Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Registry Edit Virus [Solved]


  • This topic is locked This topic is locked

#16
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here are the contents of checkhd.txt:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1087 large file records processed.

0 bad file records processed.

0 EA records processed.

58 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
37606 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

475195391 KB total disk space.
176281484 KB in 203085 files.
113480 KB in 37607 indexes.
0 KB in bad sectors.
922603 KB in use by the system.
4096 KB occupied by the log file.
297877824 KB available on disk.

4096 bytes in each allocation unit.
118798847 total allocation units on disk.
74469456 allocation units available on disk.
  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Delete Old SFC Log and run SFC

  • Open an elevated command prompt. To do that:
    • Click Start, click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)

    Posted Image
  • A command window will open like the image below:

    Posted Image

  • Type or copy and paste the following, one line at a time, at the blinking cursor in the Command Prompt window and press ENTER after each line:
    cd \windows\Logs\cbs

    copy cbs.log cbs.old

    del cbs.log


    Back at the blinking cursor:
  • Type or copy and paste the following command and press Enter:

    sfc /scannow

    Posted Image

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish. Do not close this Command Prompt window until the verification is 100% complete.
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • Write down the results of the scan so you can post it in your next reply.
  • Type exit and press the ENTER key to close the command window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know which message you got after the SFC check.
  • 0

#18
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
The scan completed with the following message:

Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
  • Open an elevated command prompt. To do that:
    • Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
    Posted Image
  • At the blinking cursor, type or copy and paste the following command, and then press ENTER:

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt
A file named sfcdetails.txt will now be on the desktop. Copy and Paste the contents of this file in your next reply.
  • 0

#20
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here are the contents of sfcdetails:

