Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with rootkit, was redirected here. [Solved]

Started by Down_with_malware , Sep 23 2013 09:31 AM

This topic is locked

#16
Down_with_malware

Posted 26 September 2013 - 09:34 AM

Member

Topic Starter
Member
173 posts

Alright I did what you wanted!

I have a question. Have you by chance came across any Backdoors or does it seem

like i am clear of those? That was my worst fear was to find a backdoor especially when I heard about the rootkit.

DeQuarantine log:

C:\Qoobox\Quarantine\C\windows\SysWow64\frapsvid.dll.vir -> C:\windows\SysWow64\frapsvid.dll

I couldn't get the link to work for some reason on the file. However it scanned and even said it was scanned before
\
two years ago. It says it isn't infected and is fine. :thumbsup:

#17
SleepyDude

Posted 26 September 2013 - 03:27 PM

Trusted Helper

Malware Removal
4,975 posts

Hi Raymond,

Alright I did what you wanted! I have a question. Have you by chance came across any Backdoors or does it seem

like i am clear of those? That was my worst fear was to find a backdoor especially when I heard about the rootkit.

Thank you. So far I didn't find signs of a rootkhit, maybe what I found strange in your logs are traces from an older infection.

I couldn't get the link to work for some reason on the file. However it scanned and even said it was scanned before
two years ago. It says it isn't infected and is fine.

Ok, Combofix hit some legit files, you just restore one but there are others from Git for Windows also affected you need to reinstall the program or update it to the newer version.

I want you to run a virus scan and a fix to correct the errors presented on the logs.

Step 1 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
Posted Image

UNCHECK the box's Remove found threats and Scan Archives.
Click on Advanced Settings, an check the options:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Disable your AntiVirus and AntiSpyware applications to speedup the scan
(If you have difficulty properly disabling your security programs, refer to this link)
Click Start and then wait for the scan to finish (it will take some time).
The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
Once the scan is completed, close the program
Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
Copy and paste the log contents to your reply
Enable your AntiVirus and AntiSpyware applications

Step 2 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

Right click on the icon and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
Do not change any other settings unless otherwise told to do so.

Under the

box at the bottom, paste in the following:

:Commands
[CreateRestorePoint]

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

:Files
netsh int ip reset c:\resetlog.txt /c
netsh winsock reset /c
ipconfig /release /c 
ipconfig /flushdns /c 
ipconfig /renew /c 

:Commands
[EmptyTemp]

click the button at the top. Let the program run uninterrupted.
click OK

Notes:

When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
OTL may ask to reboot the machine. Please accept right away.
The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.

Step 3 - Fix Windows Firewall

Download the two files attached and save them to the Desktop
BFE.reg 172.79KB 210 downloads
MpsSvc.reg 6.25KB 196 downloads
Double-click the two reg files one at time and proceed as follow for both files:
- click Yes on the prompt "Are you sure you want to continue?" adding {BFE.reg}{MpsSvc.reg} to the Registry
- if everything work as expected you will see a windows with this: "The keys and values contained in {..\BFE.reg}{..\MpsSvc.reg} have been successfully added to the registry."
Restart the computer

Step 4 - Farbar Service Scanner

Run FSS by double clicking the icon
(On Windows Vista or higher right click the file and select Run as Administrator)
Check all the options
click Scan
Post the generated log on your reply (The FSS.txt log is saved to the same folder where FSS is run from).

Step 5 - Farbar MiniToolBox

Execute again the MiniToolBox you have on the Desktop, check the following options:

List Winsock Entries
List last 10 Event Viewer log
Click on Go.
Post the resulting log in your next reply.

Things I would like to see in your next reply:

The ESET log
The OTL Fix log
The FSS.txt log
MiniTooBox log Result.txt

Edited by SleepyDude, 26 September 2013 - 03:31 PM.

#18
Down_with_malware

Posted 26 September 2013 - 08:52 PM

Member

Topic Starter
Member
173 posts

Hi! How are you? Here is what you requested.

ESET LOG

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=65d9d3478557dc42af891cbb486aad27
# engine=15275
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-27 04:16:22
# local_time=2013-09-26 11:16:22 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 0 66442566 0 0
# compatibility_mode=5893 16776574 100 94 0 131798832 0 0
# scanned=365195
# found=10
# cleaned=0
# scan_time=7272
sh=88F07DB216F388A603179649D83BF1FC9AC8CB06 ft=1 fh=b538b1f51b2210a0 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="a variant of Win32/HackTool.CheatEngine.AF application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=1BAEAD2BF8F433DC82F9B2C03FD65CE697A92155 ft=1 fh=5ef702d27470b508 vn="Win64/Sirefef.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir"
sh=14E9C001AD0589419A6B487CBCA0AED97F136CC9 ft=1 fh=b7255d1ba436c149 vn="a variant of Win32/InstallCore.Q application" ac=I fn="C:\Users\Raymond\Downloads\angry-birds-rio.exe"
sh=5042D797D7FA03425D3AD7E333F5435626CA6534 ft=1 fh=d79aa0eaee573ccb vn="multiple threats" ac=I fn="C:\Users\Raymond\Downloads\CheatEngine62.exe"
sh=6D6F591B036398FE29624861504017760E34A433 ft=1 fh=7da278ab98611d15 vn="a variant of Win32/Somoto.A application" ac=I fn="C:\Users\Raymond\Downloads\CheatEngine63.exe"
sh=869EA131F9CCA8B443BD2141B412154827A20937 ft=1 fh=bb1f3b8fd35d2ce3 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:\Users\Raymond\Downloads\cnet2_VHCapture_inst_exe.exe"
sh=6AE94DEE15F1FD24F0BF6A7B2F77E938639C0DAB ft=1 fh=7a04487b7018d778 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Raymond\Downloads\Portforward-Setup-Static-IP-Address.exe"

OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS\ deleted successfully.
========== FILES ==========
< netsh int ip reset c:\resetlog.txt /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
C:\Users\Raymond\Desktop\cmd.bat deleted successfully.
C:\Users\Raymond\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Raymond\Desktop\cmd.bat deleted successfully.
C:\Users\Raymond\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e924:3fe1:27ab:9221%12
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::45e7:cf24:adbd:c7d4%21
IPv4 Address. . . . . . . . . . . : 192.168.56.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Tunnel adapter isatap.{D5605AF0-2CAB-4CA4-A3D4-639E7856CAA5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{1487D1DD-319D-43BE-9178-F238A5F17ADD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{3F007503-3605-4861-BC3C-E3CF4DCE30C8}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{606B01DE-80D7-4D4D-AE00-48106E83C6EC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Raymond\Desktop\cmd.bat deleted successfully.
C:\Users\Raymond\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Raymond\Desktop\cmd.bat deleted successfully.
C:\Users\Raymond\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e924:3fe1:27ab:9221%12
IPv4 Address. . . . . . . . . . . : 172.16.0.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::45e7:cf24:adbd:c7d4%21
IPv4 Address. . . . . . . . . . . : 192.168.56.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Tunnel adapter isatap.{D5605AF0-2CAB-4CA4-A3D4-639E7856CAA5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{1487D1DD-319D-43BE-9178-F238A5F17ADD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{3F007503-3605-4861-BC3C-E3CF4DCE30C8}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{606B01DE-80D7-4D4D-AE00-48106E83C6EC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Raymond\Desktop\cmd.bat deleted successfully.
C:\Users\Raymond\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

FSS Log

Farbar Service Scanner Version: 13-09-2013
Ran by Raymond (administrator) on 26-09-2013 at 23:40:13
Running from "C:\Users\Raymond\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

MiniTool Box Log

MiniToolBox by Farbar Version: 13-07-2013
Ran by Raymond (administrator) on 26-09-2013 at 23:43:26
Running from "C:\Users\Raymond\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2013 09:09:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 09:09:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 09:09:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 09:09:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 09:08:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 00:55:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 00:55:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/25/2013 05:39:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/25/2013 05:38:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/24/2013 09:20:58 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:
=============
Error: (09/26/2013 11:37:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/26/2013 11:36:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/26/2013 11:36:19 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/26/2013 11:36:16 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error:
%%2

Error: (09/26/2013 11:36:15 PM) (Source: Service Control Manager) (User: )
Description: The Splashtop® Remote Service service failed to start due to the following error:
%%2

Error: (09/26/2013 11:35:06 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/26/2013 11:27:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/26/2013 11:26:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/26/2013 11:26:20 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/26/2013 11:26:16 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (09/26/2013 09:09:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (09/26/2013 09:09:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (09/26/2013 09:09:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Downloads\esetsmartinstaller_enu.exe

Error: (09/26/2013 09:09:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Downloads\esetsmartinstaller_enu.exe

Error: (09/26/2013 09:08:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Downloads\esetsmartinstaller_enu.exe

Error: (09/26/2013 00:55:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/26/2013 00:55:22 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/25/2013 05:39:49 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/25/2013 05:38:42 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/24/2013 09:20:58 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

CodeIntegrity Errors:
===================================
Date: 2013-09-24 21:18:37.572
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\loltrain\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-24 21:18:37.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\loltrain\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.799
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.711
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-11-28 18:36:08.559
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-11-28 18:36:08.512
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

**** End of log ****

#19
SleepyDude

Posted 27 September 2013 - 07:16 AM

Trusted Helper

Malware Removal
4,975 posts

Hi! How are you? Here is what you requested.

