27 01:59 - 2009-07-14 00:45 - 00046080 _____ () C:\Windows\system32\umstartup.etl
    2014-07-26 13:50 - 2014-07-26 13:50 - 00985600 _____ () C:\Users\Nate\Downloads\MicrosoftFixit50123(1).msi
    2014-07-26 08:03 - 2014-07-26 08:03 - 00000000 ____D () C:\Windows\CheckSur
    2014-07-25 22:54 - 2013-08-28 16:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-07-25 22:54 - 2013-08-28 16:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-07-24 14:02 - 2013-08-28 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

    Files to move or delete:
    ====================
    C:\Users\Nate\Silverlight_x64.exe


    Some content of TEMP:
    ====================
    C:\Users\Nate\AppData\Local\Temp\avgnt.exe
    C:\Users\Nate\AppData\Local\Temp\procexp64.exe
    C:\Users\Nate\AppData\Local\Temp\SAS6_Update.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-21 23:10

    ==================== End Of Log ============================

     

     

    Addition Notepad:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
    Ran by Nate at 2014-08-23 04:46:07
    Running from C:\Users\Nate\Desktop\For when awake\WindowsCleanUp
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
    Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.1.0.126 - Amazon.com)
    Amazon Unbox Video (x32 Version: 2.1.0.126 - Amazon.com) Hidden
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.1.528 - Online Media Technologies Ltd.)
    AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.1.487 - Online Media Technologies Ltd.)
    AVS DVD Copy version 4.1.1 (HKLM-x32\...\AVS DVD Copy_is1) (Version:  - Online Media Technologies Ltd.)
    AVS DVDMenu Editor 1.2.1.19 (HKLM-x32\...\AVS DVDMenu Editor_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.4.2.241 - Online Media Technologies Ltd.)
    AVS Video Tools 5.6 (HKLM-x32\...\AVS Video Tools 5_is1) (Version:  - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
    Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
    COMODO Internet Security (HKLM\...\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}) (Version: 4.0.10770.828 - COMODO Group Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
    eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
    eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
    eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0805 - eMachines Incorporated)
    eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
    Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
    File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
    Fritz11 (HKLM-x32\...\{1A637513-CC46-4C3B-8114-1E4F1D71CF42}) (Version: 11.0 - ChessBase)
    Fritz11 (x32 Version: 11.0 - ChessBase) Hidden
    Glary Utilities 5.5 (HKLM-x32\...\Glary Utilities 5) (Version: 5.5.0.12 - Glarysoft Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
    Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.02 - eMachines)
    Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
    NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
    NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
    NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
    VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
    Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3009 - Acer Incorporated)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2014-03-19 09:07 - 00000741 ___RA C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1    localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {04D7A63A-DDEB-4642-9C66-0991E5C8FA8B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {1314C8C6-E8A5-40F9-A65C-5A8D42EB9878} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2903082870-3299367565-4098537659-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {37274B94-1B80-484E-BC04-5EA03A70562C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3A2B689B-D630-4822-9DA1-159FAD0BD06F} - System32\Tasks\{1147920C-96E9-4271-B413-4C65AEA84062} => C:\Windows\WindowsMobile\wmdc.exe [2007-05-31] (Microsoft Corporation)
    Task: {409D34CF-8FDF-41B8-AAB2-1C2D1D32D895} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {43EC2FCA-5DB6-46D2-9C06-535267AF7658} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {5ADC52B0-ABB2-4867-A43F-50474FCA80A4} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-08-03] (Glarysoft Ltd)
    Task: {6849F6F4-6221-4D01-9EC7-DD6A0DA82247} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {73DF6537-A692-44A7-B915-10B08490D336} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {7C1B052F-A9FB-4B52-AD60-F7110F3D53C0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
    Task: {89D1E63A-19CF-4A3C-959D-8396E406277D} - System32\Tasks\SpywareBlaster AutoUpdate => C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe [2013-03-01] ()
    Task: {A4AB1747-FDF9-4D52-A788-610027756DC0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {A9B8F980-0333-4E61-B151-5C9AE2FA0A55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16] (Google Inc.)
    Task: {BC37E41F-C16B-4003-ABD5-CE2B01637EF1} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {CF48DCDE-7C87-48B6-A868-A3E90C926FAB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2903082870-3299367565-4098537659-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {D36671D0-97FB-4F7C-8FF2-179B47C81DE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
    Task: {DB6B5AA1-0688-4424-912B-9D1BDC66FA2C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {F0588141-8865-4CA1-922D-F6DDB073D7DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16] (Google Inc.)
    Task: {F2B744E6-7C36-433E-993F-11DDA6B22270} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-08-03] (Glarysoft Ltd)
    Task: {F7ABC48B-78A6-48FD-AA8E-8D9C3D6B5ADB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-06-18 09:16 - 2014-08-23 03:35 - 00746536 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
    2014-02-13 21:13 - 2014-02-13 21:13 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
    2011-10-20 16:41 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2014-08-03 21:42 - 2014-08-03 21:42 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\Users\Nate\Downloads\Fwd Important Tax Return Document (18681270009)(1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\Nate\Downloads\Fwd Important Tax Return Document (18681270009).eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/23/2014 04:23:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

