Did what you said to and yes the white screen is gone. Also ran otl and aswmbr here are the logs.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-07-2013 03
Ran by SYSTEM at 2013-07-18 01:14:07 Run:1
Running from D:\
Boot Mode: Recovery
==============================================
HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.ini => Moved successfully.
==== End of Fixlog ====
OTL logfile created on: 7/18/2013 1:26:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.49 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.38% Memory free
4.98 Gb Paging File | 4.17 Gb Available in Paging File | 83.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.41 Gb Total Space | 27.43 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.45 Gb Free Space | 77.19% Space Free | Partition Type: FAT
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/07/18 01:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/02/20 04:50:12 | 001,708,696 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2013/02/09 19:07:34 | 000,945,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/30 14:09:28 | 000,371,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\OnlineVault\OVTray.exe
PRC - [2012/10/29 12:25:52 | 000,519,920 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
PRC - [2011/03/03 09:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:
64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/13 18:43:03 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/09 19:07:34 | 000,945,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/02/07 15:23:26 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/02/07 11:37:32 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/10/29 12:25:52 | 000,519,920 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2013/02/09 19:07:36 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:
64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:
64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:
64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:
64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:
64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co...1W4CHBA_enUS525IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 24 73 C6 21 A8 CD 01 [binary data]
IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" =
http://start.msn.ipl...q={searchTerms}IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\SearchScopes\{888627CE-3FC2-40E0-81B6-AB0CC2266454}: "URL" =
http://search.yahoo....19630,0,18,6923IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" =
http://www2.inbox.co...&iwk=243&lng=enIE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\SearchScopes\{D2DB6390-1981-46A6-B0C5-B8C005F9F0FB}: "URL" =
http://www.mysearchr...q={searchTerms}IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\SearchScopes\{E6DDDA7B-1F49-419D-A2A0-402402731615}: "URL" =
http://search.us.com...k={searchTerms}IE - HKU\S-1-5-21-4162402932-917926747-416293273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Owner\AppData\Local\TNT2\2.0.0.1378\npTNT2.dll (Findwide)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\Owner\AppData\Local\TNT2\2.0.0.1378\npTNT2ghost.dll (Findwide)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla FireFox\components [2013/02/28 16:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla FireFox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/02/07 19:05:24 | 000,037,909 | ---- | M] ()
[2013/02/28 16:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2013/02/28 16:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions
[2013/02/07 14:01:06 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla FireFox\extensions\
[email protected][2013/02/15 19:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/15 19:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/15 19:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - homepage:
http://www.google.com/CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: InfoAtoms = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0\
CHR - Extension: Wajam = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {8F61B047-44F0-494D-B70D-2F22CC756B20} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:HKU - HKU\S-1-5-21-4162402932-917926747-416293273-1000\..\Toolbar\WebBrowser: (TNT2-10404 Toolbar) - {8F61B047-44F0-494D-B70D-2F22CC756B20} - C:\Users\Owner\AppData\Local\TNT2\Profiles\10404\passport.dll (Findwide)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [Online Vault] C:\Program Files (x86)\OnlineVault\OVTray.exe (Crawler.com)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4162402932-917926747-416293273-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4162402932-917926747-416293273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA18ED6A-1C23-4290-ABDB-68D96D0D8A5A}: DhcpNameServer = 192.168.254.254
O18:
64bit: - Protocol\Handler\inbox - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2013/07/18 01:20:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/07/17 02:20:20 | 000,000,000 | ---D | C] -- C:\FRST