2014-02-10 21:25:56, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:25:56, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2014-02-10 21:25:59, Info CSI 00000009 [SR] Verify complete
2014-02-10 21:26:00, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:00, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:03, Info CSI 0000000d [SR] Verify complete
2014-02-10 21:26:04, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:04, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:07, Info CSI 00000011 [SR] Verify complete
2014-02-10 21:26:08, Info CSI 00000012 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:08, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:12, Info CSI 00000015 [SR] Verify complete
2014-02-10 21:26:13, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:13, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:16, Info CSI 00000019 [SR] Verify complete
2014-02-10 21:26:18, Info CSI 0000001a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:18, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:21, Info CSI 0000001d [SR] Verify complete
2014-02-10 21:26:23, Info CSI 0000001e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:23, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:26, Info CSI 00000021 [SR] Verify complete
2014-02-10 21:26:27, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:27, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:29, Info CSI 00000025 [SR] Verify complete
2014-02-10 21:26:31, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:31, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:33, Info CSI 00000029 [SR] Verify complete
2014-02-10 21:26:34, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:34, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:37, Info CSI 0000002d [SR] Verify complete
2014-02-10 21:26:38, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:38, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:40, Info CSI 00000031 [SR] Verify complete
2014-02-10 21:26:42, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:42, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:44, Info CSI 00000035 [SR] Verify complete
2014-02-10 21:26:46, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:46, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:48, Info CSI 00000039 [SR] Verify complete
2014-02-10 21:26:49, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:49, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:51, Info CSI 0000003d [SR] Verify complete
2014-02-10 21:26:53, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:53, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2014-02-10 21:26:55, Info CSI 00000041 [SR] Verify complete
2014-02-10 21:26:56, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:26:56, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:00, Info CSI 00000045 [SR] Verify complete
2014-02-10 21:27:01, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:01, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:05, Info CSI 00000049 [SR] Verify complete
2014-02-10 21:27:05, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:05, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:11, Info CSI 0000004d [SR] Verify complete
2014-02-10 21:27:12, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:12, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:16, Info CSI 00000051 [SR] Verify complete
2014-02-10 21:27:16, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:16, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:20, Info CSI 00000055 [SR] Verify complete
2014-02-10 21:27:21, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:21, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:23, Info CSI 00000059 [SR] Verify complete
2014-02-10 21:27:23, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:23, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:29, Info CSI 0000005d [SR] Verify complete
2014-02-10 21:27:30, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:30, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:32, Info CSI 00000061 [SR] Verify complete
2014-02-10 21:27:33, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:33, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:35, Info CSI 00000065 [SR] Verify complete
2014-02-10 21:27:36, Info CSI 00000066 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:36, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:38, Info CSI 00000069 [SR] Verify complete
2014-02-10 21:27:38, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:38, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:43, Info CSI 0000006d [SR] Verify complete
2014-02-10 21:27:43, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:43, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2014-02-10 21:27:51, Info CSI 00000071 [SR] Verify complete
2014-02-10 21:27:52, Info CSI 00000072 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:27:52, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2014-02-10 21:28:00, Info CSI 00000077 [SR] Verify complete
2014-02-10 21:28:01, Info CSI 00000078 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:28:01, Info CSI 00000079 [SR] Beginning Verify and Repair transaction
2014-02-10 21:28:11, Info CSI 0000007c [SR] Verify complete
2014-02-10 21:28:11, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:28:11, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2014-02-10 21:28:20, Info CSI 00000082 [SR] Verify complete
2014-02-10 21:28:21, Info CSI 00000083 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:28:21, Info CSI 00000084 [SR] Beginning Verify and Repair transaction
2014-02-10 21:28:29, Info CSI 00000086 [SR] Verify complete
2014-02-10 21:28:30, Info CSI 00000087 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:28:30, Info CSI 00000088 [SR] Beginning Verify and Repair transaction
2014-02-10 21:28:39, Info CSI 000000aa [SR] Verify complete
2014-02-10 21:28:39, Info CSI 000000ab [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:28:39, Info CSI 000000ac [SR] Beginning Verify and Repair transaction
2014-02-10 21:28:48, Info CSI 000000b1 [SR] Verify complete
2014-02-10 21:28:49, Info CSI 000000b2 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:28:49, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2014-02-10 21:28:58, Info CSI 000000b5 [SR] Verify complete
2014-02-10 21:28:58, Info CSI 000000b6 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:28:58, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2014-02-10 21:29:07, Info CSI 000000b9 [SR] Verify complete
2014-02-10 21:29:07, Info CSI 000000ba [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:29:07, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2014-02-10 21:29:19, Info CSI 000000bd [SR] Verify complete
2014-02-10 21:29:20, Info CSI 000000be [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:29:20, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2014-02-10 21:29:34, Info CSI 000000c1 [SR] Verify complete
2014-02-10 21:29:34, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:29:34, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2014-02-10 21:29:53, Info CSI 000000db [SR] Verify complete
2014-02-10 21:29:53, Info CSI 000000dc [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:29:53, Info CSI 000000dd [SR] Beginning Verify and Repair transaction
2014-02-10 21:30:18, Info CSI 000000df [SR] Verify complete
2014-02-10 21:30:18, Info CSI 000000e0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:30:18, Info CSI 000000e1 [SR] Beginning Verify and Repair transaction
2014-02-10 21:30:48, Info CSI 000000e3 [SR] Verify complete
2014-02-10 21:30:48, Info CSI 000000e4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:30:48, Info CSI 000000e5 [SR] Beginning Verify and Repair transaction
2014-02-10 21:30:55, Info CSI 000000e7 [SR] Verify complete
2014-02-10 21:30:55, Info CSI 000000e8 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:30:55, Info CSI 000000e9 [SR] Beginning Verify and Repair transaction
2014-02-10 21:30:58, Info CSI 000000eb [SR] Verify complete
2014-02-10 21:30:58, Info CSI 000000ec [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:30:58, Info CSI 000000ed [SR] Beginning Verify and Repair transaction
2014-02-10 21:31:02, Info CSI 000000ef [SR] Verify complete
2014-02-10 21:31:02, Info CSI 000000f0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:31:02, Info CSI 000000f1 [SR] Beginning Verify and Repair transaction
2014-02-10 21:31:07, Info CSI 000000f3 [SR] Verify complete
2014-02-10 21:31:07, Info CSI 000000f4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:31:07, Info CSI 000000f5 [SR] Beginning Verify and Repair transaction
2014-02-10 21:31:23, Info CSI 00000108 [SR] Verify complete
2014-02-10 21:31:23, Info CSI 00000109 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:31:23, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2014-02-10 21:31:28, Info CSI 0000010c [SR] Verify complete
2014-02-10 21:31:28, Info CSI 0000010d [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:31:28, Info CSI 0000010e [SR] Beginning Verify and Repair transaction
2014-02-10 21:31:35, Info CSI 00000110 [SR] Verify complete
2014-02-10 21:31:36, Info CSI 00000111 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:31:36, Info CSI 00000112 [SR] Beginning Verify and Repair transaction
