Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HP Pavilion locks up [Solved]

Started by hrsepwrbrat , Sep 22 2014 05:13 PM

  • This topic is locked This topic is locked

#1
hrsepwrbrat
Posted 22 September 2014 - 05:13 PM

hrsepwrbrat

    Member

  • Member
  • PipPip
  • 59 posts

Hi again!

 

It's been a while, but I have a computer issue again.

 

Hubby's HP has windows 7Home Premium. I tried to run the OTL on it, and it did run for a while, but the computer froze during the scan. I had it on a jump drive, as the thing wouldn't work for long enough to download it from here.

 

After a few minutes of being on, the computer will freeze. The number and cap lock lights flash and the screen develops a pattern. For instance, right now the OTL is frozen on the screen and the bottom of the screen has white stripes with large pixels of the background image on the screen. Sometimes, it will completely cover the background image with a black screen and pixels arranged in different ways. Different pattern each time. Power button must be held to restart. It will restart normally but freezes within minutes.

 

Hubby has tried running Trend and Malware Bytes but nothing shows up if the scan will finish.

 

Just got back from vacation, were gone for about 9 days. No one had access to it and I believe it was turned off the whole time.

 

I just restarted it in safe mode and am attempting the OTL scan again. It scanned!! Here's what it says....

 

 

OTL logfile created on: 9/22/2014 5:59:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 3.18 Gb Available Physical Memory | 85.02% Memory free
7.49 Gb Paging File | 6.95 Gb Available in Paging File | 92.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.13 Gb Total Space | 36.05 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
Drive D: | 15.33 Gb Total Space | 2.51 Gb Free Space | 16.37% Space Free | Partition Type: NTFS
Drive F: | 959.97 Mb Total Space | 868.33 Mb Free Space | 90.45% Space Free | Partition Type: FAT
 
Computer Name: HP | User Name: Robbie | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/22 17:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/02 21:16:55 | 000,314,808 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe -- (PwmSvc)
SRV:64bit: - [2014/03/14 14:25:32 | 001,179,696 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe -- (Platinum Host Service)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/08 21:36:10 | 000,390,672 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/02 13:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2014/08/28 15:18:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/13 12:42:04 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/28 14:45:42 | 000,246,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Disabled | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/06/28 23:20:48 | 003,860,480 | ---- | M] (SafeIP) [On_Demand | Stopped] -- C:\Program Files (x86)\SafeIP\SafeIPS.exe -- (SafeIPS)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/01/26 12:26:48 | 000,573,224 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2008/05/21 06:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2014/09/22 08:17:19 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/02 21:16:57 | 000,067,408 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbfilter.sys -- (kbfilter)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/03 03:57:14 | 000,117,312 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2013/12/03 03:57:10 | 000,085,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2013/12/03 03:57:04 | 000,283,160 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/01 08:08:16 | 000,050,976 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TMEBC64.sys -- (TMEBC)
DRV:64bit: - [2013/06/13 01:35:10 | 000,100,640 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:64bit: - [2013/05/15 05:23:30 | 000,303,392 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/20 10:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/04/18 11:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/05 22:01:20 | 000,033,152 | ---- | M] (CSR/PLT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbcx64.sys -- (CSRBC)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/22 10:33:12 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/02 13:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 14:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 08:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/02 06:41:47 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/02/17 12:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007/08/31 15:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 18:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 18:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 18:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2005/09/24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/09/09 17:38:10 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/20 10:19:19] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8E250462-61EA-4D07-8BEB-64F74ABF9BD9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8E250462-61EA-4D07-8BEB-64F74ABF9BD9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 1C E9 37 CB 59 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0E 0A DF 01 0F 15 8D 40 BF 98 07 55 DA F1 82 C4  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {1E95ECFC-3DF2-435A-BC94-E66B7DFF2E8E}
IE - HKCU\..\SearchScopes\{1E95ECFC-3DF2-435A-BC94-E66B7DFF2E8E}: "URL" = https://duckduckgo.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{8E250462-61EA-4D07-8BEB-64F74ABF9BD9}: "URL" = http://www.bing.com/...E11SR&pc=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Robbie\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.5.1137\7.5.1137\FIREFOXEXTENSION
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1166\8.0.1166\FIREFOXEXTENSION [2014/09/03 09:32:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/23 11:24:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\firefoxextension [2014/09/03 09:32:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2014/09/03 09:33:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014/09/03 09:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8197dd50-b252-4b08-a1be-1277f22357bb}: C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014/09/21 20:48:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 32.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/18 16:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 32.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/23 11:24:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/08/29 18:57:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014/04/04 10:47:58 | 000,000,000 | ---D | M]
 