    Error: (08/23/2014 04:12:08 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: UIAutomationTypes, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

    Error: (08/23/2014 02:51:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.17207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1bc

    Start Time: 01cfbe97b5e7ed2d

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id:

    Error: (08/23/2014 01:52:22 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020

    Error: (08/23/2014 01:40:30 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .

    Error: (08/23/2014 01:40:29 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Windows.Forms, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .

    Error: (08/23/2014 01:40:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Data, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=amd64" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .

    Error: (08/23/2014 01:40:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .

    Error: (08/23/2014 01:40:15 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Xml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .

    Error: (08/23/2014 01:40:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Drawing.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .


    System errors:
    =============
    Error: (08/23/2014 02:27:25 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

    Error: (08/23/2014 02:27:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

    Error: (08/23/2014 01:44:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows 7 for x64-based Systems (KB2978668).

    Error: (08/23/2014 01:44:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2976627).

    Error: (08/23/2014 01:44:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2980245).

    Error: (08/23/2014 01:44:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows 7 for x64-based Systems (KB2976897).

    Error: (08/23/2014 01:44:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows 7 for x64-based Systems (KB2918614).

    Error: (08/23/2014 01:44:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2981580).

    Error: (08/23/2014 01:44:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2937610).

    Error: (08/23/2014 01:44:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows 7 for x64-based Systems (KB2978742).


    Microsoft Office Sessions:
    =========================
    Error: (12/06/2011 09:46:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54 seconds with 0 seconds of active time.  This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
      Date: 2010-06-01 18:13:53.947
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-06-01 18:13:53.931
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-06-01 18:13:53.744
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-06-01 18:13:53.728
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-06-01 15:50:04.195
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-06-01 15:50:04.195
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-06-01 15:50:04.179
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-06-01 15:50:04.179
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-05-31 15:15:32.179
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2010-05-31 15:15:32.179
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
    Percentage of memory in use: 51%
    Total physical RAM: 3001.98 MB
    Available physical RAM: 1466.95 MB
    Total Pagefile: 6002.13 MB
    Available Pagefile: 3438.23 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:220.78 GB) (Free:17.29 GB) NTFS
    Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:119.79 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BF61A751)
    Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
    Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    Attached File  Addition.txt   40.19KB   1 downloads



    #4 nasdaq

    nasdaq

    • Malware Response Team
    • 38,246 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:52 AM

    Posted 23 August 2014 - 07:59 AM

     
    You can trust AdwCleaner, run it one more time and clean everything found.
    ===
     
     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
     
    start
     
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
    S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
     
    End
    
     
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     

    Roguekiller hangs at checking services: A2DDA
    This driver is related to the Emsisoft Direct Disk Access Support Driver from Emsi Software GmbH.
     
    Is it because your Emisoft software is disable?
    Is the Driver damaged?
    I do not know.
     
    The fix above will remove the policy restrictions.
     
    After running the fix and a restart of the computer let me know what problem persists.
    Will take it from there.
     
     
     
     
     
     
     
     
     
     
     
     


    #5 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 23 August 2014 - 03:45 PM

    Dear Nasdaq,

    I'm writing to you with my cell phone. Unfortunately I work weekends. I don't have access to my computer. I will respond to you in full Monday morning. I can't thank you enough for your help. I really appreciate it Nasdaq. :)



    #6 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 25 August 2014 - 11:03 AM

    Hi Nasdaq!

    Here is the log as requested. I'm running windows update right now.

    Fingers crossed!

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
    Ran by Nate at 2014-08-25 09:07:32 Run:1
    Running from C:\Users\Nate\Desktop\New folder (FRST2)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************


    start
     
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
    S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
     
    End
    *****************

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.60.2" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    clr_optimization_v4.0.30319_32 => Service deleted successfully.
    Lavasoft Kernexplorer => Service deleted successfully.
    Lbd => Service deleted successfully.
    PCTINDIS5X64 => Service deleted successfully.
    C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

    ==== End of Fixlog ====



    #7 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 25 August 2014 - 11:05 AM

    # AdwCleaner v3.308 - Report created 23/08/2014 at 12:41:34
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Nate - NATE-PC
    # Running from : C:\Users\Nate\Desktop\For when awake\WindowsCleanUp\adwcleaner_3.308Latest!!!!.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\jkjr2yor.default\prefs.js ]