2014-02-10 21:31:40, Info CSI 00000114 [SR] Verify complete
2014-02-10 21:31:41, Info CSI 00000115 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:31:41, Info CSI 00000116 [SR] Beginning Verify and Repair transaction
2014-02-10 21:31:53, Info CSI 00000118 [SR] Verify complete
2014-02-10 21:31:54, Info CSI 00000119 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:31:54, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2014-02-10 21:32:07, Info CSI 0000011d [SR] Verify complete
2014-02-10 21:32:08, Info CSI 0000011e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:32:08, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2014-02-10 21:32:14, Info CSI 00000121 [SR] Verify complete
2014-02-10 21:32:14, Info CSI 00000122 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:32:14, Info CSI 00000123 [SR] Beginning Verify and Repair transaction
2014-02-10 21:32:25, Info CSI 00000125 [SR] Verify complete
2014-02-10 21:32:25, Info CSI 00000126 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:32:25, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2014-02-10 21:32:33, Info CSI 00000129 [SR] Verify complete
2014-02-10 21:32:34, Info CSI 0000012a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:32:34, Info CSI 0000012b [SR] Beginning Verify and Repair transaction
2014-02-10 21:32:51, Info CSI 0000012d [SR] Verify complete
2014-02-10 21:32:51, Info CSI 0000012e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:32:51, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2014-02-10 21:33:08, Info CSI 00000147 [SR] Verify complete
2014-02-10 21:33:08, Info CSI 00000148 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:33:08, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2014-02-10 21:33:19, Info CSI 0000014b [SR] Verify complete
2014-02-10 21:33:19, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:33:19, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2014-02-10 21:33:46, Info CSI 0000014f [SR] Verify complete
2014-02-10 21:33:46, Info CSI 00000150 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:33:46, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2014-02-10 21:34:12, Info CSI 00000153 [SR] Verify complete
2014-02-10 21:34:12, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:34:12, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2014-02-10 21:34:28, Info CSI 00000157 [SR] Verify complete
2014-02-10 21:34:28, Info CSI 00000158 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:34:28, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2014-02-10 21:34:40, Info CSI 0000015b [SR] Verify complete
2014-02-10 21:34:41, Info CSI 0000015c [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:34:41, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2014-02-10 21:34:50, Info CSI 0000015f [SR] Verify complete
2014-02-10 21:34:51, Info CSI 00000160 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:34:51, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2014-02-10 21:34:59, Info CSI 00000165 [SR] Verify complete
2014-02-10 21:35:00, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:35:00, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2014-02-10 21:35:20, Info CSI 00000169 [SR] Verify complete
2014-02-10 21:35:20, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:35:20, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2014-02-10 21:35:31, Info CSI 0000016d [SR] Verify complete
2014-02-10 21:35:32, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:35:32, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2014-02-10 21:35:47, Info CSI 00000171 [SR] Verify complete
2014-02-10 21:35:47, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:35:47, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2014-02-10 21:35:54, Info CSI 00000175 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:36:00, Info CSI 00000177 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:36:00, Info CSI 00000178 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2014-02-10 21:36:03, Info CSI 0000017a [SR] Verify complete
2014-02-10 21:36:04, Info CSI 0000017b [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:36:04, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2014-02-10 21:36:15, Info CSI 0000017e [SR] Verify complete
2014-02-10 21:36:16, Info CSI 0000017f [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:36:16, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2014-02-10 21:36:28, Info CSI 00000182 [SR] Verify complete
2014-02-10 21:36:29, Info CSI 00000183 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:36:29, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2014-02-10 21:36:47, Info CSI 00000187 [SR] Verify complete
2014-02-10 21:36:48, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:36:48, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2014-02-10 21:36:58, Info CSI 0000018b [SR] Verify complete
2014-02-10 21:36:58, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:36:58, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2014-02-10 21:37:06, Info CSI 00000190 [SR] Verify complete
2014-02-10 21:37:06, Info CSI 00000191 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:37:06, Info CSI 00000192 [SR] Beginning Verify and Repair transaction
2014-02-10 21:37:18, Info CSI 00000195 [SR] Verify complete
2014-02-10 21:37:18, Info CSI 00000196 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:37:18, Info CSI 00000197 [SR] Beginning Verify and Repair transaction
2014-02-10 21:37:29, Info CSI 000001bf [SR] Verify complete
2014-02-10 21:37:29, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:37:29, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2014-02-10 21:37:43, Info CSI 000001c3 [SR] Verify complete
2014-02-10 21:37:43, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:37:43, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2014-02-10 21:38:01, Info CSI 000001c7 [SR] Verify complete
2014-02-10 21:38:02, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:38:02, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2014-02-10 21:38:10, Info CSI 000001cb [SR] Verify complete
2014-02-10 21:38:10, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:38:10, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2014-02-10 21:38:14, Info CSI 000001cf [SR] Verify complete
2014-02-10 21:38:15, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:38:15, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2014-02-10 21:38:31, Info CSI 000001d3 [SR] Verify complete
2014-02-10 21:38:32, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:38:32, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2014-02-10 21:38:46, Info CSI 000001d7 [SR] Verify complete
2014-02-10 21:38:47, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:38:47, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2014-02-10 21:39:00, Info CSI 000001db [SR] Verify complete
2014-02-10 21:39:00, Info CSI 000001dc [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:39:00, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2014-02-10 21:39:23, Info CSI 000001df [SR] Verify complete
2014-02-10 21:39:23, Info CSI 000001e0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:39:23, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2014-02-10 21:39:29, Info CSI 000001e3 [SR] Verify complete
2014-02-10 21:39:30, Info CSI 000001e4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:39:30, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2014-02-10 21:39:40, Info CSI 000001e7 [SR] Verify complete
2014-02-10 21:39:40, Info CSI 000001e8 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:39:40, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2014-02-10 21:39:57, Info CSI 000001f4 [SR] Verify complete
2014-02-10 21:39:59, Info CSI 000001f5 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:39:59, Info CSI 000001f6 [SR] Beginning Verify and Repair transaction
2014-02-10 21:40:11, Info CSI 000001f8 [SR] Verify complete
2014-02-10 21:40:12, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:40:12, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2014-02-10 21:40:24, Info CSI 000001fc [SR] Verify complete
2014-02-10 21:40:25, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:40:25, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2014-02-10 21:40:41, Info CSI 00000200 [SR] Verify complete
2014-02-10 21:40:42, Info CSI 00000201 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:40:42, Info CSI 00000202 [SR] Beginning Verify and Repair transaction
2014-02-10 21:40:54, Info CSI 00000204 [SR] Verify complete
2014-02-10 21:40:55, Info CSI 00000205 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:40:55, Info CSI 00000206 [SR] Beginning Verify and Repair transaction
2014-02-10 21:41:00, Info CSI 00000208 [SR] Verify complete
2014-02-10 21:41:01, Info CSI 00000209 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:41:01, Info CSI 0000020a [SR] Beginning Verify and Repair transaction
2014-02-10 21:41:15, Info CSI 0000020e [SR] Verify complete
2014-02-10 21:41:15, Info CSI 0000020f [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:41:15, Info CSI 00000210 [SR] Beginning Verify and Repair transaction
2014-02-10 21:41:29, Info CSI 00000215 [SR] Verify complete