========== Files - Modified Within 30 Days ========== [2013/07/18 01:24:19 | 000,022,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 01:24:19 | 000,022,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 01:21:21 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 01:21:21 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 01:21:21 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 01:18:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 01:17:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 01:17:16 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Quick PC Booster64 startups.job
[2013/07/18 01:16:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 01:16:53 | 2004,750,336 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 01:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
========== Files Created - No Company Name ========== [2013/02/14 16:58:26 | 000,027,702 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2013/02/09 17:58:38 | 000,081,283 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\userenv.xml.urlencode
[2013/02/09 17:58:38 | 000,061,216 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\userenv.xml
[2013/02/07 15:24:00 | 000,000,258 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2012/08/26 11:08:24 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ========== @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:B0D93116
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:EE9B2879
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E21987F7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6B709AD7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5C42F64A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E517FE76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F41E22A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A4241298
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:260575F1
< End of report >
OTL Extras logfile created on: 7/18/2013 1:26:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.49 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.38% Memory free
4.98 Gb Paging File | 4.17 Gb Available in Paging File | 83.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.41 Gb Total Space | 27.43 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.45 Gb Free Space | 77.19% Space Free | Partition Type: FAT
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-4162402932-917926747-416293273-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086C00E5-A62E-4C2C-BE83-CFFECBAA5025}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F00BC9C-3C3C-4654-B106-14DDFFFEFBA9}" = rport=139 | protocol=6 | dir=out | app=system |
"{34B0C2DC-65BC-4EB4-A969-682B33175268}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39B853EE-1715-45A9-9BBB-BE540BB4BC00}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A92FB08-C903-4248-9D98-490FD39C9A33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BA5AE19-545F-4979-A96B-CE5D44F76013}" = rport=137 | protocol=17 | dir=out | app=system |
"{6CC11F87-8E15-44B2-87AB-6E3DF5E8BF39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B446A8B8-A4A4-48AB-9B1F-5E005CF3224B}" = rport=138 | protocol=17 | dir=out | app=system |
"{BA36AB40-2E4C-4DFB-87B1-EAF07C35B0CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{CB285F4F-0118-4D01-8D6F-143FC2586AF3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{DAD03C52-AA5C-44C5-9D41-7310EADEB2B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE4FEB7E-FE83-48EA-BB80-64BFFF19AF4A}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{53153949-7EB6-4E61-AE98-C3CB16358EBE}" = protocol=58 | dir=out |
[email protected],-28546 |
"{6F6D2349-7D7C-4FE3-A22D-7AA291394A94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{70DC5CF9-EAF2-483A-9007-16E0DBDB2351}" = protocol=1 | dir=out |
[email protected],-28544 |
"{959DA706-536B-4025-82B6-DAB98A9B6C0A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A006F4E6-8BAA-4F06-A2F8-5F3471D1B7E8}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{CAE959D2-EE46-4B66-931D-DF8323FBDB5C}" = protocol=58 | dir=in |
[email protected],-28545 |
"{D3E07F69-5336-4242-819F-7EE322AB18C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{DF57866A-DE19-4FF7-AC8B-1ACB5BD8C76E}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{E05F7483-8883-41D0-9A13-95904CBDAB27}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{F54B8743-2880-4A1E-A430-7DDE4BEA3AFB}" = protocol=1 | dir=in |
[email protected],-28543 |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111551630}" = Hidden Expedition Titanic
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1" = Online Vault
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG SafeGuard toolbar" =
"BFG-Big City Adventure - Paris" = Big City Adventure: Paris
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Parables - Rise of the Snow Queen" = Dark Parables: Rise of the Snow Queen
"BFG-Hallowed Legends - Ship of Bones Collector's Edition" = Hallowed Legends: Ship of Bones Collector's Edition
"BFG-Hidden Identity - Chicago Blackout" = Hidden Identity: Chicago Blackout
"BFG-Matchmaker - Curse of Deserted Bride" = Matchmaker: Curse of Deserted Bride
"BFG-Mystery Case Files - Escape from Ravenhearst" = Mystery Case Files®: Escape from Ravenhearst™