    -\\ Google Chrome v36.0.1985.143

    *************************

    AdwCleaner[R0].txt - [2890 octets] - [15/03/2014 07:38:12]
    AdwCleaner[R10].txt - [2470 octets] - [23/08/2014 04:32:11]
    AdwCleaner[R11].txt - [2531 octets] - [23/08/2014 11:19:42]
    AdwCleaner[R1].txt - [1688 octets] - [15/03/2014 08:01:57]
    AdwCleaner[R2].txt - [1149 octets] - [15/03/2014 08:12:26]
    AdwCleaner[R3].txt - [1269 octets] - [15/03/2014 08:23:11]
    AdwCleaner[R4].txt - [1390 octets] - [15/03/2014 08:40:53]
    AdwCleaner[R5].txt - [1510 octets] - [15/03/2014 10:34:07]
    AdwCleaner[R6].txt - [1630 octets] - [18/03/2014 16:09:15]
    AdwCleaner[R7].txt - [1748 octets] - [19/03/2014 09:10:53]
    AdwCleaner[R8].txt - [2189 octets] - [01/05/2014 11:16:24]
    AdwCleaner[R9].txt - [1799 octets] - [14/08/2014 15:25:53]
    AdwCleaner[S0].txt - [2977 octets] - [15/03/2014 07:50:59]
    AdwCleaner[S1].txt - [1767 octets] - [15/03/2014 08:04:11]
    AdwCleaner[S2].txt - [1211 octets] - [15/03/2014 08:14:57]
    AdwCleaner[S3].txt - [1331 octets] - [15/03/2014 08:26:10]
    AdwCleaner[S4].txt - [1451 octets] - [15/03/2014 08:42:37]
    AdwCleaner[S5].txt - [1571 octets] - [15/03/2014 10:36:12]
    AdwCleaner[S6].txt - [1691 octets] - [18/03/2014 16:11:26]
    AdwCleaner[S7].txt - [1809 octets] - [19/03/2014 09:13:01]
    AdwCleaner[S8].txt - [2457 octets] - [23/08/2014 12:41:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2517 octets] ##########
     



    #8 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 25 August 2014 - 12:45 PM

    Out of 12 windows updates. 3 failed installation.

    They were Security Update for Microsoft. Net Framework 4.5.1 on Windows 7 for all 3. Error code 643.

    Thanks again for your help. What to do?

     



    #9 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 26 August 2014 - 02:58 AM

    RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User : Nate [Admin rights]
    Mode : Scan -- Date : 08/26/2014  01:05:25

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\A2DDA -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A2DDA -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\A2DDA -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DFC94393-6714-4C18-9BD9-5E8E5382B067} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1    localhost

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++
    --- User ---
    [MBR] f730546ffdce073a3f0d666421bfbcb3
    [BSP] f701716d6416a243068700663178d626 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 25173855 | Size: 101 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25382700 | Size: 226080 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WD My Passport 07A8 USB Device +++++
    --- User ---
    [MBR] 8752273f349251cedf7c6209cdd11aac
    [BSP] 804dbf71ce7b1f906f09fbead2fc17a2 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_DEL_08022014_092247.log - RKreport_SCN_08022014_091419.log - RKreport_SCN_08142014_151427.log



    #10 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 26 August 2014 - 03:06 AM

    Emsisoft Quarantine list:

     

    Emsisoft Anti-Malware v. 9.0.0.4324
    © 2003-2014 Emsisoft - www.emsisoft.com

    ID   Object
    0    C:\Windows\SysNative\conhost.exe  Bad reputation
    1    C:\Windows\SysNative\conhost.exe  Bad reputation
    2    C:\Windows\SysNative\taskhost.exe  Bad reputation
    3    C:\Windows\SysNative\wuauclt.exe  Bad reputation
    4    C:\Windows\SysNative\DeviceDisplayObjectProvider.exe  Bad reputation



    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 38,246 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:52 AM

    Posted 26 August 2014 - 08:32 AM



    They were Security Update for Microsoft. Net Framework 4.5.1 on Windows 7 for all 3. Error code 643.

    Refer to this Microsoft Article and run the Suggested fix.
    http://support.microsoft.com/kb/976982

    When completed Restart the computer normally.

    Try to get the missing updates.

    #12 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 27 August 2014 - 07:31 AM

    Nasdaq you are tha FREAKIN MAN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

     

    WOW. YOUR NOT PLAYIN.' Thank you Sooo much!!!!!!!!!!!!!!!!!!

     

    Is there a papypal option where I can show a lil bit of my appreciation?

     

    Thanks,

    Nate

     

    What  should I do about the Roguekiller registry found and Emsisoft quarantined files?

     

    What do you think caused the computer to crash in the first place?" Should I update Java or don't use it at all anymore?