2014-02-10 21:41:30, Info CSI 00000216 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:41:30, Info CSI 00000217 [SR] Beginning Verify and Repair transaction
2014-02-10 21:41:32, Info CSI 00000219 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:41:50, Info CSI 0000021e [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:41:50, Info CSI 0000021f [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2014-02-10 21:41:55, Info CSI 00000226 [SR] Verify complete
2014-02-10 21:41:56, Info CSI 00000227 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:41:56, Info CSI 00000228 [SR] Beginning Verify and Repair transaction
2014-02-10 21:42:09, Info CSI 00000234 [SR] Verify complete
2014-02-10 21:42:09, Info CSI 00000235 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:42:09, Info CSI 00000236 [SR] Beginning Verify and Repair transaction
2014-02-10 21:42:14, Info CSI 00000238 [SR] Verify complete
2014-02-10 21:42:15, Info CSI 00000239 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:42:15, Info CSI 0000023a [SR] Beginning Verify and Repair transaction
2014-02-10 21:42:27, Info CSI 0000023c [SR] Verify complete
2014-02-10 21:42:27, Info CSI 0000023d [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:42:27, Info CSI 0000023e [SR] Beginning Verify and Repair transaction
2014-02-10 21:42:35, Info CSI 00000243 [SR] Verify complete
2014-02-10 21:42:35, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:42:35, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2014-02-10 21:42:42, Info CSI 00000247 [SR] Verify complete
2014-02-10 21:42:42, Info CSI 00000248 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:42:42, Info CSI 00000249 [SR] Beginning Verify and Repair transaction
2014-02-10 21:42:52, Info CSI 0000026e [SR] Verify complete
2014-02-10 21:42:52, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:42:52, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2014-02-10 21:43:01, Info CSI 00000272 [SR] Verify complete
2014-02-10 21:43:01, Info CSI 00000273 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:43:01, Info CSI 00000274 [SR] Beginning Verify and Repair transaction
2014-02-10 21:43:07, Info CSI 00000276 [SR] Verify complete
2014-02-10 21:43:08, Info CSI 00000277 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:43:08, Info CSI 00000278 [SR] Beginning Verify and Repair transaction
2014-02-10 21:43:20, Info CSI 0000027a [SR] Verify complete
2014-02-10 21:43:20, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:43:20, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2014-02-10 21:43:29, Info CSI 0000028c [SR] Verify complete
2014-02-10 21:43:30, Info CSI 0000028d [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:43:30, Info CSI 0000028e [SR] Beginning Verify and Repair transaction
2014-02-10 21:43:54, Info CSI 00000291 [SR] Verify complete
2014-02-10 21:43:54, Info CSI 00000292 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:43:54, Info CSI 00000293 [SR] Beginning Verify and Repair transaction
2014-02-10 21:44:06, Info CSI 000002a1 [SR] Verify complete
2014-02-10 21:44:06, Info CSI 000002a2 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:44:06, Info CSI 000002a3 [SR] Beginning Verify and Repair transaction
2014-02-10 21:44:10, Info CSI 000002a5 [SR] Verify complete
2014-02-10 21:44:11, Info CSI 000002a6 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:44:11, Info CSI 000002a7 [SR] Beginning Verify and Repair transaction
2014-02-10 21:44:18, Info CSI 000002aa [SR] Verify complete
2014-02-10 21:44:19, Info CSI 000002ab [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:44:19, Info CSI 000002ac [SR] Beginning Verify and Repair transaction
2014-02-10 21:44:36, Info CSI 000002af [SR] Verify complete
2014-02-10 21:44:36, Info CSI 000002b0 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:44:36, Info CSI 000002b1 [SR] Beginning Verify and Repair transaction
2014-02-10 21:44:41, Info CSI 000002b3 [SR] Verify complete
2014-02-10 21:44:42, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:44:42, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2014-02-10 21:44:53, Info CSI 000002b7 [SR] Verify complete
2014-02-10 21:44:54, Info CSI 000002b8 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:44:54, Info CSI 000002b9 [SR] Beginning Verify and Repair transaction
2014-02-10 21:45:02, Info CSI 000002bb [SR] Verify complete
2014-02-10 21:45:03, Info CSI 000002bc [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:45:03, Info CSI 000002bd [SR] Beginning Verify and Repair transaction
2014-02-10 21:45:18, Info CSI 000002cc [SR] Verify complete
2014-02-10 21:45:19, Info CSI 000002cd [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:45:19, Info CSI 000002ce [SR] Beginning Verify and Repair transaction
2014-02-10 21:45:31, Info CSI 000002dd [SR] Verify complete
2014-02-10 21:45:32, Info CSI 000002de [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:45:32, Info CSI 000002df [SR] Beginning Verify and Repair transaction
2014-02-10 21:45:59, Info CSI 000002e1 [SR] Verify complete
2014-02-10 21:46:00, Info CSI 000002e2 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:46:00, Info CSI 000002e3 [SR] Beginning Verify and Repair transaction
2014-02-10 21:46:14, Info CSI 000002e5 [SR] Verify complete
2014-02-10 21:46:14, Info CSI 000002e6 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:46:14, Info CSI 000002e7 [SR] Beginning Verify and Repair transaction
2014-02-10 21:46:25, Info CSI 000002e9 [SR] Verify complete
2014-02-10 21:46:25, Info CSI 000002ea [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:46:25, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2014-02-10 21:46:33, Info CSI 000002ee [SR] Verify complete
2014-02-10 21:46:34, Info CSI 000002ef [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:46:34, Info CSI 000002f0 [SR] Beginning Verify and Repair transaction
2014-02-10 21:46:50, Info CSI 000002f2 [SR] Verify complete
2014-02-10 21:46:51, Info CSI 000002f3 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:46:51, Info CSI 000002f4 [SR] Beginning Verify and Repair transaction
2014-02-10 21:47:03, Info CSI 000002f6 [SR] Verify complete
2014-02-10 21:47:04, Info CSI 000002f7 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:47:04, Info CSI 000002f8 [SR] Beginning Verify and Repair transaction
2014-02-10 21:47:15, Info CSI 000002fa [SR] Verify complete
2014-02-10 21:47:15, Info CSI 000002fb [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:47:15, Info CSI 000002fc [SR] Beginning Verify and Repair transaction
2014-02-10 21:47:23, Info CSI 000002ff [SR] Verify complete
2014-02-10 21:47:23, Info CSI 00000300 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:47:23, Info CSI 00000301 [SR] Beginning Verify and Repair transaction
2014-02-10 21:47:33, Info CSI 00000303 [SR] Verify complete
2014-02-10 21:47:33, Info CSI 00000304 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:47:33, Info CSI 00000305 [SR] Beginning Verify and Repair transaction
2014-02-10 21:47:44, Info CSI 00000308 [SR] Verify complete
2014-02-10 21:47:44, Info CSI 00000309 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:47:44, Info CSI 0000030a [SR] Beginning Verify and Repair transaction
2014-02-10 21:47:55, Info CSI 0000030e [SR] Verify complete
2014-02-10 21:47:55, Info CSI 0000030f [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:47:55, Info CSI 00000310 [SR] Beginning Verify and Repair transaction
2014-02-10 21:48:10, Info CSI 00000313 [SR] Verify complete
2014-02-10 21:48:11, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:48:11, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2014-02-10 21:48:20, Info CSI 00000317 [SR] Verify complete
2014-02-10 21:48:21, Info CSI 00000318 [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:48:21, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2014-02-10 21:48:33, Info CSI 0000031b [SR] Verify complete
2014-02-10 21:48:34, Info CSI 0000031c [SR] Verifying 100 (0x0000000000000064) components
2014-02-10 21:48:34, Info CSI 0000031d [SR] Beginning Verify and Repair transaction
2014-02-10 21:48:47, Info CSI 0000031f [SR] Verify complete
2014-02-10 21:48:47, Info CSI 00000320 [SR] Verifying 47 (0x000000000000002f) components
2014-02-10 21:48:47, Info CSI 00000321 [SR] Beginning Verify and Repair transaction
2014-02-10 21:48:53, Info CSI 00000323 [SR] Verify complete
2014-02-10 21:48:53, Info CSI 00000324 [SR] Repairing 2 components
2014-02-10 21:48:53, Info CSI 00000325 [SR] Beginning Verify and Repair transaction
2014-02-10 21:48:53, Info CSI 00000327 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:48:54, Info CSI 00000329 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:48:54, Info CSI 0000032b [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:48:54, Info CSI 0000032c [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2014-02-10 21:48:54, Info CSI 0000032e [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-02-10 21:48:54, Info CSI 0000032f [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2014-02-10 21:48:54, Info CSI 00000331 [SR] Repair complete
2014-02-10 21:48:54, Info CSI 00000332 [SR] Committing transaction
2014-02-10 21:48:55, Info CSI 00000336 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. the only thing Windows couldn't repair was the a Sidebar file. Since you don't want it anyway, that's ok.