Fine thank you.

Can you confirm that the two reg files imported correctly?
Also I have to ask if you rebooted the machine before generating the FSS and MiniToolBox log's?

#20
Down_with_malware

Posted 27 September 2013 - 09:37 AM

Member

Topic Starter
Member
173 posts

Yes both of the registry fixes did work. For your second question yes I did reboot. I am not sure if you know this or not;

however the online scanner did pick up some things. One of them redirected you to different sites, but I never had a problem

with sites being redirected.

I can generate them again if you want.

Edited by Down_with_malware, 27 September 2013 - 09:38 AM.

#21
SleepyDude

Posted 27 September 2013 - 09:46 AM

Trusted Helper

Malware Removal
4,975 posts

Yes both of the registry fixes did work. For your second question yes I did reboot. I am not sure if you know this or not;

however the online scanner did pick up some things. One of them redirected you to different sites, but I never had a problem

with sites being redirected.

Yes, we will deal with them next.

I can generate them again if you want.

Get me a new Farbar Service Scanner log please. The last FSS log show a registry key problem that shouldn't exist any more!

#22
Down_with_malware

Posted 27 September 2013 - 10:00 AM

Member

Topic Starter
Member
173 posts

Ok, I got the log. I should let you know though, when I restarted before I scanned it right now; the computer went into

power save mode and wouldn't wake up. I have noticed this problem just yesterday on the other PC as well. I doesn't

happen all the time, so I don't know if its an error of Microsoft's part.

Farbar Service Scanner Version: 13-09-2013
Ran by Raymond (administrator) on 27-09-2013 at 12:57:59
Running from "C:\Users\Raymond\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#23
SleepyDude

Posted 28 September 2013 - 08:56 AM

Trusted Helper

Malware Removal
4,975 posts

Hy Raymond,

The last steps fixed the problem with the Windows Firewall but we need to use a different tool to fix some of the other problems...

Step 1 - Farbar Recovery Scan Tool (FRST)

Download FRST x64 or FRST and save it to the Desktop.
(Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, try the x64 version if it doesn't run you have to execute FRST, your system is probably 32-bits.)
Execute FRST/FRST64 right click on the icon and choose Run as Administrator. Make sure all other windows are closed.
(When the Tool opens for the first time you must click Yes on the disclaimer.)

Press Scan button.
It will produce a log called (FRST.txt) in the same directory the Tool is run from.
The first time the Tool is run, it makes also another log (Addition.txt).
Please copy and paste the logs to your post.

Step 2 - Security Check

Download Security Check by screen317 from here or here.

Save it to the Desktop.
Right click on the icon and choose Run as Administrator.
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the full contents of that document.

Things I would like to see in your next reply:

The FRST.txt log and Addition.txt
The checkup.txt log

#24
Down_with_malware

Posted 28 September 2013 - 06:35 PM

Member

Topic Starter
Member
173 posts

Here is what you request!

Sorry for the delay. How is my PC looking so far?

