Unable to Install Windows Update

niw · Oct 24, 2015

I am having issue installing windows update. I had issue with "black screen after session opening or when I logon to the desktop", hence I have not use or update the desktop for about four to five months. It looks like the black screen issue has been fix with the help of Sysnative tech (Corine). Now I'm having issue installing Windows updates.
I followed the instructions in (https://support.microsoft.com/en-us/kb/971058#/en-us/kb/971058) except the step 4. Some ittems in step 6 were not successful. I have also run the SFCfix tool, the issue still persist. Here is the result:

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-10-24 17:34:48.082
Microsoft Windows Vista Service Pack 2 - x86
Not using a script file.

AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2015-10-24 17:40:11.283
----------------------EOF-----------------------

Snickers · Oct 25, 2015

Hi niw & welcome to the forum.

Please post your CBS.log

Export CBS folder

On Windows 8, press the Windows key, type This PC, and press Enter.
On Windows Vista/7, click the Start button

then click Computer.
Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
Find and double click on the Logs folder.
Right-click on the CBS folder, and select Copy.
Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.

niw · Oct 25, 2015

Thank you for reviewing my issue, and providing hints on ways to resolve it. Please see attached for a copy of the CBS files.

niw · Oct 27, 2015

Hi WBEN353,

Have you been able to review the CBS log file you requested? I would like to know if you were able to find any issue or not from the log file, and any new ideal on what I should do to hopefully resolve this issue. Thank you for your help.

Corrine · Oct 27, 2015

Hi, niw.

wben353 is not trained in helping with Windows Update issues and, thus, not authorized to assist. He merely noticed that the CBS log was missing from your post and provided instructions for attaching the file. The trained expertsare very busy but someone will get to you as soon as possible. However, if you wish, since it is over 48 hours, you may a link to this thread in the Not Received Help?.

BrianDrab · Oct 28, 2015

Hi niw -

I'll be working with you on your issue. I've reviewed you logs. Please do the following.

Step#1 - System Update Readiness Tool (SUR)
1. Download and run the following file.
2. When it asks you if you wish to install, please answer yes. Note: It could take 15 minutes or more to run. Please don't cancel.
3. You will get an Installation Complete screen when it's done running.
4. Please attach the log from the following location. C:\Windows\Logs\CBS\CheckSUR.log
Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

niw · Oct 29, 2015

Attached please find the information you requested.

BrianDrab · Oct 29, 2015

Thanks for the information. When you go to Windows Updates, are you able to check for updates? Or does it fail when checking for updates too? Is it just attempting to install the update?

niw · Oct 30, 2015

It fails when checking for updates, so I have not been able to download/install Windows updates.

BrianDrab · Oct 30, 2015

Thanks. Please do the following.

Step#1 - Run Windows Repairs
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...

3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.

6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
7. When the program opens, click the Repairs tab and click the Open Repairs button.
8. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
9. Please click the Unselect All button and then click to enable only the following ones:

05 - Repair WMI
06 - Repair Windows Firewall
10 - Remove Policies Set By Infection
14 - Remove Temp Files
15 - Repair Proxy Settings
17 - Repair Windows Updates

10. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.

11. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.

niw · Oct 31, 2015

Thank you for taking time to provide possible fix solution to this issue. I ran the tool as instructed, but the issue is still not resolve at this time. Any further help will be appreciated.

BrianDrab · Oct 31, 2015

Please do the following.

Step#1 - Retrieve Event Log Messages
1. Download Event Viewer Tool by Vino Rosso to your Desktop
2. Right-click on the file (VEW.exe) and select Run as administrator.
3. Check the options as shown below and put 20 in for the number of events.
4. Click Run. After a few moments, notepad will open with the contents of the Event Logs. Please copy and paste these in your next post. Thank you.

niw · Nov 2, 2015

BrianDrab said:
Please do the following.

Step#1 - Retrieve Event Log Messages
1. Download Event Viewer Tool by Vino Rosso to your Desktop
2. Right-click on the file (VEW.exe) and select Run as administrator.
3. Check the options as shown below and put 20 in for the number of events.
4. Click Run. After a few moments, notepad will open with the contents of the Event Logs. Please copy and paste these in your next post. Thank you.

For some reasons I could not open the screenshot you attached or see the option. However, I selected the system error option, critical, error, and number of event to show. I hope I selected the correct options, if not, please write the option instead of screenshot. Thank you for you help.