     

     

    Nasdaq, I really can't thank you enough!"

    Hey Nasdaq my wife/mother in law has a similar type problem on their computer. They know less about computers than me. Only difference is their computer never crashed. Update for Windows 7 for x64 -based Systems (KB2981580) and Update for Microsoft Office 2013 KB (KB2883036) 64- Bit Edition don't install. Unlike the .Net Framework Fix that you used that worked for my computer. The av programs recently started shutting down unexpectedly. For ex. After a while it will say Comody Security Agent is not started. Comodo Security Agent process will be terminated. Malwarebytes Anti-Exploit Protection is not started. The Anti-Exploit process will be terminated. Then it says Press OK.

    Emsisoft and Malwarebytes full scan- no malware detected.Roguekiller finds a few things. Also they tell me about 2 weeks ago their hotmail email font unexpectedly shrinks to an obscenely small font unexpectedly without prompt. Nasdaq can you please help. ;) Please.

     

    DDS seems to work. But disappers and doesn't produce any logs???



    #13 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 27 August 2014 - 07:41 AM

    RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User : PhyllisSharontreat [Admin rights]
    Mode : Scan -- Date : 08/27/2014  07:59:24

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST500LT012-9WS142 ATA Device +++++
    --- User ---
    [MBR] 3aa157e9345ad2144492d35dd97cb73e
    [BSP] e572e7a922781d0b3496edcced3a24eb : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
    --- User ---
    [MBR] 78cec56937d1e8b2b9b2b715699feee5
    [BSP] 58f090cd316ecb1b9ccd74bd3e4ad32f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715371 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

     

     

     

    Emsisoft Anti-Malware v. 9.0.0.4324
    © 2003-2014 Emsisoft - www.emsisoft.com

    ID   Object
    0    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
    1    C:\Windows\SysNative\conhost.exe detected: Bad reputation
    2    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
    3    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)



    ============================================
    RKreport_SCN_08042014_164048.log



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 38,246 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:52 AM

    Posted 27 August 2014 - 09:58 AM

    Is there a papypal option where I can show a lil bit of my appreciation?

    My services are free. Thank your for the offer.
    If you can help I suggest you send you money to one of the owner of the tools we used.
    The are helping us making this service easier believe me.
    ===

    What should I do about the Roguekiller registry found and Emsisoft quarantined files?


    Just delete the RogueKiller tool and the files that were created with it.

    Emisoft I'm not familiar with this tool.
    Check the option in the menu and see if you have a way to clean the quarantine folder.

    This topic might Help.
    http://www.bleepingcomputer.com/virus-removal/how-to-use-emsisoft-anti-malware-tutorial
    ===

    Should I update Java or don't use it at all anymore?

    If you do not need it do not install it.

    If a program needs it and you are requested to install make sure you get it from this site only.
    Do not use the link suggested in the message.

    You can manually check your present version and update as recommended.
    https://www.java.com/en/download/installed.jsp

    Be careful not to install malware posing as Java update!
    Important read this blog.
    http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/
    ===

    What do you think caused the computer to crash in the first place.

    Unable to find out without the exact error message.
    If it does happen make a note of the exact error message and post it.
    It could give us some clues.
    ===

    Hey Nasdaq my wife/mother in law has a similar type problem on their computer. They know less about computers than me. Only difference is their computer never crashed. Update for Windows 7 for x64 -based Systems (KB2981580) and Update for Microsoft Office 2013 KB (KB2883036) 64- Bit Edition don't install.

    We do not service two computer in the same topic.

    She or you if possible can start a new topic and run the tools I suggested in my post no 2.
    When done copy the URL link here and I will expedite the matter.

    #15 nevans07

    nevans07
    • Topic Starter

    • Members
    • 300 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:52 AM

    Posted 27 August 2014 - 07:34 PM

    Wow. You are the man! I'm so happy I joined. Thank you for all your help!

    3 questions.
    1-How do I go about getting the error logs? It crashed on 7/20/14.

    2-I'm sorry I want to make sure I understand what you mean. I'm a computer novice.  Better to be safe than sorry. I was referring to the registry entries Roguekiller x64 detected in it's scan. Are you saying it's OK to delete them? And also delete the Roguekiller removal tool? On the last question. If yes, why?

    3- I was doing a full scan with Emsisoft this morning. I checked off scan not just archived folders. Near the middle of the scan it unexpectedly shut down and the screen went blank only showing the picture of the background screen. No start icon. Nothing. I unplugged. Turned it back on. Went to Emsisoft and checked off scan only archived folders. It scans normal. After a while Emsisoft hangs. Windows Media Player doesn't play. Just hangs. Swirling circle for hrs. I unplugged. I had to go to work. I'm writing to you on my cell phone now. What to do Nasdaq??

    Big Thanks,
    Nate




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users