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Raymond (administrator) on RAYMOND-PC on 28-09-2013 21:08:37
Running from C:\Users\Raymond\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
() C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
(Akamai Technologies, Inc.) C:\Users\Raymond\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Raymond\AppData\Local\Akamai\netsession_win.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
( ) C:\Users\Raymond\Desktop\Byond temp\BYOND\bin\byond.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [DLPSP] - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [913216 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLUPDR] - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE [587584 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLQLU] - C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1284416 2010-06-01] (Dell Inc.)
HKLM-x32\...\Runonce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [Dyyno Launcher] - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe [2151776 2011-01-14] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Raymond\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3414680 2012-08-06] (Electronic Arts)
HKCU\...\Run: [Facebook Update] - C:\Users\Raymond\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-04-05] (AMD)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85EA27F39FB9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {742E0F43-608E-4F12-A842-B6FB5E00CE7C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {742E0F43-608E-4F12-A842-B6FB5E00CE7C} URL =
SearchScopes: HKCU - {F89B06FE-6877-46C2-A478-1052A80277BE} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:
========
FF ProfilePath: C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\emjns1bq.default-1366000464933
FF Homepage: hxxp://mysearch.avg.com/?cid={A896BD21-6E43-48B2-9004-0130699D5CD5}&mid=6d0a288c80a347d0a3a969e52938158a-2e02fea7cb7fc60c940d8c820a158f443230407d&lang=en&ds=AVG&pr=fr&d=2013-07-11 18:49:29&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: BYOND - C:\Users\Raymond\Desktop\Byond temp\BYOND\bin\npbyond.dll (BYOND)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Raymond\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Raymond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Raymond\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: feca4b87-3be4-43da-a1b1-137c24220968 - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\emjns1bq.default-1366000464933\Extensions\[email protected]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155888 2009-10-16] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [344384 2010-06-01] (Dell Inc.)
R2 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-01-14] ()
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3986936 2011-03-08] (INCA Internet Co., Ltd.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [x]
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2010-12-03] (Windows ® Codename Longhorn DDK provider)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 uqk; C:\koramgame\STOnline\avital\wyqku64.sys [50608 2012-05-11] ()
S3 uqk; C:\koramgame\STOnline\avital\wyqku64.sys [50608 2012-05-11] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-11-13] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-11-13] (OpenLibSys.org)
R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\loltrain\catchme.sys [x]
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-28 21:08 - 2013-09-28 21:08 - 00000000 ____D C:\FRST
2013-09-28 21:02 - 2013-09-28 21:02 - 01953880 _____ (Farbar) C:\Users\Raymond\Desktop\FRST64.exe
2013-09-27 12:57 - 2013-09-27 12:58 - 00002630 _____ C:\Users\Raymond\Desktop\FSS.txt
2013-09-26 21:08 - 2013-09-26 21:08 - 02347384 _____ (ESET) C:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe
2013-09-26 12:21 - 2013-09-26 12:21 - 00000094 _____ C:\DeQuarantine.txt
2013-09-26 12:21 - 2010-12-02 03:25 - 00086016 _____ (Beepa P/L) C:\Users\Raymond\Desktop\frapsvid.dll
2013-09-26 12:19 - 2013-09-26 12:21 - 00000000 ___SD C:\loltrain28299l
2013-09-26 12:18 - 2013-09-26 12:18 - 00000000 ___SD C:\loltrain
2013-09-24 21:05 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-24 21:05 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-24 21:05 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-24 21:05 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-24 21:05 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-24 20:55 - 2013-09-26 12:16 - 05129766 ____R (Swearware) C:\Users\Raymond\Desktop\loltrain.exe
2013-09-24 12:30 - 2013-09-24 12:31 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Raymond\Desktop\tdsskiller.exe
2013-09-24 12:21 - 2013-09-24 20:53 - 00000000 ____D C:\AdwCleaner
2013-09-24 12:21 - 2013-09-24 12:21 - 01042066 _____ C:\Users\Raymond\Desktop\adwcleaner.exe
2013-09-24 12:13 - 2013-09-24 12:13 - 00000000 ____D C:\_OTL
2013-09-24 04:19 - 2013-09-24 04:59 - 00000000 ____D C:\Users\Raymond\Desktop\mbar
2013-09-24 04:19 - 2013-09-24 04:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-24 04:18 - 2013-09-24 04:19 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Raymond\Desktop\mbar-1.07.0.1005.exe
2013-09-23 19:31 - 2013-09-23 19:33 - 00000000 ____D C:\Program Files\Wireshark
2013-09-23 11:49 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\pss
2013-09-23 10:02 - 2013-09-23 10:02 - 00602112 _____ (OldTimer Tools) C:\Users\Raymond\Desktop\OTL.exe
2013-09-23 09:57 - 2013-09-23 09:57 - 00000028 _____ C:\Users\Raymond\Desktop\something.txt
2013-09-22 18:13 - 2013-09-22 18:14 - 00358923 _____ (Farbar) C:\Users\Raymond\Desktop\FSS.exe
2013-09-22 15:18 - 2013-09-22 15:18 - 00760937 _____ (Farbar) C:\Users\Raymond\Desktop\MiniToolBox.exe
2013-09-21 23:17 - 2013-09-21 23:59 - 00000000 ____D C:\Users\Raymond\Desktop\dp_betastyleroboldier
2013-09-19 22:35 - 2013-09-19 22:35 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-19 19:41 - 2013-09-19 19:41 - 00000768 _____ C:\Users\Raymond\Desktop\Toribash.lnk
2013-09-19 19:34 - 2013-09-19 19:34 - 00158168 _____ () C:\Users\Raymond\Downloads\CheatEngine63.exe
2013-09-19 19:24 - 2013-09-19 19:34 - 62001095 _____ (Nabi Studios Pte Ltd ) C:\Users\Raymond\Downloads\Toribash-4.5-Setup.exe
2013-09-18 22:38 - 2013-09-18 22:38 - 00001634 _____ C:\Users\Public\Desktop\ActiveWorlds.lnk
2013-09-18 22:38 - 2013-09-18 22:38 - 00000000 __HDC C:\ProgramData\{25E6D7F6-CF1E-44DE-A992-1BCCB8100732}
2013-09-18 20:52 - 2013-09-18 20:53 - 26221832 _____ (ActiveWorlds, Inc. ) C:\Users\Raymond\Downloads\ActiveWorlds.exe
2013-09-17 12:05 - 2013-09-17 12:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-16 16:32 - 2013-09-16 16:32 - 08164559 _____ (FFsplit Team ) C:\Users\Raymond\Downloads\FFsplit-07022-Full.exe
2013-09-15 11:13 - 2013-09-28 18:12 - 00403428 _____ C:\Windows\WindowsUpdate.log
2013-09-15 11:08 - 2013-09-27 12:54 - 00000616 _____ C:\Windows\setupact.log
2013-09-15 11:08 - 2013-09-26 23:36 - 00005164 _____ C:\Windows\PFRO.log
2013-09-15 11:08 - 2013-09-15 11:08 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 10:52 - 2013-09-22 13:32 - 00000868 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-15 10:48 - 2013-09-15 10:49 - 04454952 _____ (Piriform Ltd) C:\Users\Raymond\Downloads\ccsetup405.exe
2013-09-15 02:21 - 2013-09-15 02:21 - 00001071 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2013-09-15 02:20 - 2013-09-15 02:20 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2013-09-14 11:26 - 2013-09-14 11:44 - 39951920 _____ (SplitMediaLabs) C:\Users\Raymond\Downloads\xsplit_installer_v1.3.1309.0603.exe
2013-09-12 04:18 - 2013-09-12 04:18 - 00001824 _____ C:\Users\Public\Desktop\Apps.lnk
2013-09-12 04:18 - 2013-09-12 04:18 - 00001769 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-09-12 04:17 - 2013-09-12 04:17 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-09-12 04:16 - 2013-09-12 04:20 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-09-12 04:16 - 2013-09-12 04:17 - 00000000 ____D C:\ProgramData\BlueStacks
2013-09-12 04:16 - 2013-09-12 04:16 - 09159560 _____ (BlueStack Systems Inc.) C:\Users\Raymond\Downloads\BlueStacks-SplitInstaller_native.exe
2013-09-11 15:24 - 2013-09-11 15:24 - 00000222 _____ C:\Users\Raymond\Desktop\Awesomenauts.url
2013-09-10 21:57 - 2013-09-10 21:57 - 00000222 _____ C:\Users\Raymond\Desktop\Amnesia A Machine for Pigs.url
2013-09-10 21:45 - 2013-09-10 21:45 - 00001126 _____ C:\Users\Raymond\Desktop\Free Screen To Video.lnk
2013-09-10 21:42 - 2013-09-10 21:42 - 00000000 ____D C:\Users\Raymond\AppData\Roaming\OBS
2013-09-10 21:41 - 2013-09-10 21:42 - 00000000 ____D C:\Program Files (x86)\OBS
2013-09-10 21:41 - 2013-09-10 21:41 - 00000897 _____ C:\Users\Raymond\Desktop\Open Broadcaster Software.lnk
2013-09-10 21:41 - 2013-09-10 21:41 - 00000000 ____D C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2013-09-10 21:39 - 2013-09-10 21:40 - 07328225 _____ C:\Users\Raymond\Downloads\OBS_0_554b_Installer.exe
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2013-09-28 21:08 - 2013-09-28 21:08 - 00000000 ____D C:\FRST
2013-09-28 21:02 - 2013-09-28 21:02 - 01953880 _____ (Farbar) C:\Users\Raymond\Desktop\FRST64.exe
2013-09-28 20:35 - 2012-04-06 19:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-28 19:22 - 2012-05-02 16:11 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-846124840-1575257757-4093298459-1000UA.job
2013-09-28 18:12 - 2013-09-15 11:13 - 00403428 _____ C:\Windows\WindowsUpdate.log
2013-09-28 17:49 - 2012-04-25 01:34 - 00000000 ____D C:\ProgramData\MFAData
2013-09-28 16:22 - 2012-05-02 16:11 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-846124840-1575257757-4093298459-1000Core.job
2013-09-28 08:16 - 2010-11-24 22:13 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BAE904AF-961A-4E73-8066-AADCEB529655}
2013-09-27 23:29 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-27 23:29 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-27 12:58 - 2013-09-27 12:57 - 00002630 _____ C:\Users\Raymond\Desktop\FSS.txt
2013-09-27 12:55 - 2011-04-17 01:42 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-27 12:55 - 2010-11-20 07:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-27 12:54 - 2013-09-15 11:08 - 00000616 _____ C:\Windows\setupact.log
2013-09-27 12:54 - 2010-12-08 16:05 - 00000031 _____ C:\Windows\system32\bbcap.err
2013-09-27 12:54 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-26 23:36 - 2013-09-15 11:08 - 00005164 _____ C:\Windows\PFRO.log
2013-09-26 23:27 - 2012-11-15 10:51 - 00000000 ____D C:\Users\Raymond\AppData\Local\Apps\2.0
2013-09-26 22:29 - 2010-11-27 23:43 - 00000000 ____D C:\Users\Raymond\AppData\Roaming\Skype
2013-09-26 21:08 - 2013-09-26 21:08 - 02347384 _____ (ESET) C:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe
2013-09-26 12:21 - 2013-09-26 12:21 - 00000094 _____ C:\DeQuarantine.txt
2013-09-26 12:21 - 2013-09-26 12:19 - 00000000 ___SD C:\loltrain28299l
2013-09-26 12:21 - 2011-11-28 19:04 - 00000000 ____D C:\Qoobox
2013-09-26 12:18 - 2013-09-26 12:18 - 00000000 ___SD C:\loltrain
2013-09-26 12:16 - 2013-09-24 20:55 - 05129766 ____R (Swearware) C:\Users\Raymond\Desktop\loltrain.exe
2013-09-24 21:30 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-09-24 20:54 - 2013-06-26 19:20 - 00000000 ____D C:\Users\Raymond\Desktop\TheLordoftheRingsOnlineDE
2013-09-24 20:53 - 2013-09-24 12:21 - 00000000 ____D C:\AdwCleaner
2013-09-24 12:35 - 2010-12-02 10:11 - 00000000 ____D C:\Users\Raymond\Tracing
2013-09-24 12:31 - 2013-09-24 12:30 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Raymond\Desktop\tdsskiller.exe
2013-09-24 12:21 - 2013-09-24 12:21 - 01042066 _____ C:\Users\Raymond\Desktop\adwcleaner.exe
2013-09-24 12:13 - 2013-09-24 12:13 - 00000000 ____D C:\_OTL
2013-09-24 12:10 - 2012-04-13 13:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-24 04:59 - 2013-09-24 04:19 - 00000000 ____D C:\Users\Raymond\Desktop\mbar
2013-09-24 04:59 - 2013-09-24 04:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-24 04:19 - 2013-09-24 04:18 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Raymond\Desktop\mbar-1.07.0.1005.exe
2013-09-24 01:16 - 2010-11-24 16:53 - 00000000 ____D C:\Users\Raymond
2013-09-23 23:35 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-23 23:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-23 19:33 - 2013-09-23 19:31 - 00000000 ____D C:\Program Files\Wireshark
2013-09-23 19:32 - 2013-04-19 15:05 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-09-23 11:49 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\pss
2013-09-23 10:02 - 2013-09-23 10:02 - 00602112 _____ (OldTimer Tools) C:\Users\Raymond\Desktop\OTL.exe
2013-09-23 09:57 - 2013-09-23 09:57 - 00000028 _____ C:\Users\Raymond\Desktop\something.txt
2013-09-22 18:14 - 2013-09-22 18:13 - 00358923 _____ (Farbar) C:\Users\Raymond\Desktop\FSS.exe
2013-09-22 15:18 - 2013-09-22 15:18 - 00760937 _____ (Farbar) C:\Users\Raymond\Desktop\MiniToolBox.exe
2013-09-22 13:32 - 2013-09-15 10:52 - 00000868 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-21 23:59 - 2013-09-21 23:17 - 00000000 ____D C:\Users\Raymond\Desktop\dp_betastyleroboldier
2013-09-19 22:36 - 2012-04-06 19:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 22:36 - 2012-04-06 19:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 22:36 - 2011-06-09 12:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 22:35 - 2013-09-19 22:35 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-19 19:41 - 2013-09-19 19:41 - 00000768 _____ C:\Users\Raymond\Desktop\Toribash.lnk
2013-09-19 19:41 - 2010-11-25 02:49 - 00000000 ____D C:\Games
2013-09-19 19:34 - 2013-09-19 19:34 - 00158168 _____ () C:\Users\Raymond\Downloads\CheatEngine63.exe
2013-09-19 19:34 - 2013-09-19 19:24 - 62001095 _____ (Nabi Studios Pte Ltd ) C:\Users\Raymond\Downloads\Toribash-4.5-Setup.exe
2013-09-19 14:45 - 2009-07-14 00:13 - 00781798 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 22:42 - 2011-04-22 16:24 - 00000000 ____D C:\ActiveWorlds
2013-09-18 22:38 - 2013-09-18 22:38 - 00001634 _____ C:\Users\Public\Desktop\ActiveWorlds.lnk
2013-09-18 22:38 - 2013-09-18 22:38 - 00000000 __HDC C:\ProgramData\{25E6D7F6-CF1E-44DE-A992-1BCCB8100732}
2013-09-18 20:53 - 2013-09-18 20:52 - 26221832 _____ (ActiveWorlds, Inc. ) C:\Users\Raymond\Downloads\ActiveWorlds.exe
2013-09-17 12:05 - 2013-09-17 12:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-16 16:32 - 2013-09-16 16:32 - 08164559 _____ (FFsplit Team ) C:\Users\Raymond\Downloads\FFsplit-07022-Full.exe
2013-09-15 11:08 - 2013-09-15 11:08 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 11:02 - 2013-06-18 09:59 - 00000000 ____D C:\AeriaGames
2013-09-15 10:59 - 2011-04-22 16:24 - 00000000 __HDC C:\ProgramData\{52F4528B-F91E-46CF-8C6E-30AF0524D663}
2013-09-15 10:58 - 2012-01-16 21:09 - 00000000 ____D C:\Windows\Minidump
2013-09-15 10:52 - 2011-12-17 02:40 - 00000000 ____D C:\Program Files\CCleaner
2013-09-15 10:49 - 2013-09-15 10:48 - 04454952 _____ (Piriform Ltd) C:\Users\Raymond\Downloads\ccsetup405.exe
2013-09-15 02:21 - 2013-09-15 02:21 - 00001071 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2013-09-15 02:21 - 2013-06-18 10:22 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-09-15 02:20 - 2013-09-15 02:20 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2013-09-14 11:44 - 2013-09-14 11:26 - 39951920 _____ (SplitMediaLabs) C:\Users\Raymond\Downloads\xsplit_installer_v1.3.1309.0603.exe
2013-09-13 09:11 - 2013-07-31 08:15 - 00000110 _____ C:\Windows\SysWOW64\usergui.cfg
2013-09-13 09:11 - 2013-01-11 09:33 - 00002064 _____ C:\Windows\SysWOW64\userawacs.cfg
2013-09-13 09:10 - 2012-12-13 15:40 - 00000846 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-12 04:20 - 2013-09-12 04:16 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-09-12 04:18 - 2013-09-12 04:18 - 00001824 _____ C:\Users\Public\Desktop\Apps.lnk
2013-09-12 04:18 - 2013-09-12 04:18 - 00001769 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-09-12 04:18 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-12 04:17 - 2013-09-12 04:17 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-09-12 04:17 - 2013-09-12 04:16 - 00000000 ____D C:\ProgramData\BlueStacks
2013-09-12 04:16 - 2013-09-12 04:16 - 09159560 _____ (BlueStack Systems Inc.) C:\Users\Raymond\Downloads\BlueStacks-SplitInstaller_native.exe
2013-09-11 15:24 - 2013-09-11 15:24 - 00000222 _____ C:\Users\Raymond\Desktop\Awesomenauts.url
2013-09-11 10:49 - 2011-04-17 02:08 - 00000000 ____D C:\Users\Raymond\Documents\Amnesia
2013-09-10 21:57 - 2013-09-10 21:57 - 00000222 _____ C:\Users\Raymond\Desktop\Amnesia A Machine for Pigs.url
2013-09-10 21:45 - 2013-09-10 21:45 - 00001126 _____ C:\Users\Raymond\Desktop\Free Screen To Video.lnk
2013-09-10 21:42 - 2013-09-10 21:42 - 00000000 ____D C:\Users\Raymond\AppData\Roaming\OBS
2013-09-10 21:42 - 2013-09-10 21:41 - 00000000 ____D C:\Program Files (x86)\OBS
2013-09-10 21:41 - 2013-09-10 21:41 - 00000897 _____ C:\Users\Raymond\Desktop\Open Broadcaster Software.lnk
2013-09-10 21:41 - 2013-09-10 21:41 - 00000000 ____D C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2013-09-10 21:40 - 2013-09-10 21:39 - 07328225 _____ C:\Users\Raymond\Downloads\OBS_0_554b_Installer.exe
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-02 18:32 - 2011-07-01 13:40 - 00000000 ____D C:\Users\Raymond\AppData\Roaming\SoftGrid Client
2013-09-02 18:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-23 20:47