Here is the log file requested.
===========================
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/11/2015 10:35:19 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/11/2015 3:22:01 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 03/11/2015 3:22:01 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
Log: 'System' Date/Time: 03/11/2015 3:21:29 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom
Log: 'System' Date/Time: 03/11/2015 3:21:29 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Update Yawtix service failed to start due to the following error: The system cannot find the path specified.
Log: 'System' Date/Time: 03/11/2015 3:21:29 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.
Log: 'System' Date/Time: 01/11/2015 12:33:08 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 01/11/2015 12:29:54 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 01/11/2015 12:29:54 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
Log: 'System' Date/Time: 01/11/2015 12:28:48 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom
Log: 'System' Date/Time: 01/11/2015 12:28:48 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Update Yawtix service failed to start due to the following error: The system cannot find the path specified.
Log: 'System' Date/Time: 01/11/2015 12:28:48 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.
Log: 'System' Date/Time: 31/10/2015 11:59:51 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 31/10/2015 11:59:51 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
Log: 'System' Date/Time: 31/10/2015 11:59:17 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom
Log: 'System' Date/Time: 31/10/2015 11:59:17 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Update Yawtix service failed to start due to the following error: The system cannot find the path specified.
Log: 'System' Date/Time: 31/10/2015 11:59:17 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.
Log: 'System' Date/Time: 29/10/2015 10:53:01 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 29/10/2015 10:53:01 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
Log: 'System' Date/Time: 29/10/2015 10:52:26 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom
Log: 'System' Date/Time: 29/10/2015 10:52:26 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Update Yawtix service failed to start due to the following error: The system cannot find the path specified.

Here is the error log with application option selected.
===============================
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/11/2015 10:38:24 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/11/2015 3:19:46 AM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 01/11/2015 12:27:12 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.
Log: 'Application' Date/Time: 01/11/2015 12:27:12 AM
Type: Error Category: 3
Event: 455 Source: ESENT
Catalog Database (1492) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
Log: 'Application' Date/Time: 01/11/2015 12:27:08 AM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 01/11/2015 12:20:35 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\WDF01000.MOF while recovering .MOF file marked with autorecover.
Log: 'Application' Date/Time: 31/10/2015 11:59:17 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 31/10/2015 11:57:36 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 29/10/2015 10:52:26 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 29/10/2015 10:53:24 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 27/10/2015 9:02:04 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 27/10/2015 9:00:23 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 25/10/2015 11:29:03 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 25/10/2015 11:27:22 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 25/10/2015 8:00:52 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 25/10/2015 7:59:33 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 24/10/2015 9:58:07 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 24/10/2015 9:56:27 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 24/10/2015 9:31:47 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: db4 Start Time: 01d10e9ffee010ce Termination Time: 31
Log: 'Application' Date/Time: 24/10/2015 9:07:11 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Log: 'Application' Date/Time: 24/10/2015 9:06:49 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service failed to start. hr=0x80070002, [2, 4]

BrianDrab · Nov 3, 2015

Thank you for the information. It appears your catalog database may be corrupt. Please do the following.

Code:

Log: 'Application' Date/Time: 01/11/2015 12:27:12 AM
 Type: Error Category: 0
 Event: 257 Source: Microsoft-Windows-CAPI2
 The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.

Repair the Catalog Database
1. Click your Start button.
2. Type cmd.exe in the search box. Right-click on the cmd that appears in the search results and select Run as administrator. Allow if prompted.
3. Copy/Paste the following lines, one at a time, into the command-prompt window hitting enter after each. Note: You will need to right-click the mouse in the command-prompt window to paste. You can't use keyboard shortcuts.
net stop cryptsvc
rename %systemroot%\system32\catroot2 %systemroot%\system32\catroot2.old
net start cryptsvc

Let me know if you receive any errors while doing this.

Thanks.

niw · Nov 3, 2015

BrianDrab said:
Thank you for the information. It appears your catalog database may be corrupt. Please do the following.

Code:

Log: 'Application' Date/Time: 01/11/2015 12:27:12 AM Type: Error Category: 0 Event: 257 Source: Microsoft-Windows-CAPI2 The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.

Repair the Catalog Database
1. Click your Start button.
2. Type cmd.exe in the search box. Right-click on the cmd that appears in the search results and select Run as administrator. Allow if prompted.
3. Copy/Paste the following lines, one at a time, into the command-prompt window hitting enter after each. Note: You will need to right-click the mouse in the command-prompt window to paste. You can't use keyboard shortcuts.
net stop cryptsvc
rename %systemroot%\system32\catroot2 %systemroot%\system32\catroot2.old
net start cryptsvc

Let me know if you receive any errors while doing this.