Step-1.

Run Windows All-In-One

Download Windows Repair (all in one) from this site. Under the Installer (4.84 MB) click the Download button beside Direct Download and save the tweaking.com_windows_repair_aio_setup.exe file to the desktop.

Close the browser and all open windows

  • Right click the tweaking.com_windows_repair_aio_setup.exe file, click Run as Administrator and allow any UAC prompts to install the program. Let it install to the default locations. After the program has been installed:
  • Right click the Windows Repair (All-In-One) icon on the desktop, click Run as Administrator and OK any UAC prompts to launch the program.

    Posted Image
  • Go to Step 4 to create a Restore point and backup the Registry

    Posted Image
    • Under System Restore click the Restore button. You will see a message saying that system Restore is creating a Restore point. when it is finished you will see a message saying that the Restore point wes created.
    • Under Registry Backup click the Backup button. When it is finished you will see the message telling you that the Registry is backed up.
    • Click the Next button. You will be taken to the Start Repairs screen.
  • On the Start Repairs tab click Start. You will see a Repair Options screen like the image below with the Default options checked:

    Posted Image

    Please make the following changes:
    • Click the box beside the following numbers to remove the checkmark:
      • 07
      • 08
      • 11
      • 17
  • In the lower right corner click the box beside Shutdown/Restart System when Finished and tick the radio button beside Restart System.
  • Click the Start button.
NOTE: These repairs will take some time to complete depending on the speed of the system, the number of files and the number of reg keys. On a few systems it is possible for these repairs to get stuck in an infinite loop and thus never complete. This is because of symbolic links. Symbolic links are a way for a folder or reg key to point to a different location. On a normal system this isn't a problem. But if a system has a bad link that points back to a parent path then everything it hits in that link it will hit it again and again forever.
IF the repairs are running for a insane amount of time then they are most likely stuck in a loop. If that is the case stop the repairs and let me know.


Step-2.

Now go back to post #12.
Do not do steps 1 and 2.
Start with Step 3 and continue through Step 6.


Step-3.
1. If everything went ok, post the new FSS,txt log
  • 0

#22
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Ran the WindowsAllInOne, merged the .reg files (no issues this time), ran the start_services.bac program, and then re-scanned my computer with FSS. I still get the start-up errors (4 .dll and .cpp) when Windows starts.

Here are the contents of the FSS.txt file:

Farbar Service Scanner Version: 02-02-2014
Ran by Pete (administrator) on 11-02-2014 at 15:17:37
Running from "C:\Users\Pete\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-12-05 11:32] - [2009-04-10 22:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-03-03 12:26] - [2010-06-16 12:11] - 1426816 ____A (Microsoft Corporation) 973658A2EA9C06B2976884B9046DFC6C

C:\Windows\System32\dnsrslvr.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2010-05-10 20:01] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll
[2011-12-05 11:33] - [2009-04-11 00:11] - 0223744 ____A (Microsoft Corporation) CD033D871A83E918B14F43F7E7590819

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Ran the WindowsAllInOne, merged the .reg files (no issues this time), ran the start_services.bac program, and then re-scanned my computer with FSS.