==================== End Of Log ============================

Security Check Log

Opps, I guess I had some outdated stuff.

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 19.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#25
SleepyDude

Posted 29 September 2013 - 12:04 PM

Trusted Helper

Malware Removal
4,975 posts

Hy Raymond,

I found some minor problems on your log's let's use FRST to fix them...

Step 1 - FRST Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy.)
Right-click in the open Notepad and select Paste.
Save it on the Desktop as fixlist.txt
(It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)

Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
C:\Program Files (x86)\Cheat Engine 6.2
C:\Users\Raymond\Downloads\angry-birds-rio.exe
C:\Users\Raymond\Downloads\CheatEngine62.exe
C:\Users\Raymond\Downloads\CheatEngine63.exe
C:\Users\Raymond\Downloads\cnet2_VHCapture_inst_exe.exe
C:\Users\Raymond\Downloads\Portforward-Setup-Static-IP-Address.exe
cmd: netsh winsock reset
Reg: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /t REG_SZ /d "" /f
Run FRST/FRST64 and press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.
Restart the Computer

Step 2 - Farbar Service Scanner

Run FSS by double clicking the icon
(On Windows Vista or higher right click the file and select Run as Administrator)
Check all the options
click Scan
Post the generated log on your reply (The FSS.txt log is saved to the same folder where FSS is run from).

Step 3 - Farbar MiniToolBox

Execute again the MiniToolBox you have on the Desktop, check the following options:

List Winsock Entries
List last 10 Event Viewer log
List Users, Partitions and Memory size
Click on Go.
Post the resulting log in your next reply.

Step 4 - Update Programs

From the Security Check log there are some critical programs that you need to update:

» Update Java
Your version of Java Runtime is outdated! In light of the recent events surrounding Java that is constantly target by malware, users must seriously consider their use of Java.
Do you really need it? If yes, go to the Java download page and click from the link Windows Offline this file will not include any unneeded extras like the ASK Toolbar. When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater.

» Update Adobe Reader
The Adobe Reader you have is outdated! and vulnerable to security exploits. The version presently installed it's very old, you need to Uninstall Adobe Reader 9 and 10.1.7 by using the Control Panel > Uninstall a program (or Programs and Features if in Classic View). Next download and install the most recent version by visiting the Adobe Reader page, make sure you uncheck the box offering any extra programs like the McAfee Security Scan Plus.

» Update Firefox
Mozilla Firefox is also outdated! the browser is the most exposed software when you access the Internet it's very important to keep it updated all the times for security reasons and also because some web sites will only work correctly with the most recent versions. You can update by starting Firefox then click Help > About > click the button Check for Updates if there is a newer version the download will start, wait and then click Apply Update and restart Firefox.
Alternatively you could visit the Mozilla Firefox web page here and click on the green button that says Firefox Free Download to download and upgrade to the most recent version.

Things I would like to see in your next reply:

The Fixlog.txt log
The FSS.txt log
MiniTooBox log Result.txt
How is the computer behaving?
Does the high memory usage continues?