Thanks.

Thank you for reviewing the log and provide possible solution.
I ran the command successfully, but I had an issue with the second command it says (the syntax of the command is incorrect). I manually renamed the folder, the system created another folder with same name. I ran the third command successfully.
I tried to download windows update but, I was not successful.

BrianDrab · Nov 3, 2015

OK. Let's do the following. Then reboot your machine and check for updates. Let me know if any updates are found.

Clear Event Logs
1. Click your Start button.
2. Type cmd.exe in the search box. Right-click on the cmd that appears in the search results and select Run as administrator. Allow if prompted.
3. Copy/Paste the following lines, one at a time, into the command-prompt window hitting enter after each. Note: You will need to right-click the mouse in the command-prompt window to paste. You can't use keyboard shortcuts.
wevtutil cl application
wevtutil cl system
wevtutil cl security

Thanks.

niw · Nov 5, 2015

Dear BrianDrab,

Thank you for your help thus far. I cleared out the event logs as directed, restart the computer, and try to download updates through "Windows update" but, with no success.

I installed Belarc, and install manually install updates, reboot the computer and run Windows update with no success.

Thanks,

BrianDrab said:
OK. Let's do the following. Then reboot your machine and check for updates. Let me know if any updates are found.

Clear Event Logs
1. Click your Start button.
2. Type cmd.exe in the search box. Right-click on the cmd that appears in the search results and select Run as administrator. Allow if prompted.
3. Copy/Paste the following lines, one at a time, into the command-prompt window hitting enter after each. Note: You will need to right-click the mouse in the command-prompt window to paste. You can't use keyboard shortcuts.
wevtutil cl application
wevtutil cl system
wevtutil cl security

Thanks.

BrianDrab · Nov 5, 2015

Thanks. Please do the following.