That's good news. The services issue is resolved now and the services are able to run when they should.
Let's get a fresh OTL scan and see where we are now.


Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • Vista /7 users: right click the icon and click Run as Administrator.
Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console, click the box beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The new OTL.txt log
  • 0

#24
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
OTL Scan completed. Here is the OTL.txt contents:

OTL logfile created on: 2/12/2014 9:12:08 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.37% Memory free
4.23 Gb Paging File | 2.37 Gb Available in Paging File | 56.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 285.48 Gb Free Space | 62.99% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
PRC - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/05 12:49:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a3a76226460de2153a62bdbfed9228b9\System.Management.ni.dll
MOD - [2011/12/05 12:22:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5cbea3b1a1d74123219b69306b8c8af2\System.Transactions.ni.dll
MOD - [2011/12/05 12:22:57 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.Wrapper.dll
MOD - [2011/12/05 12:18:49 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\550e7b31f1821d964f21f0a854e3f195\System.Data.ni.dll
MOD - [2011/12/05 12:18:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\61019556ac408cc39cc478101b0d3cb4\PresentationFramework.Aero.ni.dll
MOD - [2011/12/05 12:18:39 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0444ab43ccfb3390d2eaab1d9a34772f\PresentationFramework.ni.dll
MOD - [2011/12/05 12:18:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/12/05 12:18:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/12/05 12:18:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/12/05 12:18:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/12/05 12:18:03 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5c25d899e7dcebd6b63d192b79bc6b8e\PresentationCore.ni.dll
MOD - [2011/12/05 12:17:51 | 003,314,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93391bd2f02e492718c69bef3abc5a64\WindowsBase.ni.dll
MOD - [2011/12/05 12:17:48 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/12/05 12:17:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2010/03/19 09:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 09:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 09:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/12/25 15:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/11/18 14:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/11/18 13:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/11/18 13:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/11/18 13:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/11/18 13:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/11/18 13:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/11/18 13:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/11/18 13:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/15 09:13:38 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/05 13:20:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]

[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/02/09 14:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/12 18:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/05 13:20:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/11 14:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/11 14:47:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/11 14:25:38 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:21:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/11 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/11 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Temp
[2014/02/09 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/09 18:36:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/09 18:25:38 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:41:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 17:39:38 | 000,453,632 | ---- | C] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:04 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 14:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 00:00:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951

========== Files - Modified Within 30 Days ==========

[2014/02/12 08:46:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/11 23:11:01 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/11 23:11:01 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/11 16:56:59 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/11 16:56:59 | 000,584,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/11 16:56:59 | 000,097,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/11 15:10:46 | 2144,538,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/11 15:04:00 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2014/02/11 14:46:57 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/11 14:45:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/11 14:43:18 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:30:57 | 000,690,960 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | M] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:30 | 005,074,688 | ---- | M] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 17:15:19 | 000,194,560 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/10 13:28:45 | 003,977,750 | ---- | M] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:35 | 000,006,288 | ---- | M] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:29 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:25 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/09 18:25:51 | 004,009,167 | ---- | M] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 18:25:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | M] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 17:39:38 | 000,453,632 | ---- | M] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:05 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/09 00:00:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job

========== Files Created - No Company Name ==========

[2014/02/11 14:30:57 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | C] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:29 | 005,074,688 | ---- | C] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | C] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:34 | 000,006,288 | ---- | C] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:28 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:24 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/10 08:54:20 | 2144,538,624 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/09 18:25:47 | 004,009,167 | ---- | C] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | C] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,194,560 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/30 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Flip Video
[2009/10/04 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Gamelab
[2010/03/27 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Leadertech
[2010/05/12 10:41:49 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\MOVAVI
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter
[2010/05/12 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Movavi Flash Converter 2
[2009/08/21 23:18:03 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\SPORE Creature Creator
[2009/08/19 12:21:27 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:REG
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\Gstion Update]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Auto]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Tray]
[-HKEY_USERS\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDT Update]

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Before completing Steps 2 and 3 please disable ant screen saver you have running.


Step-2.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window. You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-4.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
/md5start
WMPNSCFG.exe
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users and Include 64 bit Scans at the top of the console.<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you're still getting the start up errors
2. The OTL fixes log
3. The MalwareBytes log
4. The ESET scan log (IF it found anything). If it didn't just tell me.
5. The new OTL.txt log
6. The checkup.txt log
  • 0

Advertisements


#26
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I have not completed the steps yet. While MBAM was running, not only did it find a Trojan, but my Avira Anti-Virus popped up indicating it found another malicious item.

Also, after running the OTL fix, my browser (Firefox) is only displaying basic HTML.

The Yahoo sports page gives me this message:
Note: You are reading this message either because you do not have a standards-compliant browser, or because you can not see our css files.

I ran the OTL fix:


Files\Folders moved on Reboot...
C:\Users\Pete\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
--------------------------------------
After reboot, i ran MBAM. Here is the MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.12.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Pete :: PETE-PC [administrator]

2/12/2014 10:39:02 AM
mbam-log-2014-02-12 (10-39-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 414248
Time elapsed: 1 hour(s), 52 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\_OTL\MovedFiles\02092014_144639\C_ProgramData\nbrf3bo9.cpp (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

-------------------------

The Avira Anti-Virus found something (it only showed a partial path, and i think the file name was "kids") just as MBAM was completing - MBAM prompted for reboot, and the Avira log doesn't reflect that it found something today after reboot.