#26
Down_with_malware

Posted 01 October 2013 - 12:05 AM

Member

Topic Starter
Member
173 posts

Update! Alright, I got all this ready for you. Also, I would like to tell you..my whole PC froze up and I had to do a manual restart, even the mouse wouldn't move. This happened before I did your steps however, so I don't know if this fixed it or not. The PC takes a while to start up, and icon loading is slow. I have a duel core processor, I just don't understand what is going on. You are doing great by the way! Hope your teachers are proud of you. :thumbsup:

Also going to work on updating these programs like you asked.

Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by Raymond at 2013-10-01 02:49:48 Run:1
Running from C:\Users\Raymond\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
C:\Program Files (x86)\Cheat Engine 6.2
C:\Users\Raymond\Downloads\angry-birds-rio.exe
C:\Users\Raymond\Downloads\CheatEngine62.exe
C:\Users\Raymond\Downloads\CheatEngine63.exe
C:\Users\Raymond\Downloads\cnet2_VHCapture_inst_exe.exe
C:\Users\Raymond\Downloads\Portforward-Setup-Static-IP-Address.exe
cmd: netsh winsock reset
Reg: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /t REG_SZ /d "" /f
*****************

Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Program Files (x86)\Cheat Engine 6.2 => Moved successfully.
C:\Users\Raymond\Downloads\angry-birds-rio.exe => Moved successfully.
C:\Users\Raymond\Downloads\CheatEngine62.exe => Moved successfully.
C:\Users\Raymond\Downloads\CheatEngine63.exe => Moved successfully.
C:\Users\Raymond\Downloads\cnet2_VHCapture_inst_exe.exe => Moved successfully.
C:\Users\Raymond\Downloads\Portforward-Setup-Static-IP-Address.exe => Moved successfully.

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /t REG_SZ /d "" /f =========

The operation completed successfully.

========= End of Reg: =========

==== End of Fixlog ====

The FSS log

Farbar Service Scanner Version: 13-09-2013
Ran by Raymond (administrator) on 01-10-2013 at 02:55:04
Running from "C:\Users\Raymond\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:

MiniTool Log

MiniToolBox by Farbar Version: 13-07-2013
Ran by Raymond (administrator) on 01-10-2013 at 02:57:26
Running from "C:\Users\Raymond\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/01/2013 02:53:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/01/2013 02:46:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/30/2013 00:55:50 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,

Error: (09/30/2013 01:01:51 AM) (Source: Application Hang) (User: )
Description: The program toribash.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18c8

Start Time: 01cebd39c1381c19

Termination Time: 389

Application Path: C:\Games\Toribash-4.5\toribash.exe

Report Id: c8ce5f07-2995-11e3-abb1-b8ac6fdcfc79

Error: (09/29/2013 08:29:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 08:27:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/27/2013 00:33:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/27/2013 00:33:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/26/2013 09:09:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 09:09:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (10/01/2013 02:53:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/01/2013 02:53:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/01/2013 02:52:31 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/01/2013 02:52:21 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error:
%%2

Error: (10/01/2013 02:52:21 AM) (Source: Service Control Manager) (User: )
Description: The Splashtop® Remote Service service failed to start due to the following error:
%%2

Error: (10/01/2013 02:48:54 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/01/2013 02:48:54 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/01/2013 02:48:54 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/01/2013 02:48:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/01/2013 02:48:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (10/01/2013 02:53:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (10/01/2013 02:46:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (09/30/2013 00:55:50 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/30/2013 01:01:51 AM) (Source: Application Hang)(User: )
Description: toribash.exe0.0.0.018c801cebd39c1381c19389C:\Games\Toribash-4.5\toribash.exec8ce5f07-2995-11e3-abb1-b8ac6fdcfc79

Error: (09/29/2013 08:29:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/29/2013 08:27:15 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/27/2013 00:33:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/27/2013 00:33:06 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/26/2013 09:09:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (09/26/2013 09:09:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

CodeIntegrity Errors:
===================================
Date: 2013-09-24 21:18:37.572
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\loltrain\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-24 21:18:37.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\loltrain\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.799
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.711
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-11-28 18:36:08.559
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-11-28 18:36:08.512
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 3070.98 MB
Available physical RAM: 906.33 MB
Total Pagefile: 6140.15 MB
Available Pagefile: 3647.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.58 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:454.28 GB) (Free:265.02 GB) NTFS

========================= Users: ========================================

User accounts for \\RAYMOND-PC

Administrator Guest Raymond

**** End of log ****

Edited by Down_with_malware, 01 October 2013 - 12:07 AM.

#27
SleepyDude

Posted 01 October 2013 - 12:53 PM

Trusted Helper

Malware Removal
4,975 posts

Hi Raymond,

The Windows Event Viewer is reporting some problems let's see if we can fix them...

Step 1 - FRST Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy.)
Right-click in the open Notepad and select Paste.
Save it on the Desktop as fixlist.txt
(It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)

S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [x]
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
cmd: sc config SftService start= disabled
cmd: tasklist
Run FRST/FRST64 and press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.
Restart the Computer

Step 2 - Check Windows System files integrity

open the Command Prompt as Administrator (Tutorial)
type the following command and press Enter:
```
sfc /scannow
```
Note: This may take some time to finish.

if it say some errors are found please execute this:

In the elevated command prompt, type:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

Close the elevated command prompt.
Attach to your post the sfcdetails.txt file that was just placed on your Desktop
You can safely delete the sfcdetails.txt file afterwards if you like

Step 3 - Farbar MiniToolBox

Execute again the MiniToolBox you have on the Desktop, check the following options:

List last 10 Event Viewer log
Click on Go.
Post the resulting log in your next reply.

Things I would like to see in your next reply:

The Fixlog.txt log
The sfcdetails.txt if errors are found
MiniTooBox log Result.txt

#28
Down_with_malware

Posted 01 October 2013 - 02:37 PM

Member

Topic Starter
Member
173 posts

Good evening sleepy dude! My PC is reporting corrupt files like I am about to show you. Do you think this happened because of the malware?

FixLog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by Raymond at 2013-10-01 16:49:08 Run:2
Running from C:\Users\Raymond\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [x]
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
cmd: sc config SftService start= disabled
cmd: tasklist
*****************

SplashtopRemoteService => Service deleted successfully.
vToolbarUpdater15.5.0 => Service deleted successfully.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.

========= sc config SftService start= disabled =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========