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ®
"BFG-Silent Scream II - The Bride" = Silent Scream II: The Bride
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DefaultTab" = DefaultTab
"Escape Rosecliff Island" = Escape Rosecliff Island
"GamesBar" = GamesBar 2.0.1.82
"Ghost Whisperer - Forgotten Toys" = Ghost Whisperer - Forgotten Toys
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Immortal Lovers" = Immortal Lovers
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"PogoDGC" = Pogo Games
"Sinister City" = Sinister City
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"Wajam" = Wajam
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-050dc2af-5a72-48f3-a581-fa932012d7a6" = Mystery Agency: A Vampire's Kiss
"WTA-07209750-804c-4be7-a7fb-7d15edfdd234" = Ghost Whisperer
"WTA-1e4ee05d-704e-4240-8eb6-8f91a9c36186" = Secret of the Past The Mother's Diary
"WTA-22031e02-3e52-418e-a606-dabe466f4b0a" = Vampire Saga 3: Break Out
"WTA-2262f9bd-c513-4e10-90aa-48f9546859ab" = Titanic's Keys to the Past
"WTA-27f6409e-73e8-4f8b-aab5-75e3bdf57859" = G.H.O.S.T. Hunters The Haunting of Majesty Manor
"WTA-2f446508-6b37-43fe-8b4d-494a09be6fef" = Twilight City: Love as a Cure
"WTA-2fd1d8d3-22da-4df8-a14c-9843125e705c" = Mystery of Shark Island
"WTA-37792ee5-3ca7-4320-a129-a4f1b851dcd6" = Pride and Prejudice
"WTA-3817d0a1-cbc4-4d1a-aa06-065eecaf0394" = Suburban Mysteries: The Labyrinth of the Past
"WTA-45b15a93-8d16-4b2f-9894-754a1d20ac23" = Big City Adventure - Sydney
"WTA-486b89a7-19db-4a52-80ae-dc8efab78856" = Haunted Past Realm of Ghosts Collector's Edition
"WTA-4cc97157-8490-483e-b5b5-c22e7abf4089" = Tornado
"WTA-527fecc7-bf46-41ba-bc34-f11bb6d3dff0" = Natalie Brooks - The Treasures of the Lost Kingdom
"WTA-52b5938c-f704-41bb-a482-7abcb17ed6c8" = Haunting Mysteries: The Island of Lost Souls Premium Edition
"WTA-53996339-9fc5-4a37-bcc4-225ad2f1a00e" = The Book of Desires
"WTA-57bdb0c4-c7dd-4e03-8503-42b808ea77af" = The Dream Voyagers
"WTA-5c28d23e-3bf5-4809-9bfd-17de226490f0" = Ancient Secrets: Mystery of the Vanishing Bride
"WTA-6bf8c1af-99e4-4236-8752-4a2147ac2527" = Weird Park: Scary Tales
"WTA-7b9a4cda-e3cb-42c5-9784-d4e5574b4057" = Twisted Lands: Insomniac
"WTA-7dbadee9-a591-4788-94aa-7df1fae26b2e" = Big City Adventure: London Story
"WTA-86af1dd9-0430-492d-adc8-ce238698fef9" = White Haven Mysteries Standard Edition
"WTA-921d7ac9-82b1-42b6-9027-cf41b12a8a7c" = Kingdom of Seven Seals
"WTA-9a3e2b62-2813-4bd8-8875-b8e85bcb3d81" = Letters from Nowhere
"WTA-9e2cc8e7-90f5-4e0c-850c-99353797fc38" = Halloween: Trick or Treat
"WTA-bb107773-3821-4adf-85d2-658431d3d353" = The Curse of the Werewolves
"WTA-c0195183-93ed-4a04-ac3b-4cb31bd09ef7" = Mystery of Unicorn Castle
"WTA-c2843d8d-2a3a-4a13-9d78-a3d65c63a3cf" = Little Shop - World Traveler
"WTA-c7db49cf-7b90-4f9b-a679-317b39b5d107" = Amazing Adventures: Riddle of The Two Knights™
"WTA-ca73ac55-cbc5-49f8-97b2-5bf300ad3737" = Amazing Adventures: The Forgotten Dynasty
"WTA-cb866a24-038c-4bac-9cbb-106a58a89665" = Big City Adventure - San Francisco
"WTA-ce91f9ae-6956-48e2-82b5-d295dcd4349b" = Halloween: The Pirates Curse
"WTA-d31427ed-7a17-417e-a886-772eb655778d" = Amusement World
"WTA-dd48bbad-ef0a-49ad-9cf7-3466cc05c64f" = The Secret of Hildegards
"WTA-e2b6a734-633b-41c5-81ad-17b12ad6e651" = Entwined: Strings of Deception
"WTA-e3b713fe-8ef9-4339-a126-ec5fcb038aab" = Twisted Lands: Origin
"WTA-eef2059e-8af9-4b89-bef1-fcf5c94def78" = Escape Rosecliff Island
"WTA-f7bb750e-d9a2-46ad-adf7-3db9ff622b0e" = Hidden Path of Faery
"WTA-fe621a02-59e6-4fa2-b3f2-771d4073954f" = Escape - Special Edition Bundle
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4162402932-917926747-416293273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 3/14/2013 5:57:07 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d688122 Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec4b137 Exception code: 0xc000041d Fault offset: 0x00000000000385b7
Faulting
process id: 0x538 Faulting application start time: 0x01ce20f94a286e9d Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 1c804ed9-8cf2-11e2-a5c8-001d099cdb05
Error - 3/14/2013 7:26:12 PM | Computer Name = Owner-PC | Source = VSS | ID = 22
Description =
Error - 3/14/2013 7:26:12 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description =
Error - 3/14/2013 7:26:12 PM | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =
Error - 7/16/2013 10:40:14 PM | Computer Name = Owner-PC | Source = VSS | ID = 22
Description =
Error - 7/16/2013 10:40:14 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description =
Error - 7/16/2013 10:40:14 PM | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =
Error - 7/18/2013 2:18:29 AM | Computer Name = Owner-PC | Source = VSS | ID = 22
Description =
Error - 7/18/2013 2:18:29 AM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description =
Error - 7/18/2013 2:18:29 AM | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 11/21/2012 7:01:33 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 5:01:33 PM - Error connecting to the internet. 5:01:33 PM - Unable
to contact server..