Step#1 - Logs Needed

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

niw · Nov 6, 2015

Thank for working with me on this issue. Here is the log file information you requested.
==========================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-11-2015
Ran by Nas (administrator) on ALWAYS (06-11-2015 17:17:08)
Running from C:\Users\Nas\Desktop
Loaded Profiles: Nas (Available Profiles: Nas & Always)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Nas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_226_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKU\S-1-5-21-3099303160-33164511-1782805088-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3099303160-33164511-1782805088-1000\...\Run: [Dropbox Update] => C:\Users\Nas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.)
HKU\S-1-5-21-3099303160-33164511-1782805088-1000\...\MountPoints2: {2f79972f-1937-11e3-b260-806e6f6e6963} - D:\Windows/TOEFL.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
Startup: C:\Users\Nas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{BF27FCA5-014B-47D3-B320-777515F45EDA}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3099303160-33164511-1782805088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3099303160-33164511-1782805088-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
SearchScopes: HKU\S-1-5-21-3099303160-33164511-1782805088-1000 -> DefaultScope {9B45E13F-6902-46CA-9624-F777AE1F4063} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US550D20141223&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3099303160-33164511-1782805088-1000 -> {9B45E13F-6902-46CA-9624-F777AE1F4063} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US550D20141223&p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\c857l5bp.default
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxps://google.com/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nas\AppData\Roaming\Mozilla\Firefox\Profiles\c857l5bp.default\searchplugins\McSiteAdvisor.xml [2015-10-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-02-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2015-10-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-13] [not signed]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-06-17] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MFA9208BC-B715-4485-A19C-689DB6A293F7&SearchSource=55&CUI=&UM=5&UP=SP8F7EE4EB-F348-4FA4-AECA-751AE8169DD0&SSPV=TBannersC_sp_ch
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MFA9208BC-B715-4485-A19C-689DB6A293F7&SearchSource=58&CUI=&UM=5&UP=SP8F7EE4EB-F348-4FA4-AECA-751AE8169DD0&q={searchTerms}&SSPV=TBannersC_sp_ch
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Nas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Nas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-05]
CHR Extension: (Bookmark Manager) - C:\Users\Nas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Nas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-09-15]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-09-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 Update Yawtix; "C:\Program Files\Yawtix\updateYawtix.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-15] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-06 17:17 - 2015-11-06 17:18 - 00014578 _____ C:\Users\Nas\Desktop\FRST.txt
2015-11-06 17:15 - 2015-11-06 17:15 - 01702400 _____ (Farbar) C:\Users\Nas\Desktop\FRST.exe
2015-11-05 19:28 - 2015-11-05 19:28 - 01523390 _____ C:\Users\Nas\Downloads\Windows6.0-KB3093513-x86(1).msu
2015-11-05 19:22 - 2015-11-05 19:22 - 01378022 _____ C:\Users\Nas\Downloads\Windows6.0-KB3087135-x86.msu
2015-11-03 20:42 - 2015-09-11 02:22 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-03 20:42 - 2015-09-11 02:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-03 20:42 - 2015-09-11 02:15 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-03 20:42 - 2015-09-11 02:14 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-03 20:42 - 2015-09-11 02:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-03 20:42 - 2015-09-11 02:14 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-03 20:41 - 2015-09-11 02:21 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-03 20:41 - 2015-09-11 02:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-03 20:41 - 2015-09-11 02:17 - 09751552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-03 20:41 - 2015-09-11 02:16 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-03 20:41 - 2015-09-11 02:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-03 20:41 - 2015-09-11 02:14 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-03 20:41 - 2015-09-11 02:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-03 20:36 - 2015-09-28 12:17 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-03 20:36 - 2015-09-26 11:09 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-03 20:36 - 2015-09-26 11:09 - 03554240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-03 20:34 - 2015-09-02 16:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-03 20:34 - 2015-09-02 14:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-03 20:34 - 2015-09-02 14:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-03 20:31 - 2015-08-05 10:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-11-03 20:29 - 2015-07-28 19:46 - 11588096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-11-03 20:27 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-11-03 20:27 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-11-03 20:27 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-11-03 20:27 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-11-03 20:27 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-11-03 20:27 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-11-03 20:27 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-11-03 20:27 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-11-03 20:27 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-11-03 20:25 