========= tasklist =========

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 2,064 K
smss.exe 296 Services 0 80 K
avgrsa.exe 416 Services 0 74,872 K
avgcsrva.exe 480 Services 0 18,568 K
csrss.exe 684 Services 0 1,644 K
wininit.exe 764 Services 0 144 K
csrss.exe 792 Console 1 4,560 K
services.exe 816 Services 0 5,888 K
lsass.exe 848 Services 0 6,428 K
lsm.exe 856 Services 0 1,776 K
winlogon.exe 904 Console 1 2,388 K
svchost.exe 1004 Services 0 4,356 K
svchost.exe 648 Services 0 4,600 K
atiesrxx.exe 760 Services 0 148 K
svchost.exe 1036 Services 0 11,000 K
svchost.exe 1080 Services 0 37,532 K
svchost.exe 1124 Services 0 10,420 K
svchost.exe 1156 Services 0 19,776 K
DockLogin.exe 1336 Services 0 136 K
atieclxx.exe 1392 Console 1 368 K
svchost.exe 1472 Services 0 9,108 K
spoolsv.exe 1648 Services 0 5,484 K
svchost.exe 1688 Services 0 7,840 K
PhotoshopElementsFileAgen 1940 Services 0 380 K
svchost.exe 1136 Services 0 5,036 K
avgidsagent.exe 1272 Services 0 13,060 K
avgwdsvc.exe 1456 Services 0 10,984 K
HD-LogRotatorService.exe 1868 Services 0 2,412 K
dlsdbnt.exe 2060 Services 0 1,524 K
launcherd.exe 2164 Services 0 248 K
hamachi-2.exe 2200 Services 0 6,064 K
MSCamS64.exe 2228 Services 0 528 K
SftService.exe 2532 Services 0 1,712 K
sftvsa.exe 2556 Services 0 156 K
c2c_service.exe 2596 Services 0 968 K
sqlwriter.exe 2672 Services 0 180 K
svchost.exe 2712 Services 0 3,896 K
WLIDSVC.EXE 2780 Services 0 1,800 K
YahooAUService.exe 2856 Services 0 336 K
HD-Service.exe 2948 Services 0 2,884 K
WLIDSVCM.EXE 2996 Services 0 132 K
dlpwdnt.exe 3040 Services 0 252 K
sftlist.exe 2080 Services 0 2,192 K
HD-Network.exe 3108 Services 0 4,536 K
conhost.exe 3212 Services 0 300 K
HD-BlockDevice.exe 3312 Services 0 2,344 K
conhost.exe 3368 Services 0 300 K
HD-SharedFolder.exe 3472 Services 0 2,548 K
conhost.exe 3480 Services 0 300 K
taskhost.exe 3628 Console 1 3,680 K
avgnsa.exe 3724 Services 0 8,908 K
dwm.exe 3732 Console 1 26,532 K
avgemca.exe 3740 Services 0 1,744 K
explorer.exe 3812 Console 1 37,844 K
Toaster.exe 2272 Console 1 11,584 K
DSUpd.exe 2976 Console 1 1,884 K
STService.exe 3940 Console 1 7,772 K
CVHSVC.EXE 4124 Services 0 160 K
svchost.exe 4372 Services 0 3,776 K
rundll32.exe 4456 Console 1 2,552 K
svchost.exe 4704 Services 0 180 K
WUDFHost.exe 4836 Services 0 264 K
RAVCpl64.exe 5080 Console 1 468 K
vVX3000.exe 5096 Console 1 588 K
dlpsp.exe 3200 Console 1 1,920 K
dlupdr.exe 4268 Console 1 260 K
Steam.exe 3248 Console 1 1,968 K
dyyno_launcher.exe 3244 Console 1 380 K
netsession_win.exe 4712 Console 1 984 K
WN111v2.exe 5020 Console 1 2,336 K
netsession_win.exe 5292 Console 1 6,024 K
TSVNCache.exe 5300 Console 1 892 K
IAStorIcon.exe 5308 Console 1 5,612 K
DataSafeOnline.exe 5356 Console 1 5,516 K
RoxioBurnLauncher.exe 5372 Console 1 1,472 K
AdobeARM.exe 5656 Console 1 2,196 K
avgui.exe 5696 Console 1 8,092 K
hamachi-2-ui.exe 5852 Console 1 1,516 K
MOM.exe 5904 Console 1 4,168 K
aeriaignite.exe 6080 Console 1 16,276 K
HD-Agent.exe 5168 Console 1 12,316 K
firefox.exe 6992 Console 1 180,168 K
Ymsgr_tray.exe 5116 Console 1 508 K
CCC.exe 6988 Console 1 23,984 K
IAStorDataMgrSvc.exe 3672 Services 0 5,536 K
wmpnetwk.exe 7980 Services 0 11,284 K
svchost.exe 7636 Services 0 136 K
wuauclt.exe 6608 Console 1 1,060 K
SeaPort.EXE 4584 Services 0 144 K
audiodg.exe 1316 Services 0 16,348 K
armsvc.exe 2684 Services 0 140 K
taskmgr.exe 3436 Console 1 9,836 K
SearchIndexer.exe 3520 Services 0 51,680 K
FRST64.exe 7780 Console 1 26,112 K
SearchProtocolHost.exe 3124 Services 0 7,904 K
SearchFilterHost.exe 5520 Services 0 6,268 K
cmd.exe 6204 Console 1 2,592 K
conhost.exe 1232 Console 1 4,552 K
tasklist.exe 7800 Console 1 5,560 K
dllhost.exe 696 Console 1 5,560 K
WmiPrvSE.exe 7860 Services 0 6,180 K

========= End of CMD: =========

==== End of Fixlog ====

sfcdetails.txt

2013-10-01 16:58:16, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:16, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:18, Info CSI 00000025 [SR] Verify complete
2013-10-01 16:58:18, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:18, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:21, Info CSI 00000029 [SR] Verify complete
2013-10-01 16:58:22, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:22, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:24, Info CSI 0000002d [SR] Verify complete
2013-10-01 16:58:25, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:25, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:28, Info CSI 00000031 [SR] Verify complete
2013-10-01 16:58:28, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:28, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:30, Info CSI 00000035 [SR] Verify complete
2013-10-01 16:58:30, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:30, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:34, Info CSI 00000039 [SR] Verify complete
2013-10-01 16:58:34, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:34, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:37, Info CSI 0000003d [SR] Verify complete
2013-10-01 16:58:37, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:37, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:40, Info CSI 00000041 [SR] Verify complete
2013-10-01 16:58:40, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:40, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:42, Info CSI 00000045 [SR] Verify complete
2013-10-01 16:58:42, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:42, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:45, Info CSI 00000049 [SR] Verify complete
2013-10-01 16:58:45, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:45, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:51, Info CSI 0000004d [SR] Verify complete
2013-10-01 16:58:51, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:51, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2013-10-01 16:58:59, Info CSI 00000051 [SR] Verify complete
2013-10-01 16:58:59, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:58:59, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:03, Info CSI 00000055 [SR] Verify complete
2013-10-01 16:59:03, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:03, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:08, Info CSI 0000005a [SR] Verify complete
2013-10-01 16:59:09, Info CSI 0000005b [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:09, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:14, Info CSI 00000061 [SR] Verify complete
2013-10-01 16:59:14, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:14, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:18, Info CSI 00000066 [SR] Verify complete
2013-10-01 16:59:18, Info CSI 00000067 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:18, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:22, Info CSI 0000006a [SR] Verify complete
2013-10-01 16:59:22, Info CSI 0000006b [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:22, Info CSI 0000006c [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:28, Info CSI 00000081 [SR] Verify complete
2013-10-01 16:59:29, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:29, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:35, Info CSI 00000095 [SR] Verify complete
2013-10-01 16:59:35, Info CSI 00000096 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:35, Info CSI 00000097 [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:40, Info CSI 00000099 [SR] Verify complete
2013-10-01 16:59:41, Info CSI 0000009a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:41, Info CSI 0000009b [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:44, Info CSI 0000009d [SR] Verify complete
2013-10-01 16:59:45, Info CSI 0000009e [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:45, Info CSI 0000009f [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:49, Info CSI 000000a1 [SR] Verify complete
2013-10-01 16:59:49, Info CSI 000000a2 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:49, Info CSI 000000a3 [SR] Beginning Verify and Repair transaction
2013-10-01 16:59:54, Info CSI 000000a5 [SR] Verify complete
2013-10-01 16:59:54, Info CSI 000000a6 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 16:59:54, Info CSI 000000a7 [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:01, Info CSI 000000a9 [SR] Verify complete
2013-10-01 17:00:01, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:01, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:10, Info CSI 000000ce [SR] Verify complete
2013-10-01 17:00:10, Info CSI 000000cf [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:10, Info CSI 000000d0 [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:17, Info CSI 000000d2 [SR] Verify complete
2013-10-01 17:00:17, Info CSI 000000d3 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:17, Info CSI 000000d4 [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:30, Info CSI 000000d6 [SR] Verify complete
2013-10-01 17:00:30, Info CSI 000000d7 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:30, Info CSI 000000d8 [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:40, Info CSI 000000dc [SR] Verify complete
2013-10-01 17:00:40, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:40, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:42, Info CSI 000000e0 [SR] Verify complete
2013-10-01 17:00:42, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:42, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:43, Info CSI 000000e4 [SR] Verify complete
2013-10-01 17:00:43, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:43, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:48, Info CSI 000000e8 [SR] Verify complete
2013-10-01 17:00:48, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:48, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:56, Info CSI 000000fd [SR] Verify complete
2013-10-01 17:00:56, Info CSI 000000fe [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:56, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2013-10-01 17:00:58, Info CSI 00000101 [SR] Verify complete
2013-10-01 17:00:58, Info CSI 00000102 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:00:58, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:03, Info CSI 00000105 [SR] Verify complete
2013-10-01 17:01:03, Info CSI 00000106 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:03, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:06, Info CSI 00000109 [SR] Verify complete
2013-10-01 17:01:06, Info CSI 0000010a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:06, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:12, Info CSI 0000010e [SR] Verify complete
2013-10-01 17:01:12, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:12, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:19, Info CSI 00000112 [SR] Verify complete
2013-10-01 17:01:19, Info CSI 00000113 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:19, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:21, Info CSI 00000116 [SR] Verify complete
2013-10-01 17:01:22, Info CSI 00000117 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:22, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:24, Info CSI 0000011a [SR] Verify complete
2013-10-01 17:01:24, Info CSI 0000011b [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:24, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:33, Info CSI 0000011e [SR] Verify complete
2013-10-01 17:01:34, Info CSI 0000011f [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:34, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:38, Info CSI 00000122 [SR] Verify complete
2013-10-01 17:01:38, Info CSI 00000123 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:38, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:46, Info CSI 00000126 [SR] Verify complete
2013-10-01 17:01:47, Info CSI 00000127 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:47, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2013-10-01 17:01:56, Info CSI 00000140 [SR] Verify complete
2013-10-01 17:01:56, Info CSI 00000141 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:01:56, Info CSI 00000142 [SR] Beginning Verify and Repair transaction
2013-10-01 17:02:02, Info CSI 00000144 [SR] Verify complete
2013-10-01 17:02:02, Info CSI 00000145 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:02:02, Info CSI 00000146 [SR] Beginning Verify and Repair transaction
2013-10-01 17:02:24, Info CSI 00000148 [SR] Verify complete
2013-10-01 17:02:24, Info CSI 00000149 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:02:24, Info CSI 0000014a [SR] Beginning Verify and Repair transaction
2013-10-01 17:02:37, Info CSI 0000014d [SR] Verify complete
2013-10-01 17:02:37, Info CSI 0000014e [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:02:37, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2013-10-01 17:02:44, Info CSI 00000151 [SR] Verify complete
2013-10-01 17:02:44, Info CSI 00000152 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:02:44, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2013-10-01 17:02:50, Info CSI 00000155 [SR] Verify complete
2013-10-01 17:02:50, Info CSI 00000156 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:02:50, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2013-10-01 17:02:56, Info CSI 00000159 [SR] Verify complete
2013-10-01 17:02:56, Info CSI 0000015a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:02:56, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:02, Info CSI 0000015f [SR] Verify complete
2013-10-01 17:03:02, Info CSI 00000160 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:02, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:09, Info CSI 00000163 [SR] Verify complete
2013-10-01 17:03:09, Info CSI 00000164 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:09, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:25, Info CSI 00000167 [SR] Verify complete
2013-10-01 17:03:25, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:25, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:32, Info CSI 0000016c [SR] Verify complete
2013-10-01 17:03:32, Info CSI 0000016d [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:32, Info CSI 0000016e [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:38, Info CSI 00000171 [SR] Verify complete
2013-10-01 17:03:38, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:38, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:45, Info CSI 00000175 [SR] Verify complete
2013-10-01 17:03:45, Info CSI 00000176 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:45, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:55, Info CSI 0000017a [SR] Verify complete
2013-10-01 17:03:55, Info CSI 0000017b [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:55, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2013-10-01 17:03:59, Info CSI 0000017e [SR] Verify complete
2013-10-01 17:03:59, Info CSI 0000017f [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:03:59, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:06, Info CSI 00000182 [SR] Verify complete
2013-10-01 17:04:06, Info CSI 00000183 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:06, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:11, Info CSI 00000187 [SR] Verify complete
2013-10-01 17:04:12, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:12, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:19, Info CSI 0000018b [SR] Verify complete
2013-10-01 17:04:19, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:19, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:23, Info CSI 0000018f [SR] Verify complete
2013-10-01 17:04:23, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:23, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:28, Info CSI 00000194 [SR] Verify complete
2013-10-01 17:04:28, Info CSI 00000195 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:28, Info CSI 00000196 [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:39, Info CSI 00000199 [SR] Verify complete
2013-10-01 17:04:39, Info CSI 0000019a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:39, Info CSI 0000019b [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:45, Info CSI 0000019e [SR] Verify complete
2013-10-01 17:04:45, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:45, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:52, Info CSI 000001a2 [SR] Verify complete
2013-10-01 17:04:52, Info CSI 000001a3 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:52, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2013-10-01 17:04:58, Info CSI 000001a7 [SR] Verify complete
2013-10-01 17:04:58, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:04:58, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2013-10-01 17:05:01, Info CSI 000001ab [SR] Verify complete
2013-10-01 17:05:01, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:05:01, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2013-10-01 17:05:08, Info CSI 000001af [SR] Verify complete
2013-10-01 17:05:08, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:05:08, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2013-10-01 17:05:13, Info CSI 000001b3 [SR] Verify complete
2013-10-01 17:05:13, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:05:13, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2013-10-01 17:05:18, Info CSI 000001b7 [SR] Verify complete
2013-10-01 17:05:18, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:05:18, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2013-10-01 17:05:23, Info CSI 000001bb [SR] Verify complete
2013-10-01 17:05:23, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:05:23, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2013-10-01 17:05:27, Info CSI 000001bf [SR] Verify complete
2013-10-01 17:05:27, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:05:27, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2013-10-01 17:05:35, Info CSI 000001c3 [SR] Verify complete
2013-10-01 17:05:35, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:05:35, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:04, Info CSI 000001c7 [SR] Verify complete
2013-10-01 17:06:04, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:04, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:09, Info CSI 000001cb [SR] Verify complete
2013-10-01 17:06:09, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:09, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:13, Info CSI 000001cf [SR] Verify complete
2013-10-01 17:06:13, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:13, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:15, Info CSI 000001d3 [SR] Verify complete
2013-10-01 17:06:15, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:15, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:19, Info CSI 000001d7 [SR] Verify complete
2013-10-01 17:06:19, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:19, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:23, Info CSI 000001db [SR] Verify complete
2013-10-01 17:06:23, Info CSI 000001dc [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:23, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:26, Info CSI 000001df [SR] Verify complete
2013-10-01 17:06:26, Info CSI 000001e0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:26, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:27, Info CSI 000001e3 [SR] Verify complete
2013-10-01 17:06:27, Info CSI 000001e4 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:27, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:30, Info CSI 000001e7 [SR] Verify complete
2013-10-01 17:06:30, Info CSI 000001e8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:30, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:34, Info CSI 000001f1 [SR] Verify complete
2013-10-01 17:06:34, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:34, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:38, Info CSI 000001f5 [SR] Verify complete
2013-10-01 17:06:39, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:39, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:42, Info CSI 000001f9 [SR] Verify complete
2013-10-01 17:06:42, Info CSI 000001fa [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:42, Info CSI 000001fb [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:46, Info CSI 000001fd [SR] Verify complete
2013-10-01 17:06:46, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:46, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:53, Info CSI 00000202 [SR] Verify complete
2013-10-01 17:06:53, Info CSI 00000203 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:53, Info CSI 00000204 [SR] Beginning Verify and Repair transaction
2013-10-01 17:06:58, Info CSI 00000206 [SR] Verify complete
2013-10-01 17:06:58, Info CSI 00000207 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:06:58, Info CSI 00000208 [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:00, Info CSI 0000020a [SR] Verify complete
2013-10-01 17:07:00, Info CSI 0000020b [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:00, Info CSI 0000020c [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:08, Info CSI 0000020e [SR] Verify complete
2013-10-01 17:07:09, Info CSI 0000020f [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:09, Info CSI 00000210 [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:21, Info CSI 00000215 [SR] Verify complete
2013-10-01 17:07:21, Info CSI 00000216 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:21, Info CSI 00000217 [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:29, Info CSI 0000021c [SR] Verify complete
2013-10-01 17:07:29, Info CSI 0000021d [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:29, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:36, Info CSI 00000224 [SR] Verify complete
2013-10-01 17:07:36, Info CSI 00000225 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:36, Info CSI 00000226 [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:44, Info CSI 0000022f [SR] Verify complete
2013-10-01 17:07:45, Info CSI 00000230 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:45, Info CSI 00000231 [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:51, Info CSI 00000236 [SR] Verify complete
2013-10-01 17:07:51, Info CSI 00000237 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:51, Info CSI 00000238 [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:56, Info CSI 0000023a [SR] Verify complete
2013-10-01 17:07:56, Info CSI 0000023b [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:56, Info CSI 0000023c [SR] Beginning Verify and Repair transaction
2013-10-01 17:07:59, Info CSI 00000240 [SR] Verify complete
2013-10-01 17:07:59, Info CSI 00000241 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:07:59, Info CSI 00000242 [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:06, Info CSI 00000259 [SR] Verify complete
2013-10-01 17:08:06, Info CSI 0000025a [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:06, Info CSI 0000025b [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:12, Info CSI 0000026b [SR] Verify complete
2013-10-01 17:08:12, Info CSI 0000026c [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:12, Info CSI 0000026d [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:16, Info CSI 0000026f [SR] Verify complete
2013-10-01 17:08:16, Info CSI 00000270 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:16, Info CSI 00000271 [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:23, Info CSI 00000273 [SR] Verify complete
2013-10-01 17:08:23, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:23, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:27, Info CSI 00000277 [SR] Verify complete
2013-10-01 17:08:27, Info CSI 00000278 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:27, Info CSI 00000279 [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:33, Info CSI 00000287 [SR] Verify complete
2013-10-01 17:08:33, Info CSI 00000288 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:33, Info CSI 00000289 [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:42, Info CSI 0000028f [SR] Verify complete
2013-10-01 17:08:42, Info CSI 00000290 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:42, Info CSI 00000291 [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:47, Info CSI 0000029b [SR] Verify complete
2013-10-01 17:08:47, Info CSI 0000029c [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:47, Info CSI 0000029d [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:49, Info CSI 0000029f [SR] Verify complete
2013-10-01 17:08:49, Info CSI 000002a0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:49, Info CSI 000002a1 [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:51, Info CSI 000002a3 [SR] Cannot repair member file [l:34{17}]"ielowutil.exe.mui" of Microsoft-Windows-IE-IELowUtil.Resources, Version = 8.0.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-10-01 17:08:55, Info CSI 000002a5 [SR] Cannot repair member file [l:34{17}]"ielowutil.exe.mui" of Microsoft-Windows-IE-IELowUtil.Resources, Version = 8.0.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-10-01 17:08:55, Info CSI 000002a6 [SR] This component was referenced by [l:220{110}]"Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~en-US~8.0.7601.17514.Internet-Explorer-amd64"
2013-10-01 17:08:55, Info CSI 000002a9 [SR] Could not reproject corrupted file [ml:520{260},l:100{50}]"\??\C:\Program Files (x86)\Internet Explorer\en-US"\[l:34{17}]"ielowutil.exe.mui"; source file in store is also corrupted
2013-10-01 17:08:56, Info CSI 000002ab [SR] Verify complete
2013-10-01 17:08:56, Info CSI 000002ac [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:56, Info CSI 000002ad [SR] Beginning Verify and Repair transaction
2013-10-01 17:08:58, Info CSI 000002af [SR] Verify complete
2013-10-01 17:08:58, Info CSI 000002b0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:08:58, Info CSI 000002b1 [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:02, Info CSI 000002b3 [SR] Verify complete
2013-10-01 17:09:02, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:02, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:06, Info CSI 000002b7 [SR] Verify complete
2013-10-01 17:09:06, Info CSI 000002b8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:06, Info CSI 000002b9 [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:11, Info CSI 000002bb [SR] Verify complete
2013-10-01 17:09:11, Info CSI 000002bc [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:11, Info CSI 000002bd [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:19, Info CSI 000002d7 [SR] Verify complete
2013-10-01 17:09:19, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:19, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:37, Info CSI 000002db [SR] Verify complete
2013-10-01 17:09:38, Info CSI 000002dc [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:38, Info CSI 000002dd [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:43, Info CSI 000002df [SR] Verify complete
2013-10-01 17:09:44, Info CSI 000002e0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:44, Info CSI 000002e1 [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:47, Info CSI 000002e3 [SR] Verify complete
2013-10-01 17:09:47, Info CSI 000002e4 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:47, Info CSI 000002e5 [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:51, Info CSI 000002e9 [SR] Verify complete
2013-10-01 17:09:51, Info CSI 000002ea [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:51, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2013-10-01 17:09:54, Info CSI 000002ed [SR] Verify complete
2013-10-01 17:09:54, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:09:54, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:01, Info CSI 000002f1 [SR] Verify complete
2013-10-01 17:10:01, Info CSI 000002f2 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:01, Info CSI 000002f3 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:06, Info CSI 000002f5 [SR] Verify complete
2013-10-01 17:10:06, Info CSI 000002f6 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:06, Info CSI 000002f7 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:11, Info CSI 000002fa [SR] Verify complete
2013-10-01 17:10:11, Info CSI 000002fb [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:11, Info CSI 000002fc [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:15, Info CSI 000002fe [SR] Verify complete
2013-10-01 17:10:15, Info CSI 000002ff [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:15, Info CSI 00000300 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:19, Info CSI 00000302 [SR] Verify complete
2013-10-01 17:10:19, Info CSI 00000303 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:19, Info CSI 00000304 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:23, Info CSI 00000306 [SR] Verify complete
2013-10-01 17:10:23, Info CSI 00000307 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:23, Info CSI 00000308 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:35, Info CSI 0000030b [SR] Verify complete
2013-10-01 17:10:35, Info CSI 0000030c [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:35, Info CSI 0000030d [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:39, Info CSI 0000030f [SR] Verify complete
2013-10-01 17:10:40, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:40, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:43, Info CSI 00000313 [SR] Verify complete
2013-10-01 17:10:44, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2013-10-01 17:10:44, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:48, Info CSI 00000317 [SR] Verify complete
2013-10-01 17:10:48, Info CSI 00000318 [SR] Verifying 96 (0x0000000000000060) components
2013-10-01 17:10:48, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:52, Info CSI 0000031b [SR] Verify complete
2013-10-01 17:10:52, Info CSI 0000031c [SR] Repairing 1 components
2013-10-01 17:10:52, Info CSI 0000031d [SR] Beginning Verify and Repair transaction
2013-10-01 17:10:53, Info CSI 0000031f [SR] Cannot repair member file [l:34{17}]"ielowutil.exe.mui" of Microsoft-Windows-IE-IELowUtil.Resources, Version = 8.0.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-10-01 17:10:53, Info CSI 00000321 [SR] Cannot repair member file [l:34{17}]"ielowutil.exe.mui" of Microsoft-Windows-IE-IELowUtil.Resources, Version = 8.0.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-10-01 17:10:53, Info CSI 00000322 [SR] This component was referenced by [l:220{110}]"Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~en-US~8.0.7601.17514.Internet-Explorer-amd64"
2013-10-01 17:10:53, Info CSI 00000325 [SR] Could not reproject corrupted file [ml:520{260},l:100{50}]"\??\C:\Program Files (x86)\Internet Explorer\en-US"\[l:34{17}]"ielowutil.exe.mui"; source file in store is also corrupted
2013-10-01 17:10:53, Info CSI 00000327 [SR] Repair complete
2013-10-01 17:10:53, Info CSI 00000328 [SR] Committing transaction
2013-10-01 17:10:53, Info CSI 0000032c [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