Error - 11/21/2012 7:02:04 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 5:02:02 PM - Error connecting to the internet. 5:02:02 PM - Unable
to contact server..
Error - 11/21/2012 8:02:48 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:02:48 PM - Error connecting to the internet. 6:02:48 PM - Unable
to contact server..
Error - 11/21/2012 8:03:19 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:03:17 PM - Error connecting to the internet. 6:03:17 PM - Unable
to contact server..
Error - 12/28/2012 1:43:30 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:43:05 AM - Error connecting to the internet. 11:43:07 AM - Unable
to contact server..
Error - 12/30/2012 3:14:17 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:14:16 PM - Error connecting to the internet. 1:14:16 PM - Unable
to contact server..
Error - 12/30/2012 3:14:51 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:14:46 PM - Error connecting to the internet. 1:14:46 PM - Unable
to contact server..
Error - 12/30/2012 4:38:17 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 2:36:58 PM - Error connecting to the internet. 2:36:58 PM - Unable
to contact server..
Error - 12/30/2012 5:09:14 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 2:38:51 PM - Error connecting to the internet. 2:38:51 PM - Unable
to contact server..
Error - 7/16/2013 10:42:22 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 9:42:22 PM - Error connecting to the internet. 9:42:22 PM - Unable
to contact server..
[ System Events ]
Error - 3/13/2013 6:13:16 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%859 Update Stage:
%%852 Source Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error
code: 0x8007045a Error description: A dynamic link library (DLL) initialization
routine failed.
Error - 3/13/2013 6:15:19 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%851 Update Stage:
%%854 Source Path:
http://go.microsoft....5D-99752CCA7094 Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9103.0 Error code: 0x8000ffff Error description: Catastrophic
failure
Error - 3/13/2013 6:15:19 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%851 Update Stage:
%%854 Source Path:
http://go.microsoft....5D-99752CCA7094 Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9103.0 Error code: 0x8000ffff Error description: Catastrophic
failure
Error - 3/13/2013 8:43:36 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 3/13/2013 8:53:54 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%859 Update Stage:
%%852 Source Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error
code: 0x8007045a Error description: A dynamic link library (DLL) initialization
routine failed.
Error - 3/13/2013 9:02:10 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%851 Update Stage:
%%854 Source Path:
http://go.microsoft....5D-99752CCA7094 Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9103.0 Error code: 0x8000ffff Error description: Catastrophic
failure
Error - 3/13/2013 9:02:10 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%851 Update Stage:
%%854 Source Path:
http://go.microsoft....5D-99752CCA7094 Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9103.0 Error code: 0x8000ffff Error description: Catastrophic
failure
Error - 3/13/2013 11:31:44 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%859 Update Stage:
%%852 Source Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error
code: 0x8007045a Error description: A dynamic link library (DLL) initialization
routine failed.
Error - 3/13/2013 11:38:10 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%851 Update Stage:
%%854 Source Path:
http://go.microsoft....5D-99752CCA7094 Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9103.0 Error code: 0x8000ffff Error description: Catastrophic
failure
Error - 3/13/2013 11:38:10 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.143.2208.0 Update Source: %%851 Update Stage:
%%854 Source Path:
http://go.microsoft....5D-99752CCA7094 Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9103.0 Error code: 0x8000ffff Error description: Catastrophic
failure
< End of report >
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-18 01:45:26
-----------------------------
01:45:26.722 OS Version: Windows x64 6.1.7600
01:45:26.722 Number of processors: 1 586 0x1601
01:45:26.722 ComputerName: OWNER-PC UserName: Owner
01:45:27.112 Initialize success
01:46:21.853 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:46:21.853 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
01:46:21.931 Disk 0 MBR read successfully
01:46:21.931 Disk 0 MBR scan
01:46:21.946 Disk 0 Windows 7 default MBR code
01:46:21.946 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:46:21.946 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76191 MB offset 206848
01:46:21.978 Disk 0 scanning C:\Windows\system32\drivers
01:46:26.689 Service scanning
01:46:45.237 Modules scanning
01:46:45.237 Disk 0 trace - called modules:
01:46:45.268 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:46:45.268 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002d7c060]
01:46:45.268 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> [0xfffffa8002900520]
01:46:45.799 5 ACPI.sys[fffff88000f47781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80028e3680]
01:46:45.799 Scan finished successfully
01:47:27.545 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
01:47:27.576 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"