Should i continue with the next step (i.e. Run ESET scanner)? I would expect the answer to be yes, but wanted to verify that my other Anti-Virus finding something, as well as my browser acting differently shouldn't make me change direction.
  • 0

#27
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I completed the rest of the steps (ESET Scanner, OTL, and Security Check). I still get the startup errors, and as i mentioned, my browser is now showing in a basic HTML view.

Note, the ESET scan seemed to find the "kids" file that i mentioned in my previous post.

The OTL fix and MBAM results were posted in my last message.

Here is the ESET Scan:

C:\Program Files (x86)\Avira\AntiVir Desktop\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\Avira\AntiVir Desktop\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\Movavi VideoSuite 7\ReadServer.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Pete\AppData\Local\Downloaded Installations\{F84C8918-2FBA-4EDF-9248-CD95F8035E02}\Movavi VideoSuite 7.msi a variant of Win32/Packed.Themida potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\_OTL\MovedFiles\02092014_144639\C_Users\Pete\AppData\Local\Temp\kids.dll Win32/Reveton.V trojan
C:\_OTL\MovedFiles\02092014_144639\C_Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\[email protected] Win32/TrojanDownloader.Tracur.V trojan


Here is the new OTL Log:

OTL logfile created on: 2/12/2014 4:32:26 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.32% Memory free
4.24 Gb Paging File | 2.24 Gb Available in Paging File | 52.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.18 Gb Total Space | 284.01 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
Drive D: | 12.58 Gb Total Space | 1.99 Gb Free Space | 15.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 15:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
PRC - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 17:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/05 12:49:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a3a76226460de2153a62bdbfed9228b9\System.Management.ni.dll
MOD - [2011/12/05 12:22:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.ni.dll
MOD - [2011/12/05 12:22:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5cbea3b1a1d74123219b69306b8c8af2\System.Transactions.ni.dll
MOD - [2011/12/05 12:22:57 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\87f2c180fec78701501d8e3e84fac248\System.EnterpriseServices.Wrapper.dll
MOD - [2011/12/05 12:18:49 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\550e7b31f1821d964f21f0a854e3f195\System.Data.ni.dll
MOD - [2011/12/05 12:18:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\61019556ac408cc39cc478101b0d3cb4\PresentationFramework.Aero.ni.dll
MOD - [2011/12/05 12:18:39 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0444ab43ccfb3390d2eaab1d9a34772f\PresentationFramework.ni.dll
MOD - [2011/12/05 12:18:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/12/05 12:18:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/12/05 12:18:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/12/05 12:18:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/12/05 12:18:03 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5c25d899e7dcebd6b63d192b79bc6b8e\PresentationCore.ni.dll
MOD - [2011/12/05 12:17:51 | 003,314,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93391bd2f02e492718c69bef3abc5a64\WindowsBase.ni.dll
MOD - [2011/12/05 12:17:48 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/12/05 12:17:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2010/03/19 09:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 09:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 09:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/10 23:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 19:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/12/25 15:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/11/18 14:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/11/18 13:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/11/18 13:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/11/18 13:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/11/18 13:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/11/18 13:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/11/18 13:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/11/18 13:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/12/31 07:35:14 | 000,934,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/03/18 07:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/05 13:20:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/28 21:31:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 17:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/02/09 17:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/28 21:31:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:31:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/12/31 09:01:20 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/10/23 04:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/28 18:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 06:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 06:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 06:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/03/21 07:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/15 03:40:30] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}
IE:64bit: - HKLM\..\SearchScopes\{3B1AAF6F-BC73-4A31-9EE4-04B8C395AC0E}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFE5EDCC-25B3-461D-8E03-309E92AD753A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{273B8C2F-51CB-40E1-90AA-9BB1190EEB5F}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..\SearchScopes\{7148CB92-9375-4E9C-A5C0-166ACF27981A}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://sports.yahoo....X81xSObsw5nYcB"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Pete\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Pete\AppData\Roaming\Move Networks [2009/11/21 19:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/12 18:53:51 | 000,000,000 | ---D | M]

[2011/01/18 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2014/02/09 14:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions
[2011/04/10 20:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\4z05qces.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/12 18:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/05 13:20:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/11/24 10:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [Gstion Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Auto] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Tray] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [IDT Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Domains: yahoo.com ([sports] http in Trusted sites)
O15 - HKU\S-1-5-21-3889686918-3398402473-1388666377-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C1B4C5-FB96-4F64-B942-D383F21133F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pete\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/12 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/11 14:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/11 14:47:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/11 14:25:38 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:21:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/11 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/02/11 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/02/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Temp
[2014/02/09 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/02/09 18:36:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/09 18:25:38 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:41:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 17:39:38 | 000,453,632 | ---- | C] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:04 | 004,122,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 14:46:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 00:00:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Local\KB9369951