MiniTool Log

MiniToolBox by Farbar Version: 13-07-2013
Ran by Raymond (administrator) on 01-10-2013 at 17:31:16
Running from "C:\Users\Raymond\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/01/2013 02:53:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/01/2013 02:46:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/30/2013 00:55:50 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,

Error: (09/30/2013 01:01:51 AM) (Source: Application Hang) (User: )
Description: The program toribash.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18c8

Start Time: 01cebd39c1381c19

Termination Time: 389

Application Path: C:\Games\Toribash-4.5\toribash.exe

Report Id: c8ce5f07-2995-11e3-abb1-b8ac6fdcfc79

Error: (09/29/2013 08:29:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 08:27:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/27/2013 00:33:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/27/2013 00:33:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/26/2013 09:09:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 09:09:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (10/01/2013 04:52:10 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/01/2013 04:50:31 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/01/2013 01:09:13 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer PETE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D5605AF0-2CAB-4CA4-A3D4-639E7856CAA5}.
The master browser is stopping or an election is being forced.

Error: (10/01/2013 02:53:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/01/2013 02:53:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/01/2013 02:52:31 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/01/2013 02:52:21 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error:
%%2

Error: (10/01/2013 02:52:21 AM) (Source: Service Control Manager) (User: )
Description: The Splashtop® Remote Service service failed to start due to the following error:
%%2

Error: (10/01/2013 02:48:54 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/01/2013 02:48:54 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (10/01/2013 02:53:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (10/01/2013 02:46:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (09/30/2013 00:55:50 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/30/2013 01:01:51 AM) (Source: Application Hang)(User: )
Description: toribash.exe0.0.0.018c801cebd39c1381c19389C:\Games\Toribash-4.5\toribash.exec8ce5f07-2995-11e3-abb1-b8ac6fdcfc79

Error: (09/29/2013 08:29:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/29/2013 08:27:15 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/27/2013 00:33:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/27/2013 00:33:06 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/26/2013 09:09:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

Error: (09/26/2013 09:09:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Raymond\Desktop\esetsmartinstaller_enu.exe

CodeIntegrity Errors:
===================================
Date: 2013-09-24 21:18:37.572
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\loltrain\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-24 21:18:37.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\loltrain\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.799
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-22 19:19:43.711
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-11-28 18:36:08.559
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-11-28 18:36:08.512
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

**** End of log ****

#29
SleepyDude

Posted 01 October 2013 - 03:54 PM

Trusted Helper

Malware Removal
4,975 posts

Good evening sleepy dude! My PC is reporting corrupt files like I am about to show you. Do you think this happened because of the malware?

Good evening,

Some of the problems we fixed so far in the registry and Windows Firewall for example are related to a past malware infection, other problems can be the result of some file corruption...

How is the computer booting now?

#30
Down_with_malware

Posted 01 October 2013 - 03:58 PM

Member

Topic Starter
Member
173 posts

It is booting A LOT faster now then it did before. Although, something strange just happened. I.E opened by itself, and I was given a security warning. I wasn't redirected to another site, just the home page. I never use I.E. I.E is the best web browser for downloading other web browsers.