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-11-03 20:24 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-11-03 20:24 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-11-03 20:22 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-11-03 20:19 - 2015-08-13 09:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-11-03 20:19 - 2015-08-13 09:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-11-03 20:18 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-11-03 20:16 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-11-03 20:16 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-11-03 20:14 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-03 20:12 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-11-03 20:12 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-11-03 20:12 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-11-03 20:12 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-03 20:12 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-11-03 20:11 - 2015-06-12 11:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-03 19:59 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-11-03 19:57 - 2015-06-27 11:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-03 19:57 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-03 19:57 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-03 19:57 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-11-03 19:57 - 2015-06-27 09:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-03 19:57 - 2015-06-27 09:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-03 19:57 - 2015-06-12 08:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-03 19:57 - 2015-01-08 19:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-03 19:50 - 2015-11-03 19:50 - 00351319 _____ C:\Users\Nas\Downloads\Windows6.0-KB3097966-x86.msu
2015-11-03 19:49 - 2015-11-03 19:49 - 15158079 _____ C:\Users\Nas\Downloads\IE9-Windows6.0-KB3093983-x86.msu
2015-11-03 19:45 - 2015-11-03 19:45 - 01523390 _____ C:\Users\Nas\Downloads\Windows6.0-KB3093513-x86.msu
2015-11-03 19:44 - 2015-11-03 19:44 - 02475755 _____ C:\Users\Nas\Downloads\Windows6.0-KB3088195-x86.msu
2015-11-03 19:41 - 2015-11-03 19:41 - 01446998 _____ C:\Users\Nas\Downloads\Windows6.0-KB3087039-x86.msu
2015-11-03 19:35 - 2015-11-03 19:35 - 00230148 _____ C:\Users\Nas\Downloads\Windows6.0-KB3086255-x86.msu
2015-11-03 19:33 - 2015-11-03 19:33 - 00734645 _____ C:\Users\Nas\Downloads\Windows6.0-KB3084135-x86.msu
2015-11-03 19:30 - 2015-11-03 19:30 - 04328277 _____ C:\Users\Nas\Downloads\Windows6.0-KB3080446-x86.msu
2015-11-03 19:27 - 2015-11-03 19:27 - 04299963 _____ C:\Users\Nas\Downloads\Windows6.0-KB3078601-x86.msu
2015-11-03 19:26 - 2015-11-03 19:26 - 00300616 _____ C:\Users\Nas\Downloads\Windows6.0-KB3076949-x86.msu
2015-11-03 19:25 - 2015-11-03 19:25 - 01151250 _____ C:\Users\Nas\Downloads\Windows6.0-KB3076895-x86.msu
2015-11-03 19:24 - 2015-11-03 19:24 - 02129386 _____ C:\Users\Nas\Downloads\Windows6.0-KB3075221-x86.msu
2015-11-03 19:23 - 2015-11-03 19:24 - 01022238 _____ C:\Users\Nas\Downloads\Windows6.0-KB3075220-x86.msu
2015-11-03 19:22 - 2015-11-03 19:22 - 01681320 _____ (Microsoft Corporation) C:\Users\Nas\Downloads\NDP45-KB3074550-x86.exe
2015-11-03 19:22 - 2015-11-03 19:22 - 00817075 _____ C:\Users\Nas\Downloads\Windows6.0-KB3074541-x86.msu
2015-11-03 19:20 - 2015-11-03 19:20 - 01214080 _____ (Microsoft Corporation) C:\Users\Nas\Downloads\NDP45-KB3074230-x86.exe
2015-11-03 19:19 - 2015-11-03 19:19 - 00432024 _____ C:\Users\Nas\Downloads\Windows6.0-KB3073921-v2-x86.msu
2015-11-03 19:17 - 2015-11-03 19:17 - 00833831 _____ C:\Users\Nas\Downloads\Windows6.0-KB3072633-x86.msu
2015-11-03 19:15 - 2015-11-03 19:15 - 02223660 _____ C:\Users\Nas\Downloads\Windows6.0-KB3072630-x86.msu
2015-11-03 19:13 - 2015-11-03 19:13 - 02917992 _____ (Microsoft Corporation) C:\Users\Nas\Downloads\NDP45-KB3072310-x86.exe
2015-11-03 19:11 - 2015-11-03 19:11 - 06356475 _____ C:\Users\Nas\Downloads\Windows6.0-KB3072303-x86.msu
2015-11-03 19:05 - 2015-11-03 19:06 - 02763196 _____ C:\Users\Nas\Downloads\Windows6.0-KB3071756-x86.msu
2015-11-03 19:03 - 2015-11-03 19:03 - 00365161 _____ C:\Users\Nas\Downloads\Windows6.0-KB3069392-x86.msu
2015-11-03 19:01 - 2015-11-03 19:01 - 03063950 _____ C:\Users\Nas\Downloads\Windows6.0-KB3069114-x86.msu
2015-11-03 18:59 - 2015-11-03 18:59 - 00311809 _____ C:\Users\Nas\Downloads\Windows6.0-KB3067903-x86.msu
2015-11-03 18:57 - 2015-11-03 18:57 - 03021086 _____ C:\Users\Nas\Downloads\Windows6.0-KB3067505-x86.msu
2015-11-03 18:44 - 2015-11-03 18:45 - 00588399 _____ C:\Users\Nas\Downloads\Windows6.0-KB3057154-x86.msu
2015-11-03 18:37 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-11-03 18:37 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-11-03 18:34 - 2015-11-03 18:34 - 04327929 _____ C:\Users\Nas\Downloads\Windows6.0-KB3079757-x86.msu
2015-11-03 18:32 - 2015-11-03 18:32 - 00335738 _____ C:\Users\Nas\Downloads\Windows6.0-KB3046017-x86.msu
2015-11-03 18:15 - 2015-11-03 18:15 - 00001913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-11-03 18:15 - 2015-11-03 18:15 - 00001901 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-11-03 18:15 - 2015-11-03 18:15 - 00000000 ____D C:\Program Files\Belarc
2015-11-02 22:35 - 2015-11-02 22:39 - 00006331 _____ C:\VEW.txt
2015-10-31 19:24 - 2015-10-31 19:30 - 00000000 ____D C:\Windows\system32\catroot2.old
2015-10-31 19:12 - 2015-10-31 19:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ALWAYS-Windows-Vista-(TM)-Business-(32-bit).dat
2015-10-31 19:12 - 2015-10-31 19:12 - 00000000 ____D C:\RegBackup
2015-10-29 18:11 - 2015-10-29 18:11 - 00000000 ____D C:\Windows\CheckSur
2015-10-29 18:06 - 2015-10-29 18:06 - 00000000 _____ C:\Users\Nas\Downloads\Windows6.0-KB947821-v35-x86.msu
2015-10-25 15:07 - 2015-10-25 15:07 - 03852432 _____ C:\Users\Always\Desktop\CBS.zip.zip
2015-10-24 17:14 - 2015-10-24 17:14 - 00000947 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2015-10-24 17:14 - 2015-10-24 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-10-24 17:13 - 2015-10-24 17:14 - 00000000 ____D C:\Program Files\LibreOffice 5
2015-10-24 17:01 - 2015-10-24 17:02 - 220336128 _____ C:\Users\Always\Downloads\LibreOffice_5.0.2_Win_x86.msi
2015-10-24 16:40 - 2015-10-24 16:40 - 00000000 ____D C:\SFCFix
2015-10-24 14:54 - 2015-10-24 14:54 - 00652800 _____ C:\Users\Nas\Downloads\MicrosoftFixit50362.msi
2015-10-23 18:52 - 2015-10-23 18:52 - 00000000 ____D C:\Users\Nas\AppData\Local\WindowsUpdate
2015-10-22 18:59 - 2015-10-22 19:00 - 00000000 ____D C:\Users\Nas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-22 18:54 - 2015-10-22 18:54 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-20 16:57 - 2015-11-06 17:17 - 00000000 ____D C:\FRST
2015-10-20 16:57 - 2006-12-12 09:01 - 00155648 _____ (Intel Corporation) C:\Windows\system32\igfxres.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-06 17:18 - 2014-12-23 21:12 - 00000000 ____D C:\Program Files\McAfee
2015-11-06 17:15 - 2008-01-20 20:39 - 01653668 _____ C:\Windows\WindowsUpdate.log
2015-11-06 17:15 - 2006-11-02 05:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-06 17:13 - 2014-06-22 16:44 - 00000000 ___RD C:\Users\Nas\Dropbox
2015-11-06 17:13 - 2014-06-22 16:40 - 00000000 ____D C:\Users\Nas\AppData\Roaming\Dropbox
2015-11-06 17:11 - 2014-05-08 20:04 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b22a922259d.job
2015-11-06 17:11 - 2013-09-09 02:17 - 00000680 _____ C:\Users\Nas\AppData\Local\d3d9caps.dat
2015-11-06 17:10 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-05 19:39 - 2006-11-02 08:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-05 19:22 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-11-05 19:21 - 2014-06-24 15:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fe84c3aef8f.job
2015-11-05 19:07 - 2015-05-19 17:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d092867eba0348.job
2015-11-05 18:57 - 2015-02-06 17:45 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0425e979b4933.job
2015-11-05 18:51 - 2015-06-30 17:03 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3099303160-33164511-1782805088-1000UA.job
2015-11-05 18:50 - 2014-10-18 04:16 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeab424b2bc60.job
2015-11-05 18:39 - 2006-11-02 07:47 - 00305632 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-05 18:07 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-11-05 17:15 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-11-05 16:57 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-03 19:51 - 2015-06-30 17:03 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3099303160-33164511-1782805088-1000Core.job
2015-10-31 19:27 - 2006-11-02 08:00 - 00177052 _____ C:\Windows\PFRO.log
2015-10-31 19:11 - 2013-09-09 02:18 - 00067336 _____ C:\Users\Nas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-27 16:02 - 2013-09-14 13:32 - 00000000 ___RD C:\Users\Always\Google Drive
2015-10-27 16:01 - 2013-09-09 07:28 - 00000680 _____ C:\Users\Always\AppData\Local\d3d9caps.dat
2015-10-23 18:48 - 2015-05-15 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-22 18:54 - 2015-06-09 16:40 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-22 18:53 - 2015-07-15 16:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-22 18:49 - 2015-06-12 20:09 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-10-22 18:48 - 2015-06-12 20:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-22 18:45 - 2015-05-16 13:51 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-22 18:45 - 2015-05-16 13:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-22 18:41 - 2013-09-09 03:08 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-22 18:38 - 2013-09-12 20:44 - 00000000 ____D C:\Intel
2015-10-21 16:17 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
==================== Files in the root of some directories =======
2013-09-09 02:17 - 2015-11-06 17:11 - 0000680 _____ () C:\Users\Nas\AppData\Local\d3d9caps.dat
2014-12-23 20:47 - 2015-05-26 20:23 - 0009216 _____ () C:\Users\Nas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-16 20:45 - 2015-07-16 20:45 - 0000000 _____ () C:\Users\Nas\AppData\Local\{62966729-87EC-40C5-B6A9-6345427FBF4F}
2013-09-14 13:18 - 2013-09-14 13:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-06 19:05 - 2015-03-03 20:21 - 0000590 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
C:\Users\Nas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlimgd.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-06 17:15
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-11-2015
Ran by Nas (2015-11-06 17:18:52)
Running from C:\Users\Nas\Desktop
Microsoft® Windows Vista™ Business Service Pack 2 (X86) (2013-09-09 10:10:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Always (S-1-5-21-3099303160-33164511-1782805088-1002 - Limited - Enabled) => C:\Users\Always
Nas (S-1-5-21-3099303160-33164511-1782805088-1000 - Administrator - Enabled) => C:\Users\Nas
XXAdministrator (S-1-5-21-3099303160-33164511-1782805088-500 - Administrator - Disabled)
XXGuest (S-1-5-21-3099303160-33164511-1782805088-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Belarc Advisor 8.5a (HKLM\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
Dropbox (HKU\S-1-5-21-3099303160-33164511-1782805088-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Google Drive (HKLM\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{90BBACD9-526F-4AD5-8B92-80BB5F5E1A6D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
LibreOffice 5.0.2.2 (HKLM\...\{71508AE2-346A-4E56-AE95-DBB8DE692258}) (Version: 5.0.2.2 - The Document Foundation)
McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.252 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Nas\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3099303160-33164511-1782805088-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Nas\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-11-2015 18:08:16 Windows Update
05-11-2015 18:13:38 Windows Update
05-11-2015 18:19:25 Windows Update
05-11-2015 18:27:39 Windows Update
05-11-2015 18:35:00 Windows Update
05-11-2015 18:43:29 Windows Update
05-11-2015 18:48:32 Windows Update
05-11-2015 18:52:21 Windows Update
05-11-2015 19:04:17 Windows Update
05-11-2015 19:10:27 Windows Update
05-11-2015 19:12:25 Windows Update
05-11-2015 19:24:11 Windows Update
05-11-2015 19:28:45 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {159A8032-513E-4FC3-8829-E5A2CC6567F8} - System32\Tasks\User_Feed_Synchronization-{C1CBC675-E8C5-4910-A515-D8AE5CC14484}
Task: {22C02660-04A5-42D1-AEA8-9B76AA1AC914} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3099303160-33164511-1782805088-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {27E013A1-530C-4D6A-B80D-8ACEBFD5624D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3FF2079F-75F8-4C20-ABA9-D2C46313A2D1} - System32\Tasks\GoogleUpdateTaskMachineUA1cfeab424b2bc60 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-21] (Google Inc.)
Task: {4B2E45A2-D201-4496-96EB-2C07CF1B5B89} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3099303160-33164511-1782805088-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {52AF741A-5FE4-4CC2-94B4-BF75799CECEF} - System32\Tasks\{3D276E52-E319-4CBA-8A68-1116321D0B5E} => pcalua.exe -a C:\Users\Nas\Desktop\CM-143947-Symantec_Endpoint_Protection_12.1_RU1_Part1_Installation_EN.exe -d C:\Users\Nas\Desktop
Task: {5FFFEF34-687E-43C7-A7EE-0580CEB357F2} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6b22a922259d => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-21] (Google Inc.)
Task: {7078BC34-1839-4F63-A3A1-B594E18E46EC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3099303160-33164511-1782805088-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {74D716CF-B4ED-4761-A60E-6934383FD807} - System32\Tasks\GoogleUpdateTaskMachineUA1d0425e979b4933 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-21] (Google Inc.)
Task: {ABC0C195-F809-463A-A6B6-EF5D8300BE62} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8fe84c3aef8f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-21] (Google Inc.)
Task: {CDE91807-6AC5-4BA2-AE5A-DE651873527D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3099303160-33164511-1782805088-1000Core => C:\Users\Nas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)
Task: {DEC21B15-81C1-497D-AFED-ADC65FECB744} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3099303160-33164511-1782805088-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {F2BA0556-3ADB-4E1F-A609-4EEF3A003BE4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3099303160-33164511-1782805088-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {F8EACBB0-6D6A-4B6E-BECF-35A9831AD383} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3099303160-33164511-1782805088-1000UA => C:\Users\Nas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)
Task: {FBDA3557-CBE5-4B93-95B1-882D4BEF28FE} - System32\Tasks\GoogleUpdateTaskMachineUA1d092867eba0348 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-21] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3099303160-33164511-1782805088-1000Core.job => C:\Users\Nas\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3099303160-33164511-1782805088-1000UA.job => C:\Users\Nas\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b22a922259d.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fe84c3aef8f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeab424b2bc60.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0425e979b4933.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d092867eba0348.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-11-06 17:11 - 2015-11-06 17:12 - 00071168 _____ () c:\users\nas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlimgd.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3099303160-33164511-1782805088-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img22.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{A10687AB-BE31-48F7-9827-9249C517AE9A}] => (Allow) LPort=80
FirewallRules: [{42845CB2-0595-46CD-AF36-E64F938F6764}] => (Allow) LPort=80
FirewallRules: [{62BF1F59-A219-4336-AE7A-0AFC62ECE813}] => (Allow) LPort=80
FirewallRules: [{14CD57D9-66B5-4078-826D-9ECF6EA3391D}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{A69C315E-69F7-4FB8-94D1-86EA3D58099D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{502A1E60-FA0D-4A4B-B342-D555520F4C78}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0486CC0C-4A4E-48ED-AE00-7C7A09DDFBFD}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4E0F9E05-27FF-43A0-86EC-19EC08D00CFE}] => (Allow) C:\Users\Nas\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{09E8B974-59DE-4B30-BD04-5CDFD736FF78}] => (Allow) C:\Users\Nas\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7681E334-F19C-4D5A-9ACC-BD00292E41DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FAF0C659-4003-4572-B42C-37F273554F7C}] => (Allow) E:\Application\Firefox\firefox.exe
FirewallRules: [{B05F20BA-C85D-4ED4-8AFF-1AE08936483D}] => (Allow) E:\Application\Firefox\firefox.exe
FirewallRules: [TCP Query User{B9E66A9B-2CD1-4F35-A6E5-0DB704722F50}C:\users\nas\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4ED75433-8623-457D-84C6-8ECC08BCD69D}C:\users\nas\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/06/2015 05:10:50 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 07:07:01 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:56:42 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:46:38 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:39:23 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:32:32 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:24:52 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:16:59 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:11:13 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]
Error: (11/05/2015 06:02:28 PM) (Source: Software Licensing Service) (EventID: 1001) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]

System errors:
=============
Error: (11/06/2015 05:13:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053
Error: (11/06/2015 05:13:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Google Update Service (gupdate)
Error: (11/06/2015 05:12:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom
Error: (11/06/2015 05:12:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Update Yawtix%%3
Error: (11/06/2015 05:12:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Software Licensing%%2147942402
Error: (11/05/2015 07:30:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Windows (KB3093513){D9A27DB5-2872-447E-9113-AB46F4639F99}501
Error: (11/05/2015 07:30:06 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: Always)
Description: Windows Servicing failed to complete the process of changing update 3093513-2_neutral_GDR from package KB3093513(Security Update) into Staged(Staged) state
Error: (11/05/2015 07:30:06 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4375) (User: Always)
Description: Windows Servicing failed to complete the process of setting package KB3093513 (Security Update) into Install Requested(Install Requested) state
Error: (11/05/2015 07:30:06 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: Always)
Description: Windows Servicing failed to complete the process of changing update 3093513-3_neutral_PACKAGE from package KB3093513(Security Update) into Staged(Staged) state
Error: (11/05/2015 07:30:06 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4375) (User: Always)
Description: Windows Servicing failed to complete the process of setting package KB3093513 (Security Update) into Install Requested(Install Requested) state

CodeIntegrity:
===================================
Date: 2014-03-04 21:10:08.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Nas\Documents\church_files\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 21:10:08.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Nas\Documents\church_files\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 21:10:08.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Nas\Documents\church_files\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 21:10:07.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Nas\Documents\church_files\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-12 23:26:48.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-12 23:26:48.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-12 23:26:48.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-12 23:26:48.203
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-12 23:26:48.016
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 3060.7 MB
Available physical RAM: 1791.61 MB
Total Virtual: 6324.38 MB
Available Virtual: 5207.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.5 GB) (Free:37.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (E) (Fixed) (Total:232.88 GB) (Free:229.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 37012A91)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 477FEEB0)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

BrianDrab said:
Thanks. Please do the following.

Step#1 - Logs Needed

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

BrianDrab · Nov 6, 2015

Thank you for the information. To continue troubleshooting your issue I would like you to remove your antivirus software McAfee Internet Security. Make sure you have your license key before uninstalling so we may re-install it when the issue is resolved.

Please let me know when this is done. Thank you.

Unable to Install Windows Update

Active member

Attachments

Registered Member

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Emeritus

Active member

Attachments

Emeritus

Active member

Emeritus

Active member

Emeritus

Active member

Emeritus

Active member

Emeritus

Active member

Emeritus

Active member

Emeritus

Administrator,
Microsoft MVP,
Security Analyst