========== Files - Modified Within 30 Days ==========

[2014/02/12 16:35:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/12 16:35:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/12 12:40:26 | 000,584,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 12:40:26 | 000,097,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 12:40:25 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/12 12:34:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/12 12:34:35 | 2144,538,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/11 15:04:00 | 000,002,551 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2014/02/11 14:46:57 | 000,315,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/11 14:45:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/02/11 14:43:18 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/11 14:30:57 | 000,690,960 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | M] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:30 | 005,074,688 | ---- | M] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 17:15:19 | 000,194,560 | ---- | M] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/10 13:28:45 | 003,977,750 | ---- | M] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:35 | 000,006,288 | ---- | M] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:29 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:25 | 000,000,866 | ---- | M] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/09 18:25:51 | 004,009,167 | ---- | M] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 18:25:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\Pete\Desktop\JRT.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | M] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 17:39:38 | 000,453,632 | ---- | M] (Farbar) -- C:\Users\Pete\Desktop\FSS.exe
[2014/02/09 16:39:05 | 004,122,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pete\Desktop\tdsskiller.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/09 00:00:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Pete\Desktop\aswmbr.exe
[2014/02/07 09:06:09 | 000,000,870 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2014/02/01 15:17:14 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job

========== Files Created - No Company Name ==========

[2014/02/11 14:30:57 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 14:23:41 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETE-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2014/02/11 14:19:39 | 000,001,994 | ---- | C] () -- C:\Users\Pete\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/02/11 14:06:29 | 005,074,688 | ---- | C] () -- C:\Users\Pete\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/02/10 13:28:45 | 003,977,750 | ---- | C] () -- C:\Users\Pete\Desktop\servicesbak.reg
[2014/02/10 13:20:34 | 000,006,288 | ---- | C] () -- C:\Users\Pete\Desktop\BITS.reg
[2014/02/10 13:20:28 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_wscsvc.reg
[2014/02/10 13:20:24 | 000,000,866 | ---- | C] () -- C:\Users\Pete\Desktop\legacy_sdrsvc.reg
[2014/02/10 08:54:20 | 2144,538,624 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/09 18:25:47 | 004,009,167 | ---- | C] () -- C:\Users\Pete\Desktop\ServicesRepair.exe
[2014/02/09 17:40:10 | 001,166,132 | ---- | C] () -- C:\Users\Pete\Desktop\AdwCleaner.exe
[2014/02/09 01:48:37 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2014/02/07 09:06:09 | 000,000,870 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9ob3frbn.lnk
[2013/11/12 16:50:15 | 000,000,004 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\cache.ini
[2010/05/12 10:41:48 | 000,004,922 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009/11/23 18:48:41 | 000,194,560 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:54:46 | 000,005,089 | ---- | C] () -- C:\ProgramData\cbkxtjjv.ukg
[2009/09/09 08:02:33 | 000,000,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\d3d9caps.dat
[2009/08/26 11:24:45 | 000,000,600 | ---- | C] () -- C:\Users\Pete\PUTTY.RND

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: WMPNSCFG.EXE >
[2008/01/20 21:52:15 | 000,239,104 | ---- | M] (Microsoft Corporation) MD5=B6A7E7F43234BFA6A8E6CC4110CB9448 -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/20 21:52:15 | 000,239,104 | ---- | M] (Microsoft Corporation) MD5=B6A7E7F43234BFA6A8E6CC4110CB9448 -- C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.0.6001.18000_none_13e35e9471d411b0\wmpnscfg.exe

< End of report >


Here are the contents of checkup.txt:

Results of screen317's Security Check version 0.99.79
Windows Vista Service Pack 2 x64
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 7
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (27.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I have not completed the steps yet. While MBAM was running, not only did it find a Trojan, but my Avira Anti-Virus popped up indicating it found another malicious item.

Looks like we may need to disable the Avira File Protection. The new OTL log still shows the Run entries. That could be because Avira prevented the change in the registry, or it could be that the fix didn't get run properly. The OTL fixes log that you posted was incomplete. Could you post it again, please? It will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
  • 0

#29
dogstar21

dogstar21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
That was the complete OTL fixes log.

Filename: C:\_OTL\MovedFiles\02122014_101613.log

File contents:

Files\Folders moved on Reboot...
C:\Users\Pete\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
  • Click the Start Orb Posted Image. In the search box type: system restore and press the Enter key.

    Posted Image
  • If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    The System Restore screen will open. This may take some time so be patient.

    The Recommended Restore point should be the OTL restore point on 2/12/2014. If that is the Recommended Restore point:
  • Click the radio button beside Recommended restore.

    Posted Image
  • Click Next
  • Click Finish.
  • A dialog box will pop up to ensure you really want to perform a system restore. It can’t be undone. If you're sure, click Yes. This starts your system restore.

    Posted Image

    Posted Image

    NOTE: Don't mess with the keyboard or mouse or any attached hardware devices during this process.
  • The PC will restart and you'll see a series of messages while the restore completes. As always, your mileage will vary.

    Posted Image
  • After the restore completes, log back into your account.
  • Once the desktop loads up, you'll see a message like this:

    Posted Image

IF the Recommended restore point isn't the last OTL restore point:

  • Click the radio button beside Choose a Different Restore Point.

    Posted Image
  • Click Next.

    You'll be presented with a list of the previous restore points, along with a description of the action or update that triggered it. If you want still more options, check Show More Restore Points.

    Posted Image
  • Select the OTL Restore 2/14/2014 restore point and click Next.

    Posted Image
  • When you're satisfied, click Finish.
  • A dialog box will pop up to ensure you really want to perform a system restore. It can’t be undone. If you're sure, click Yes. This starts your system restore.

    Posted Image

    Posted Image

    NOTE: Don't mess with the keyboard or mouse or any attached hardware devices during this process.
  • The PC will restart and you'll see a series of messages while the restore completes. As always, your mileage will vary.

    Posted Image
  • After the restore completes, log back into your account.
  • Once the desktop loads up, you'll see a message like this:

    Posted Image

Check and see if that restored the browser to the way it was.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP