OTL Extras logfile created on: 18/03/2013 17:29:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Enterprise Edition (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.87 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 69.30% Memory free 7.37 Gb Paging File | 6.17 Gb Available in Paging File | 83.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698.29 Gb Total Space | 682.16 Gb Free Space | 97.69% Space Free | Partition Type: NTFS Drive D: | 500.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 29.81 Gb Total Space | 22.25 Gb Free Space | 74.65% Space Free | Partition Type: FAT32 Drive F: | 7.46 Gb Total Space | 2.38 Gb Free Space | 31.84% Space Free | Partition Type: NTFS Computer Name: PC2013 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BBC318-9344-43F6-B3FA-71ACB5F91E2D}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{079DF9D0-B3AC-4554-B80B-3B8DA99016B2}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{09449054-D367-437B-B777-824AA70D3424}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{0977F408-80A6-4DBE-8B48-51D6ED42579A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{0C96FD69-DCEF-43AE-802E-02F00A8AF3D7}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{148534F5-A2B1-4FEB-94C1-1D05C39D3696}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{24118A13-DCC7-446E-8338-E56C8FA06DBE}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{39D9D0D2-32C2-4C25-B486-3FE1F20781DD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{4A38399E-7BE4-4EDC-9164-89F22CA459DB}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{6B7D9C00-1C1B-4810-94AA-6A4F7A1736BD}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{9C198CE5-817B-4E4A-8877-A8D482179367}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{A8F40857-F50F-46D5-B02C-9E3CABEC40D6}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{C1C967F1-C628-4E86-9F43-4B30332D8EF4}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{C2412886-4014-4A1E-A440-313732DD41B3}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{CDDFEEB6-DEE4-49C5-AC7F-5E255EF46C34}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{D619A64B-C52B-4078-8BE9-32DC99564EBD}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{DFAFC6E4-FF2E-40D3-BAF7-63A7F7871C06}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{EADE9116-AA9A-49C3-B7F3-05D05FC2A0CA}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 04/03/2013 06:40:30 | Computer Name = PC2013 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: hr=0x8007267C Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error - 04/03/2013 12:56:19 | Computer Name = PC2013 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: hr=0x8007267C Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error - 04/03/2013 13:06:23 | Computer Name = PC2013 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=NetworkAvailable Error - 04/03/2013 13:06:59 | Computer Name = PC2013 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: hr=0x8007251D Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=NetworkAvailable Error - 04/03/2013 13:08:10 | Computer Name = PC2013 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: hr=0x800705B4 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=NetworkAvailable Error - 04/03/2013 13:08:32 | Computer Name = PC2013 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: hr=0x8007251D Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=NetworkAvailable Error - 11/03/2013 06:26:16 | Computer Name = PC2013 | Source = Microsoft-Windows-WMI | ID = 28 Description = Failed to Initialize WMI Core or Provider SubSystem or Event SubSystem with error number 0x80041001. This could be due to a badly installed version of WMI, WMI repository upgrade failure, insufficient disk space or insufficient memory. Error - 11/03/2013 06:27:23 | Computer Name = PC2013 | Source = SecurityCenter | ID = 3 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. Error - 18/03/2013 13:17:54 | Computer Name = PC2013 | Source = Microsoft-Windows-WMI | ID = 28 Description = Failed to Initialize WMI Core or Provider SubSystem or Event SubSystem with error number 0x80041001. This could be due to a badly installed version of WMI, WMI repository upgrade failure, insufficient disk space or insufficient memory. Error - 18/03/2013 13:18:55 | Computer Name = PC2013 | Source = SecurityCenter | ID = 3 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. [ System Events ] Error - 11/03/2013 06:24:40 | Computer Name = PC2013 | Source = Ntfs | ID = 55 Description = A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline. Error - 11/03/2013 06:24:43 | Computer Name = PC2013 | Source = Microsoft-Windows-Ntfs | ID = 98 Description = Error - 11/03/2013 06:24:43 | Computer Name = PC2013 | Source = Ntfs | ID = 55 Description = A corruption was discovered in the file system structure on volume \\?\Volume{160db725-84b7-11e2-be65-806e6f6e6963}. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline. Error - 11/03/2013 06:24:56 | Computer Name = PC2013 | Source = Service Control Manager | ID = 7000 Description = The UAC File Virtualization service failed to start due to the following error: %%1392 Error - 11/03/2013 06:26:25 | Computer Name = PC2013 | Source = Ntfs | ID = 55 Description = A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x10000000152a7. The name of the file is "". Error - 18/03/2013 13:16:18 | Computer Name = PC2013 | Source = Microsoft-Windows-Ntfs | ID = 98 Description = Error - 18/03/2013 13:16:19 | Computer Name = PC2013 | Source = Ntfs | ID = 55 Description = A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline. Error - 18/03/2013 13:16:24 | Computer Name = PC2013 | Source = Microsoft-Windows-Ntfs | ID = 98 Description = Error - 18/03/2013 13:16:24 | Computer Name = PC2013 | Source = Ntfs | ID = 55 Description = A corruption was discovered in the file system structure on volume \\?\Volume{160db725-84b7-11e2-be65-806e6f6e6963}. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline. Error - 18/03/2013 13:16:40 | Computer Name = PC2013 | Source = Service Control Manager | ID = 7000 Description = The UAC File Virtualization service failed to start due to the following error: %%1392 < End of report >