[2010/06/07 19:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Extensions
[2010/01/09 20:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/05/19 05:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions
[2014/01/05 03:16:49 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions\[email protected]
[2014/01/03 22:52:57 | 000,000,000 | ---D | M] (iCloud Bookmarks) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions\[email protected]
[2014/01/15 21:36:09 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions\[email protected]
[2013/04/09 10:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\SeaMonkey\Profiles\nleslqb9.default\extensions
[2014/01/13 21:36:05 | 001,267,418 | ---- | M] () (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions\[email protected]
[2013/10/29 22:12:21 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions\[email protected]
[2014/01/16 21:37:02 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/11 08:45:18 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014/06/02 22:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/02 22:35:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/07/29 21:21:05 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Trend Micro DirectPass BHO) - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Trend Micro DirectPass BHO) - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Trend Micro DirectPass ToolBar) - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro DirectPass ToolBar) - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Platinum] C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [PwmConsole.exe] C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\SafeIPs64.dll (SafeIP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\SafeIPs64.dll (SafeIP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\SafeIPs64.dll (SafeIP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\SafeIPs64.dll (SafeIP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\SafeIPs64.dll (SafeIP)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\SafeIPs.dll (SafeIP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\SafeIPs.dll (SafeIP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\SafeIPs.dll (SafeIP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\SafeIPs.dll (SafeIP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\SafeIPs.dll (SafeIP)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0018-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75081439-6511-4FE4-9286-F9DF40E99390}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8913384E-436A-431C-B4A1-D02550B1D099}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/22 15:55:22 | 000,000,108 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/03 09:49:07 | 000,067,408 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\kbfilter.sys
[2014/09/03 09:49:07 | 000,067,408 | ---- | C] (Trend Micro Inc.) -- C:\kbfilter.sys
[2014/09/03 09:35:31 | 000,000,000 | -H-D | C] -- C:\TMRescueDisk
[2014/09/03 09:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro DirectPass
[2014/09/03 09:32:50 | 000,100,640 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmeevw.sys
[2014/09/03 09:32:46 | 000,303,392 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmnciesc.sys
[2014/09/03 09:32:37 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2014/09/03 09:30:44 | 000,283,160 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2014/09/03 09:30:44 | 000,085,936 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2014/09/03 09:30:43 | 000,117,312 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2014/09/03 09:30:36 | 000,050,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\TMEBC64.sys
[2014/09/01 08:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/27 15:18:50 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/22 17:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/22 17:57:23 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/22 17:50:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/22 17:50:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/22 08:17:19 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/22 08:15:21 | 000,813,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/22 08:15:21 | 000,685,690 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/22 08:15:21 | 000,130,206 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/22 07:59:44 | 516,143,890 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/21 15:43:37 | 000,000,010 | ---- | M] () -- C:\Users\Robbie\AppData\Local\sponge.last.runtime.cache
[2014/09/11 07:20:21 | 000,048,898 | ---- | M] () -- C:\Users\Robbie\Desktop\Remembering-9--11.jpg
[2014/09/11 07:12:14 | 000,012,811 | ---- | M] () -- C:\Users\Robbie\Desktop\remember-9-11.jpg
[2014/09/06 16:42:11 | 008,166,551 | ---- | M] () -- C:\Users\Robbie\Documents\2014-2015_louisiana_hunting_regulations_low_res.pdf
[2014/09/03 10:25:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/03 09:30:09 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2014/09/02 14:36:50 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/01 22:23:33 | 005,636,699 | ---- | M] () -- C:\Users\Robbie\Documents\Body Power BR2710 manual 4-6-2012--ASTM pdf pdf.pdf
[2014/08/31 21:35:23 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/08/31 21:35:22 | 000,191,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/08/31 21:35:22 | 000,190,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/08/31 15:51:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRobbie.job
[2014/08/28 15:18:31 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/28 15:18:30 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/28 07:14:14 | 000,352,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/22 07:59:44 | 516,143,890 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/09/11 07:17:27 | 000,048,898 | ---- | C] () -- C:\Users\Robbie\Desktop\Remembering-9--11.jpg
[2014/09/11 07:12:26 | 000,012,811 | ---- | C] () -- C:\Users\Robbie\Desktop\remember-9-11.jpg
[2014/09/06 16:42:11 | 008,166,551 | ---- | C] () -- C:\Users\Robbie\Documents\2014-2015_louisiana_hunting_regulations_low_res.pdf
[2014/09/03 11:23:28 | 000,000,010 | ---- | C] () -- C:\Users\Robbie\AppData\Local\sponge.last.runtime.cache
[2014/09/03 09:49:07 | 000,007,799 | ---- | C] () -- C:\kbfilter.cat
[2014/09/03 09:49:07 | 000,002,605 | ---- | C] () -- C:\kbfilter.inf
[2014/09/03 09:49:07 | 000,000,098 | ---- | C] () -- C:\install.bat
[2014/09/03 09:49:07 | 000,000,081 | ---- | C] () -- C:\uninstall.bat
[2014/09/03 09:30:09 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2014/09/01 22:23:32 | 005,636,699 | ---- | C] () -- C:\Users\Robbie\Documents\Body Power BR2710 manual 4-6-2012--ASTM pdf pdf.pdf
[2013/07/27 16:24:03 | 000,806,528 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/13 15:03:12 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/03/13 15:02:58 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/12 11:34:36 | 000,108,320 | ---- | C] () -- C:\ProgramData\tizxyqupmydwgjd
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/12/21 23:54:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/09/28 11:44:52 | 000,000,878 | ---- | C] () -- C:\Users\Robbie\AppData\Local\recently-used.xbel
[2012/08/01 22:19:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/01 14:16:16 | 000,917,107 | ---- | C] () -- C:\Users\Robbie\AppData\Local\census.cache
[2012/08/01 14:15:33 | 000,130,659 | ---- | C] () -- C:\Users\Robbie\AppData\Local\ars.cache
[2012/08/01 14:07:55 | 000,000,036 | ---- | C] () -- C:\Users\Robbie\AppData\Local\housecall.guid.cache
[2012/04/05 08:56:34 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/16 11:14:24 | 000,000,352 | ---- | C] () -- C:\Users\Robbie\AppData\Roaming\Network Meter_Settings.ini
[2011/12/22 10:39:21 | 000,000,000 | ---- | C] () -- C:\Users\Robbie\AppData\Local\{0AFCA4F4-32ED-4B03-ABBE-801657D6EEC0}
[2011/06/22 07:55:21 | 000,000,690 | ---- | C] () -- C:\Users\Robbie\AppData\Roaming\wklnhst.dat
[2011/05/09 10:52:55 | 000,000,000 | ---- | C] () -- C:\Users\Robbie\AppData\Local\{584C1072-EC74-4222-B4AA-18B9E7348032}
[2010/10/15 23:28:33 | 000,007,597 | ---- | C] () -- C:\Users\Robbie\AppData\Local\Resmon.ResmonCfg
[2010/01/10 00:31:52 | 000,150,528 | ---- | C] () -- C:\Users\Robbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/10 00:30:13 | 000,000,952 | --S- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:4A74A9A7

< End of report >
 


  • 0

Advertisements

#2
BrianDrab
Posted 28 September 2014 - 03:05 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Sorry for the delay. I would be happy to help. It sounds more like a hardware issue than malware but I do see some things that could be cleaned up.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Let's get started. Please do the following (if possible). Let me know if you have issues.

 

Step#1 - JRT

1. Download Junkware Removal Tool to your desktop.

2. Right-click JRT.exe and select "Run as Administrator".

3. The tool will open to a disclaimer screen. Press any key to start scanning your system.

4. Please be patient as this can take a while to complete depending on your system's specifications.

5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

6. Post the contents of JRT.txt into your next message.

 

 

Step#2 - BSOD Log
1. Please download the 64-bit version of Bluescreenview from here and save it to your desktop.
2. Right-click on the downloaded file (bluescreenview-x64.zip) and select Extract All. Click the Extract button and a folder will open with the contents that were extracted.
3. Right-click on BlueScreenView.exe and select Run as administrator. If prompted to Allow, please answer yes.
4. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
5. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt.
6. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.

 

 

Step#3 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your next Post

1. JRT log

2. BSOD Log

3. FRST and Addition log


Edited by BrianDrab, 28 September 2014 - 06:05 PM.

  • 0

#3
hrsepwrbrat
Posted 28 September 2014 - 07:18 PM

hrsepwrbrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Thanks for replying!

 

The computer has been shut down for the last few days. Upon starting, it performed a file system check on C. Deleted mutiple corrupt  attribute records from file record segments. After running these tools, I have gotten 2 of the blue screens saying windows is shutting down to protect files. (Or something similar to that). It is checking the file system on C again after that blue screen. It locked up several times between tools.

 

I really appreciate this!

 

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x64
Ran by Robbie on Sun 09/28/2014 at 19:57:58.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/28/2014 at 20:04:03.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

BSOD Log:

 

==================================================
Dump File         : 092814-52931-01.dmp
Crash Time        : 9/28/2014 5:45:34 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : ffffffff`ffffff83
Parameter 2       : 00000000`0000000b
Parameter 3       : 00000000`00000001
Parameter 4       : fffff880`0471f850
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+27f850
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : ATI Technologies Inc.
File Version      : 8.01.01.921
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\092814-52931-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274,704
Dump File Time    : 9/28/2014 5:48:06 PM
==================================================

==================================================
Dump File         : 092214-26036-01.dmp
Crash Time        : 9/22/2014 7:58:53 AM
Bug Check String  : MEMORY_MANAGEMENT
Bug Check Code    : 0x0000001a
Parameter 1       : 00000000`00041201
Parameter 2       : fffff680`000012d8
Parameter 3       : e0500000`6d924847
Parameter 4       : fffffa80`05a78540
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\092214-26036-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274,648
Dump File Time    : 9/22/2014 7:59:54 AM
==================================================
 

 

 

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by Robbie (administrator) on HP on 28-09-2014 20:07:02
Running from C:\Users\Robbie\Desktop
Loaded Profile: Robbie (Available profiles: Robbie & Mcx1-HP)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SafeIP) C:\Program Files (x86)\SafeIP\SafeIPS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\inspect\Inspect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WMIC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [231384 2014-03-14] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1306160 2014-03-14] (Trend Micro Inc.)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [1238200 2014-07-02] (Trend Micro Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x291CE937CB59CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {1E95ECFC-3DF2-435A-BC94-E66B7DFF2E8E} URL = https://duckduckgo.c...q={searchTerms}
SearchScopes: HKCU - {1E95ECFC-3DF2-435A-BC94-E66B7DFF2E8E} URL = https://duckduckgo.c...q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKCU - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Trend Micro DirectPass BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe64.dll (Trend Micro Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Trend Micro DirectPass BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - Trend Micro DirectPass ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Trend Micro DirectPass ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 16 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 16 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://duckduckgo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\Robbie\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\searchplugins\duckduckgo.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2014-01-05]
FF Extension: iCloud Bookmarks - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2014-01-03]
FF Extension: MaskMe - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2014-01-15]
FF Extension: Ghostery - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2013-09-11]
FF Extension: DuckDuckGo Plus - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2013-09-11]
FF Extension: Adblock Plus - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-11]
FF Extension: BetterPrivacy - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-09-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\firefoxextension [2014-09-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1166\8.0.1166\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014-09-03]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files (x86)\WordWeb\WCaptureMoz [2011-08-29]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-04]
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2011-08-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S4 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S4 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [246616 2013-08-28] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1179696 2014-03-14] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [314808 2014-07-02] (Trend Micro Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [3860480 2013-06-28] (SafeIP) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2011-11-05] (CSR/PLT)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice64.sys [215808 2007-06-21] (eMPIA Technology, Inc.) [File not signed]
S3 emAudio; C:\Windows\System32\drivers\emAudio64.sys [79872 2007-08-31] (eMPIA Technology, Inc.) [File not signed]
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter64.sys [6400 2007-06-21] (eMPIA Technology, Inc.) [File not signed]
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [67408 2014-07-02] (Trend Micro Inc.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-24] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-22] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan64.sys [6144 2007-06-21] (eMPIA Technology, Inc.) [File not signed]
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-09] (CyberLink Corp.)
S3 ATICDSDr; \??\C:\Users\Robbie\AppData\Local\Temp\ATICDSDr.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U4 eabfiltr; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [X]
U2 TMAgent; No ImagePath
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 20:07 - 2014-09-28 20:07 - 00023193 _____ () C:\Users\Robbie\Desktop\FRST.txt
2014-09-28 20:06 - 2014-09-28 20:06 - 00004158 _____ () C:\Users\Robbie\Desktop\bsod.txt
2014-09-28 20:06 - 2014-09-28 20:06 - 00000951 _____ () C:\Users\Robbie\Desktop\BlueScreenView.cfg
2014-09-28 20:04 - 2014-09-28 20:04 - 00000634 _____ () C:\Users\Robbie\Desktop\JRT.txt
2014-09-28 18:22 - 2013-07-17 10:36 - 00146528 _____ (NirSoft) C:\Users\Robbie\Desktop\BlueScreenView.exe
2014-09-28 18:22 - 2013-07-17 10:36 - 00018384 _____ () C:\Users\Robbie\Desktop\BlueScreenView.chm
2014-09-28 18:21 - 2014-09-28 18:19 - 00084917 _____ () C:\Users\Robbie\Desktop\bluescreenview-x64.zip
2014-09-28 18:19 - 2014-09-28 18:20 - 00000000 ____D () C:\0e723be4736bcf5fe0c54585933508
2014-09-28 18:13 - 2014-09-28 18:08 - 02108928 _____ (Farbar) C:\Users\Robbie\Desktop\FRST64.exe
2014-09-28 18:04 - 2014-09-28 18:04 - 00000000 ____D () C:\c777a11e5b542c0ba41ed365f246a7ea
2014-09-28 17:58 - 2014-09-28 17:46 - 01699276 _____ (Thisisu) C:\Users\Robbie\Desktop\JRT.exe
2014-09-28 17:51 - 2014-09-28 17:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-28 17:47 - 2014-09-28 17:48 - 00274704 _____ () C:\Windows\Minidump\092814-52931-01.dmp
2014-09-28 17:37 - 2014-09-28 17:37 - 00003536 ____N () C:\bootsqm.dat
2014-09-28 17:31 - 2014-09-28 17:31 - 00000000 __SHD () C:\found.000
2014-09-22 07:59 - 2014-09-28 17:47 - 488254154 _____ () C:\Windows\MEMORY.DMP
2014-09-22 07:59 - 2014-09-22 07:59 - 00274648 _____ () C:\Windows\Minidump\092214-26036-01.dmp
2014-09-21 21:05 - 2014-09-21 21:05 - 00000636 _____ () C:\Windows\PFRO.log
2014-09-03 11:23 - 2014-09-21 15:43 - 00000010 _____ () C:\Users\Robbie\AppData\Local\sponge.last.runtime.cache
2014-09-03 09:49 - 2014-07-02 21:16 - 00067408 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\kbfilter.sys
2014-09-03 09:49 - 2014-07-02 21:16 - 00067408 _____ (Trend Micro Inc.) C:\kbfilter.sys
2014-09-03 09:49 - 2014-07-02 21:16 - 00007799 _____ () C:\kbfilter.cat
2014-09-03 09:49 - 2014-07-02 21:16 - 00000098 _____ () C:\install.bat
2014-09-03 09:49 - 2014-07-02 21:16 - 00000081 _____ () C:\uninstall.bat
2014-09-03 09:44 - 2014-09-28 20:06 - 00001344 _____ () C:\Windows\setupact.log
2014-09-03 09:44 - 2014-09-03 09:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-03 09:35 - 2014-09-03 09:35 - 00000000 ___HD () C:\TMRescueDisk
2014-09-03 09:34 - 2014-09-21 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro DirectPass
2014-09-03 09:33 - 2014-09-03 09:33 - 00000000 ____D () C:\Users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2014-09-03 09:32 - 2014-09-21 21:06 - 00003812 _____ () C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum
2014-09-03 09:32 - 2013-06-13 01:35 - 00100640 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-09-03 09:32 - 2013-05-15 05:23 - 00303392 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-09-03 09:32 - 2011-08-22 10:33 - 00105744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
2014-09-03 09:30 - 2014-09-03 09:30 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-09-03 09:30 - 2013-12-03 03:57 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-09-03 09:30 - 2013-12-03 03:57 - 00117312 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-09-03 09:30 - 2013-12-03 03:57 - 00085936 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-09-03 09:30 - 2013-07-01 08:08 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2014-09-03 08:52 - 2014-09-03 08:53 - 228713128 _____ (Trend Micro Inc.) C:\Users\Robbie\Downloads\TTi_7.2_MR_Full.exe
2014-09-01 09:06 - 2014-09-01 09:06 - 17888872 _____ (Nullsoft, Inc.) C:\Users\Robbie\Downloads\winamp57_3444_beta_full_all.exe
2014-08-31 21:32 - 2014-08-31 21:33 - 96138664 _____ (Oracle Corporation) C:\Users\Robbie\Downloads\jre-8u20-windows-x64.exe
2014-08-31 21:30 - 2014-08-31 21:31 - 76971416 _____ (Adobe Systems Incorporated) C:\Users\Robbie\Downloads\AdbeRdr11008_en_US.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 20:07 - 2013-07-29 21:04 - 00000000 ____D () C:\FRST
2014-09-28 20:04 - 2009-07-14 00:13 - 00006434 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-28 20:04 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 20:04 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 20:02 - 2012-08-01 21:32 - 01768043 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 19:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 18:23 - 2013-07-27 16:24 - 00806528 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-28 18:04 - 2013-08-02 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-28 18:04 - 2010-01-11 14:25 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-28 17:56 - 2010-01-09 17:19 - 00000000 ____D () C:\Users\Robbie
2014-09-28 17:47 - 2014-04-28 15:35 - 00000000 ____D () C:\Windows\Minidump
2014-09-22 08:17 - 2014-05-19 00:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 08:04 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-21 20:49 - 2013-04-09 13:14 - 00000000 ____D () C:\Users\Mcx1-HP
2014-09-21 20:49 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-21 20:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-21 20:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-09-21 20:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-21 20:48 - 2013-09-02 11:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 20:48 - 2012-12-30 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-09-21 20:48 - 2010-08-23 01:49 - 00000000 ____D () C:\Users\Robbie\AppData\Roaming\XnView
2014-09-21 20:48 - 2010-04-11 22:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-09-21 20:48 - 2010-01-09 17:47 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-21 20:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-21 20:44 - 2010-04-11 22:30 - 00000000 ____D () C:\ProgramData\GARMIN
2014-09-03 10:25 - 2012-08-01 22:19 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-03 09:43 - 2013-05-06 22:03 - 00000000 ____D () C:\Users\Robbie\AppData\Local\Trend Micro
2014-09-03 09:34 - 2014-07-01 07:32 - 00000000 ____D () C:\Program Files\Trend Micro
2014-09-03 09:28 - 2012-07-07 10:41 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-09-03 09:11 - 2013-07-27 16:29 - 00000000 ____D () C:\ProgramData\SketchUp
2014-09-03 09:11 - 2013-07-27 16:29 - 00000000 ____D () C:\Program Files (x86)\SketchUp
2014-09-02 14:36 - 2012-02-27 15:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 14:35 - 2012-09-26 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 13:52 - 2010-01-09 18:37 - 00000000 ___RD () C:\Users\Robbie\software
2014-09-01 09:02 - 2010-01-09 18:18 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-09-01 09:01 - 2011-01-19 21:51 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2014-09-01 09:01 - 2010-01-09 18:18 - 00000000 ____D () C:\Users\Robbie\AppData\Roaming\Winamp
2014-09-01 08:56 - 2009-08-15 02:15 - 00000000 ____D () C:\Program Files\Java
2014-08-31 21:35 - 2014-03-20 21:59 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-31 21:35 - 2014-03-20 21:59 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-31 21:35 - 2014-01-24 12:54 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-31 21:34 - 2013-10-22 08:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-31 21:32 - 2012-11-03 09:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-31 15:51 - 2014-08-15 03:51 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRobbie
2014-08-31 15:51 - 2014-08-15 03:51 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForRobbie.job
2014-08-29 14:18 - 2012-09-25 14:07 - 00000000 ____D () C:\Users\Robbie\AppData\Roaming\PhotoScape

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-21 15:43

==================== End Of Log ============================

 

 

 

I realized as I was ready to post that I forgot step 2. I redid everything, and the second time I did the FRST, it didn't create an Addition file. This is from the first time it ran... sorry if that screws up anything.

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 02
Ran by Robbie at 2014-09-28 18:16:07
Running from C:\Users\Robbie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2570 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
2570_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
2570Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.243 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.243 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.144 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Audacity 1.3.11 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{2492AE96-F681-4922-B5EB-3045B03BEC12}) (Version: 0.8.20 - Kovid Goyal)
Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help English (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help French (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help German (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
ccc-utility64 (Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elevated Installer (x32 Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ExpertGPS 4.36 (HKLM-x32\...\ExpertGPS_is1) (Version: 4.36 - TopoGrafix)
Facebook Messenger 2.1.4520.0 (HKLM-x32\...\{52EFF266-98B7-4094-BD24-65490ED8E45D}) (Version: 2.1.4520.0 - Facebook)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{d0fa5283-14fe-4f9e-9716-3343b8925ff6}) (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3309 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3309 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.5.1 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LightScribe Applications (HKLM-x32\...\{61F25370-7465-4404-BE28-4629BF808699}) (Version: 1.18.15.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
LightScribe Template Designs - Animal Pack 1 (HKLM-x32\...\{F8C7F1F2-EF8A-4019-89A8-77C5667F75C7}) (Version: 1.17.0.0 - LightScribe)
LightScribe Template Designs - Art Pack 1 (HKLM-x32\...\{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}) (Version: 1.10.16.1 - LightScribe)
LightScribe Template Designs - Athletic Pack 1 (HKLM-x32\...\{1102D7B1-098C-4F48-92F4-DC403E45A527}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Fantasy Pack 1 (HKLM-x32\...\{DE72186D-A4A5-4504-839C-B14FC3432DA1}) (Version: 1.13.0.0 - LightScribe)
LightScribe Template Designs - Grab Bag Pack 1 (HKLM-x32\...\{B5ECA6E5-C943-4A40-936B-8E16D5B233ED}) (Version: 1.17.0.0 - LightScribe)
LightScribe Template Designs - Hobby Pack 1 (HKLM-x32\...\{79D16FEF-F66A-4DF3-AE01-DF0AE3E3BA45}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Music Pack 1 (HKLM-x32\...\{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Mythology Pack 1 (HKLM-x32\...\{18143CE1-430E-4FF3-A44F-811FD2910929}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Tattoo Pack 1 (HKLM-x32\...\{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}) (Version: 1.13.0.0 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
Louisiana ci20/10 (HKLM-x32\...\mc73_la) (Version:  - )
LOUISIANA TOPO (HKLM-x32\...\latopo11) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Map Calibrator 2.6 (HKLM-x32\...\Map Calibrator) (Version: 2.6 - Megalith)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1049 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modern Ballistics (HKLM-x32\...\{74FA577B-5B3B-4791-B310-E3E5773C9B5A}) (Version: 1.0.2006.305 - FlashTek)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Mozilla Thunderbird 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{26D3E377-1DCA-4043-9410-B4A9BACF1033}) (Version: 7.02.9888 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17800.8.5 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10400.26.0 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.3.4630 - Barnesandnoble.com)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pearson VUE Tutorial and Demo (HKLM-x32\...\{AB693641-099A-478E-844A-643CB05F426B}) (Version: 2.12.5.74 - Pearson VUE)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM-x32\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version:  - )
Plantronics MyHeadset Updater (x64) (HKLM\...\{0F384994-7E93-45AD-969A-CD648669C18B}) (Version: 2.6.50023.0 - Plantronics, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shooter for Windows (HKLM-x32\...\{3AE8C084-A228-49E2-8D78-AEA88005CD5C}) (Version: 1.20.0000 - D & C Software)
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Studio 10.8 Patch (x32 Version: 10.8.0.4641 - Pinnacle Systems) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trend Micro DirectPass (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.0.1094 - Trend Micro Inc.)
Trend Micro DirectPass (Version: 1.9.0.1044 - Trend Micro Inc.) Hidden
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.2 - Trend Micro Inc.)
Trend Micro Titanium (Version: 7.2 - Trend Micro Inc.) Hidden
Try Corel Snapfire muvee autoProducer add on (x32 Version: 1.00.0000 - Corel Corporation) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 1.60.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 1.60.0000 - Magellan Navigation, Inc.) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.7 Beta - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB  (08/15/2010 2.1.0.2) (HKLM\...\0799181C3332EF8BCBD444BC080F9CA0737F8279) (Version: 08/15/2010 2.1.0.2 - Cambridge Silicon Radio)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)
XnView 1.97.6 (HKLM-x32\...\XnView_is1) (Version: 1.97.6 - Gougelet Pierre-e)
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3378118443-294144380-135819489-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3378118443-294144380-135819489-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-09-2014 08:00:14 Windows Update
03-09-2014 13:28:33 Windows Update
03-09-2014 14:09:42 Removed SketchUp 2013
04-09-2014 08:00:15 Windows Update
05-09-2014 08:00:11 Windows Update
06-09-2014 08:00:11 Windows Update
07-09-2014 08:00:11 Windows Update
08-09-2014 08:00:11 Windows Update
09-09-2014 08:00:10 Windows Update
10-09-2014 08:00:11 Windows Update
12-09-2014 08:00:18 Windows Update
13-09-2014 01:55:23 Garmin Express
13-09-2014 01:55:54 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-09-2014 01:57:40 Garmin Express
21-09-2014 19:51:32 Windows Update
22-09-2014 00:30:19 Windows Update
22-09-2014 12:57:33 Windows Update
22-09-2014 13:13:11 Windows Update
28-09-2014 22:53:22 Windows Update
28-09-2014 23:02:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-07-29 21:21 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {136CAD87-E51F-407E-BB1F-38496E01CC3C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3378118443-294144380-135819489-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {18615AB7-506F-4E9E-A067-CA14668C8292} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {20992FD0-EED6-4924-A9EA-4FFA8653AA65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2B8C1DF0-187A-474C-8C05-A6C00EF78EB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {30AEC8A6-73BB-4D87-8576-D3A5496F06BF} - System32\Tasks\HPCeeScheduleForRobbie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {30FD6BC6-66D8-4249-8CA2-62E5A5AA9741} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-28] (Adobe Systems Incorporated)
Task: {3546ADAB-4D2A-4CB8-AB13-8417DF04D559} - System32\Tasks\{DBE80D23-0B61-4154-976A-182E3E686E6B} => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [2014-03-14] (Trend Micro Inc.)
Task: {5D02553B-7C8A-42F8-8FC3-C16B7C3E861C} - System32\Tasks\{59E04425-F287-472C-85EF-E9552EB378BE} => C:\Program Files (x86)\Free YouTube Downloader plus\FreeYouTubeDownloaderPlus.exe
Task: {79DDFE7E-4887-4E8D-9FC6-C8521D503CFA} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {7FD521C5-39D3-4DF4-8D0D-8EE9AE1395FD} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2014-03-14] (Trend Micro Inc.)
Task: {85A6B6A7-EDFC-4E3C-ABCC-8CE0CD22F526} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-HP => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {90D865DA-D1E6-4DA0-8E73-2896E713B0D1} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09] (CyberLink Corp.)
Task: {A943D50D-192A-4291-80B6-1E284D0A5CE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3378118443-294144380-135819489-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B2BD4255-4876-4EA6-8845-7522BC9AC80A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN1C54328S05QB => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {D50BECD0-386F-4B7A-98E7-A162424CE113} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D78D99F4-88EB-407D-BDA1-9EFC0C106875} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D7BED7F0-DAE2-435D-9AB4-169AA53C7BCE} - System32\Tasks\{57AF54A7-6B14-4797-BDDB-37AF01053AF7} => C:\Program Files (x86)\Free YouTube Downloader plus\FreeYouTubeDownloaderPlus.exe
Task: {D97AF0CB-4CEE-4D71-B71C-053707707EAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {F22E5EE3-EC9E-49E8-B068-D950EF339CEF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {FE6417DA-CA3E-4691-8B17-55612D4F328C} - System32\Tasks\{6F64B50F-6077-4527-99B0-ACBE8B423C7C} => C:\Program Files (x86)\Free YouTube Downloader plus\FreeYouTubeDownloaderPlus.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRobbie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-09-03 09:29 - 2013-01-15 21:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-09-03 09:29 - 2013-04-01 23:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-09-03 09:29 - 2013-01-15 21:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-09-03 09:29 - 2012-12-18 15:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-09-03 09:29 - 2013-01-15 21:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-09-03 09:32 - 2014-03-14 14:25 - 00097736 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2014-09-03 09:32 - 2014-03-14 14:25 - 00027208 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2014-09-03 09:32 - 2014-03-14 14:25 - 00058096 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2013-10-25 13:12 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2009-07-23 13:37 - 2009-07-23 13:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4A74A9A7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AllShare => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 3
MSCONFIG\Services: CTDevice_Srv => 2
MSCONFIG\Services: CTUPnPSv => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SoftAuto.exe => "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: {d0fa5283-14fe-4f9e-9716-3343b8925ff6} => "C:\ProgramData\Package Cache\{d0fa5283-14fe-4f9e-9716-3343b8925ff6}\GarminExpressInstaller.exe" /burn.log.append "C:\Users\Robbie\AppData\Local\Temp\Garmin_Express_20130903151646.log" /burn.runonce

========================= Accounts: ==========================

Administrator (S-1-5-21-3378118443-294144380-135819489-500 - Administrator - Disabled)
Guest (S-1-5-21-3378118443-294144380-135819489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3378118443-294144380-135819489-1004 - Limited - Enabled)
Mcx1-HP (S-1-5-21-3378118443-294144380-135819489-1005 - Limited - Enabled) => C:\Users\Mcx1-HP
Robbie (S-1-5-21-3378118443-294144380-135819489-1000 - Administrator - Enabled) => C:\Users\Robbie

==================== Faulty Device Manager Devices =============

Name: Photosmart 6510 series
Description: Photosmart 6510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/28/2014 06:12:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCLEPCI

Error: (09/28/2014 06:10:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/28/2014 06:11:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:06:30 PM on ‎9/‎28/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-22 08:04:45.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 08:04:45.563
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-08 12:28:45.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-08 12:28:45.193
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-01 21:43:02.536
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-01 21:43:02.505
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-05-31 09:04:14.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 09:04:14.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 09:04:14.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 09:04:11.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Turion™ II Ultra Dual-Core Mobile M600
Percentage of memory in use: 36%
Total physical RAM: 3836.2 MB
Available physical RAM: 2416.93 MB
Total Pagefile: 7670.57 MB
Available Pagefile: 6180.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.13 GB) (Free:36.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.84 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6FE0338E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 960.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#4
BrianDrab
Posted 29 September 2014 - 05:01 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for getting me the info. I know it wasn't easy with it shutting down on you. The good news is I don't believe this has to do with any malware being on the machine. But let's see if we can find out what is exactly going on. Please follow the instructions below.
 
Step#1 - Warnings
Registry Cleaners
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
 
Low on Disk Space
Your C:\ drive is low on disk space. It is recommended that you have at least 15% free space left for windows to work efficiently. You may want to clear up some space.
 
 
Step#2 - Uninstalls
 
Please uninstall the following program. Instructions for doing so are here.
If the program gives you an error during the uninstall, notate it and move on. Just let me know that it had issues. If you are asked to reboot, please do.

Pinnacle Instant DVD Recorder
 
The reason I am asking that you uninstall this is to try and eliminate the following error...which could cause system crashes.
 
Error: (09/28/2014 06:10:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Note: If you use this program and don't have the ability to re-install it then please skip this step as well as Step#3 below. But please do the others. Just let me know.
 
Step#3 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.61KB   201 downloads

Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
 
Step#4 - Retrieve Chkdsk Results
1. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.
2. Double-click this file and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). Please copy the contents of this file and paste into your next post.
 
 

 

 

If you completed Step#3 above then next time your machine crashes it won't simply reboot. You will see what they call the Blue Screen of Death (BSOD) and it will have information on the screen that may be important to your issue. If this does happen then please follow the BSOD instructions that I posted previously and post that information. Thank you.
 
Items for your next Post

1. FRST Fix Log

2. ChkDsk log


  • 0

#5
hrsepwrbrat
Posted 29 September 2014 - 04:38 PM

hrsepwrbrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Ok, got the logs! I couldn't find the Pinnacle Instant DVD Recorder to remove it. Hubby said he's never heard of it, and it wasn't in the list of programs installed. Isn't that screwy? Is there another name for this program?

 

I didn't get another blue screen, just the freezing and patterns on the screen. The number lock and cap lock lights start blinking when this happens.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 02
Ran by Robbie at 2014-09-29 12:29:21 Run:1
Running from C:\Users\Robbie\Desktop
Loaded Profile: Robbie (Available profiles: Robbie & Mcx1-HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKCU - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL =
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
C:\Windows\SysWOW64\drivers\pclepci.sys
C:\ProgramData\tizxyqupmydwgjd
C:\ProgramData\1.bmp
C:\ProgramData\1.jpg
AlternateDataStreams: C:\ProgramData\Temp:4A74A9A7
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add HKLM\SYSTEM\CurrentControlSet\Control\CrashControl /v AutoReboot /t REG_DWORD /d 0x0 /f
EmptyTemp:


*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully.
"HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key deleted successfully.
"HKCR\CLSID\{CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) => Error: No automatic fix found for this entry.
PCLEPCI => Service deleted successfully.
C:\Windows\SysWOW64\drivers\pclepci.sys => Moved successfully.
C:\ProgramData\tizxyqupmydwgjd => Moved successfully.
C:\ProgramData\1.bmp => Moved successfully.
C:\ProgramData\1.jpg => Moved successfully.
C:\ProgramData\Temp => ":4A74A9A7" ADS removed successfully.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add HKLM\SYSTEM\CurrentControlSet\Control\CrashControl /v AutoReboot /t REG_DWORD /d 0x0 /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => Removed 64.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 9/29/2014 5:29:33 PM >------
Category: 0
Computer Name: HP
Event Code: 1001
Record Number: 67184
Source Name: Microsoft-Windows-Wininit
Time Written: 09-29-2014 @ 01:35:36
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  603648 file records processed.                                         

File verification completed.
  3162 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  49 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
The index bitmap $I30 in file 0x1fcec is incorrect.
Correcting error in index $I30 for file 130284.
The down pointer of current index entry with length 0x78 is invalid.
7a e0 02 00 00 00 ba 00 78 00 5a 00 01 00 00 00  z.......x.Z.....
ec fc 01 00 00 00 78 00 c8 2d f3 b5 67 d6 cf 01  ......x..-..g...
a0 50 69 aa 17 9f cf 01 f0 40 fc 15 b7 d6 cf 01  .Pi......@......
c8 2d f3 b5 67 d6 cf 01 00 10 00 00 00 00 00 00  .-..g...........
36 06 00 00 00 00 00 00 20 00 00 00 00 00 00 00  6....... .......
0c 02 4d 00 53 00 30 00 43 00 37 00 46 00 7e 00  ..M.S.0.C.7.F.~.
31 00 2e 00 4d 00 41 00 7e 00 6f 00 73 00 74 00  1...M.A.~.o.s.t.
ff ff ff ff ff ff ff ff 05 e0 02 00 00 00 cb 01  ................
78 00 5a 00 01 00 00 00 ec fc 01 00 00 00 78 00  x.Z...........x.
Sorting index $I30 in file 130284.
  723922 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file WINDOW~1.CAB (186742) into directory file 130284.
Recovering orphaned file windows6.1-kb2973112-x64-express.cab (186742) into directory file 130284.
Recovering orphaned file update.mum (187056) into directory file 130284.
Recovering orphaned file update.cat (187354) into directory file 130284.
Recovering orphaned file PA17F8~1.MUM (187763) into directory file 130284.
Recovering orphaned file WINDOW~1.XML (187766) into directory file 130284.
Recovering orphaned file windows6.1-kb2973112-x64.psf.cix.xml (187766) into directory file 130284.
Recovering orphaned file PAC55A~1.MUM (187769) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (187773) into directory file 130284.
Recovering orphaned file PA48FA~1.CAT (187776) into directory file 130284.
Recovering orphaned file PAF65C~1.CAT (187783) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (187784) into directory file 130284.
Recovering orphaned file PA4870~1.MUM (187787) into directory file 130284.
Recovering orphaned file PACAE0~1.MUM (187790) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187795) into directory file 130284.
Recovering orphaned file UPDATE~1.MUM (187800) into directory file 130284.
Recovering orphaned file update-bf.mum (187800) into directory file 130284.
Recovering orphaned file PACKAG~1.CAT (187808) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187808) into directory file 130284.
Recovering orphaned file UPDATE~1.CAT (187814) into directory file 130284.
Recovering orphaned file update-bf.cat (187814) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1~31bf3856ad364e35~amd64~~6.1.1.0.mum (187819) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1~31bf3856ad364e35~amd64~~6.1.1.0.cat (187826) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187830) into directory file 130284.
Recovering orphaned file PA111F~1.CAT (187831) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187836) into directory file 130284.
Recovering orphaned file MSF914~1.MA~ (187846) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (187855) into directory file 130284.
Recovering orphaned file PA1F03~1.CAT (187868) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (187868) into directory file 130284.
Recovering orphaned file MS12AC~1.MA~ (187872) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187873) into directory file 130284.
Recovering orphaned file MS01AA~1.MA~ (187884) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187892) into directory file 130284.
Recovering orphaned file MS68BB~1.MA~ (187912) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (187919) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (187933) into directory file 130284.
Recovering orphaned file MS2D5E~1.MA~ (187943) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187948) into directory file 130284.
Recovering orphaned file PAFF8A~1.CAT (187971) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187971) into directory file 130284.
Recovering orphaned file PACE3A~1.MUM (188148) into directory file 130284.
Recovering orphaned file MS7725~1.MA~ (188150) into directory file 130284.
Recovering orphaned file PA1D57~1.MUM (188161) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188161) into directory file 130284.
Recovering orphaned file PAFF3C~1.CAT (188163) into directory file 130284.
Recovering orphaned file MSFA37~1.MA~ (188164) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188166) into directory file 130284.
Recovering orphaned file MS78C4~1.MA~ (188186) into directory file 130284.
Recovering orphaned file PA090F~1.MUM (188197) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188197) into directory file 130284.
Recovering orphaned file MSB4BA~1.MA~ (188200) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188201) into directory file 130284.
Recovering orphaned file MSBDC5~1.MA~ (188205) into directory file 130284.
Recovering orphaned file PA524E~1.MUM (188207) into directory file 130284.
Recovering orphaned file package_77_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188207) into directory file 130284.
Recovering orphaned file PA0F99~1.CAT (188209) into directory file 130284.
Recovering orphaned file PAF941~1.MUM (188216) into directory file 130284.
Recovering orphaned file package_77_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188242) into directory file 130284.
Recovering orphaned file package_77_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188272) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188347) into directory file 130284.
Recovering orphaned file MSED68~1.MA~ (188351) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188358) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188392) into directory file 130284.
Recovering orphaned file PA1A5D~1.CAT (188393) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188404) into directory file 130284.
Recovering orphaned file package_75_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188426) into directory file 130284.
Recovering orphaned file PA1C5D~1.CAT (188428) into directory file 130284.
Recovering orphaned file PA082C~1.CAT (188438) into directory file 130284.
Recovering orphaned file package_75_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188438) into directory file 130284.
Recovering orphaned file PA519E~1.MUM (188457) into directory file 130284.
Recovering orphaned file package_75_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188457) into directory file 130284.
Recovering orphaned file MS3133~1.MA~ (188464) into directory file 130284.
Recovering orphaned file MS1D6A~1.MA~ (188487) into directory file 130284.
Recovering orphaned file PACFB5~1.MUM (188494) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188494) into directory file 130284.
Recovering orphaned file PA5627~1.CAT (188497) into directory file 130284.
Recovering orphaned file PACD52~1.CAT (188520) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188520) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188540) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188558) into directory file 130284.
Recovering orphaned file PA0A8F~1.MUM (188636) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188636) into directory file 130284.
Recovering orphaned file MS7690~1.MA~ (188683) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188708) into directory file 130284.
Recovering orphaned file PA0D89~1.MUM (188713) into directory file 130284.
Recovering orphaned file MS5F75~1.MA~ (188732) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188741) into directory file 130284.
Recovering orphaned file MSAC14~1.MA~ (188746) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188773) into directory file 130284.
Recovering orphaned file MSF27B~1.MA~ (188780) into directory file 130284.
Recovering orphaned file package_72_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188784) into directory file 130284.
Recovering orphaned file PAF971~1.CAT (188787) into directory file 130284.
Recovering orphaned file MS039F~1.MA~ (188792) into directory file 130284.
Recovering orphaned file MS06A9~1.MA~ (188803) into directory file 130284.
Recovering orphaned file package_72_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188804) into directory file 130284.
Recovering orphaned file package_72_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188934) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (189781) into directory file 130284.
Recovering orphaned file MS2B46~1.MA~ (190219) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (190229) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (191082) into directory file 130284.
Recovering orphaned file MS12C1~1.MA~ (191479) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (191728) into directory file 130284.
Recovering orphaned file MS1C89~1.MA~ (192965) into directory file 130284.
Recovering orphaned file package_70_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194398) into directory file 130284.
Recovering orphaned file package_70_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (194414) into directory file 130284.
Recovering orphaned file package_70_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (194422) into directory file 130284.
Recovering orphaned file MSAC96~1.MA~ (194520) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194522) into directory file 130284.
Recovering orphaned file MSFD24~1.MA~ (194575) into directory file 130284.
Recovering orphaned file msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.18532_da-dk_f8f78f73988804c6.manifest (194575) into directory file 130284.
Recovering orphaned file PA1238~1.CAT (194636) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (194636) into directory file 130284.
Recovering orphaned file msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_cafc8ef97b01928d.manifest (194645) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (194649) into directory file 130284.
Recovering orphaned file MS5EED~1.MA~ (194652) into directory file 130284.
Recovering orphaned file msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.18532_ar-sa_713451333e57d07f.manifest (194652) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (194653) into directory file 130284.
Recovering orphaned file PAC9FA~1.MUM (194655) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194655) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (194662) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (194683) into directory file 130284.
Recovering orphaned file PA0A06~1.CAT (194686) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (194686) into directory file 130284.
Recovering orphaned file MS2481~1.MA~ (194688) into directory file 130284.
Recovering orphaned file msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_zh-tw_320e8a444e49bb68.manifest (194688) into directory file 130284.
Recovering orphaned file package_68_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194697) into directory file 130284.
Recovering orphaned file msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_zh-cn_326fb94a4e00f058.manifest (194704) into directory file 130284.
Recovering orphaned file msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_tr-tr_21cd9f0b9a78eb3f.manifest (194710) into directory file 130284.
Recovering orphaned file package_68_for_kb2973112_bf~
-----------------------------------------------------------------------
 


  • 0

#6
BrianDrab
Posted 30 September 2014 - 06:02 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you for the information. It does appear your drive has issues so let's focus on that first. Please ensure you have backups of your data in case your drive is failing. Please do the following.

 

 

Step#1 - ChkDsk Scan
1. Click your Start button and type cmd in the search box.
2. Right-click your mouse on the cmd.exe that is found and choose Run as administrator. Allow if prompted. 

ElevateCommandPrompt.JPG

 

3. You should now have a black window open that you can type in to.
4. Please type chkdsk /R and then press enter. <----Note: There is a space before /R
5. You may get a message that says the volume is locked and that you need to reboot for this to work. Type Y on your keyboard and then reboot your computer.
    Note: This may take awhile to run. Let it finish.

Windows7CHKDSK.jpg
6. Once this is complete, please double-click on ListChkdskResult.exe on your desktop and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). Please copy the contents of this file and paste into your next post.

 

  

 

Items for your next post

1. Contents of chkdsk scan


  • 0

#7
hrsepwrbrat
Posted 01 October 2014 - 04:26 PM

hrsepwrbrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

It's been giving me trouble.

 

Sorry for the delay!

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 10/1/2014 5:24:31 PM >------
Category: 0
Computer Name: HP
Event Code: 1001
Record Number: 67503
Source Name: Microsoft-Windows-Wininit
Time Written: 10-01-2014 @ 19:45:36
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  603648 file records processed.                                         

File verification completed.
  3166 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  49 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  722938 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  603648 file SDs/SIDs processed.                                        

Cleaning up 7 unused index entries from index $SII of file 0x9.
Cleaning up 7 unused index entries from index $SDH of file 0x9.
Cleaning up 7 unused security descriptors.
Security descriptor verification completed.
  59646 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36854392 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  603632 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  9614496 free clusters processed.                                        

Free space verification is complete.
Windows has checked the file system and found no problems.

 471998463 KB total disk space.
 432614168 KB in 528798 files.
    203444 KB in 59647 indexes.
         0 KB in bad sectors.
    722867 KB in use by the system.
     65536 KB occupied by the log file.
  38457984 KB available on disk.

      4096 bytes in each allocation unit.
 117999615 total allocation units on disk.
   9614496 allocation units available on disk.

Internal Info:
00 36 09 00 a9 fa 08 00 86 ec 0c 00 00 00 00 00  .6..............
ae 6a 00 00 31 00 00 00 00 00 00 00 00 00 00 00  .j..1...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: HP
Event Code: 1001
Record Number: 67433
Source Name: Microsoft-Windows-Wininit
Time Written: 10-01-2014 @ 05:04:45
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  603648 file records processed.                                         

File verification completed.
  3167 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  49 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  723218 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  603648 file SDs/SIDs processed.                                        

Cleaning up 47 unused index entries from index $SII of file 0x9.
Cleaning up 47 unused index entries from index $SDH of file 0x9.
Cleaning up 47 unused security descriptors.
Security descriptor verification completed.
  59786 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35665800 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 2599
of name \Windows\Logs\SYSTEM~1\RE3901~1.ETL.
  603632 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  9583387 free clusters processed.                                        

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 471998463 KB total disk space.
 432739432 KB in 528871 files.
    203736 KB in 59787 indexes.
         0 KB in bad sectors.
    721747 KB in use by the system.
     65536 KB occupied by the log file.
  38333548 KB available on disk.

      4096 bytes in each allocation unit.
 117999615 total allocation units on disk.
   9583387 allocation units available on disk.

Internal Info:
00 36 09 00 7e fb 08 00 31 ee 0c 00 00 00 00 00  .6..~...1.......
ad 6a 00 00 31 00 00 00 00 00 00 00 00 00 00 00  .j..1...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: HP
Event Code: 1001
Record Number: 67184
Source Name: Microsoft-Windows-Wininit
Time Written: 09-29-2014 @ 01:35:36
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  603648 file records processed.                                         

File verification completed.
  3162 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  49 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
Correcting error in index $I30 for file 130284.
The index bitmap $I30 in file 0x1fcec is incorrect.
Correcting error in index $I30 for file 130284.
The down pointer of current index entry with length 0x78 is invalid.
7a e0 02 00 00 00 ba 00 78 00 5a 00 01 00 00 00  z.......x.Z.....
ec fc 01 00 00 00 78 00 c8 2d f3 b5 67 d6 cf 01  ......x..-..g...
a0 50 69 aa 17 9f cf 01 f0 40 fc 15 b7 d6 cf 01  .Pi......@......
c8 2d f3 b5 67 d6 cf 01 00 10 00 00 00 00 00 00  .-..g...........
36 06 00 00 00 00 00 00 20 00 00 00 00 00 00 00  6....... .......
0c 02 4d 00 53 00 30 00 43 00 37 00 46 00 7e 00  ..M.S.0.C.7.F.~.
31 00 2e 00 4d 00 41 00 7e 00 6f 00 73 00 74 00  1...M.A.~.o.s.t.
ff ff ff ff ff ff ff ff 05 e0 02 00 00 00 cb 01  ................
78 00 5a 00 01 00 00 00 ec fc 01 00 00 00 78 00  x.Z...........x.
Sorting index $I30 in file 130284.
  723922 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file WINDOW~1.CAB (186742) into directory file 130284.
Recovering orphaned file windows6.1-kb2973112-x64-express.cab (186742) into directory file 130284.
Recovering orphaned file update.mum (187056) into directory file 130284.
Recovering orphaned file update.cat (187354) into directory file 130284.
Recovering orphaned file PA17F8~1.MUM (187763) into directory file 130284.
Recovering orphaned file WINDOW~1.XML (187766) into directory file 130284.
Recovering orphaned file windows6.1-kb2973112-x64.psf.cix.xml (187766) into directory file 130284.
Recovering orphaned file PAC55A~1.MUM (187769) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (187773) into directory file 130284.
Recovering orphaned file PA48FA~1.CAT (187776) into directory file 130284.
Recovering orphaned file PAF65C~1.CAT (187783) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (187784) into directory file 130284.
Recovering orphaned file PA4870~1.MUM (187787) into directory file 130284.
Recovering orphaned file PACAE0~1.MUM (187790) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187795) into directory file 130284.
Recovering orphaned file UPDATE~1.MUM (187800) into directory file 130284.
Recovering orphaned file update-bf.mum (187800) into directory file 130284.
Recovering orphaned file PACKAG~1.CAT (187808) into directory file 130284.
Recovering orphaned file package_10_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187808) into directory file 130284.
Recovering orphaned file UPDATE~1.CAT (187814) into directory file 130284.
Recovering orphaned file update-bf.cat (187814) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1~31bf3856ad364e35~amd64~~6.1.1.0.mum (187819) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1~31bf3856ad364e35~amd64~~6.1.1.0.cat (187826) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187830) into directory file 130284.
Recovering orphaned file PA111F~1.CAT (187831) into directory file 130284.
Recovering orphaned file package_for_kb2973112_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187836) into directory file 130284.
Recovering orphaned file MSF914~1.MA~ (187846) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (187855) into directory file 130284.
Recovering orphaned file PA1F03~1.CAT (187868) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (187868) into directory file 130284.
Recovering orphaned file MS12AC~1.MA~ (187872) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187873) into directory file 130284.
Recovering orphaned file MS01AA~1.MA~ (187884) into directory file 130284.
Recovering orphaned file package_9_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187892) into directory file 130284.
Recovering orphaned file MS68BB~1.MA~ (187912) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (187919) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (187933) into directory file 130284.
Recovering orphaned file MS2D5E~1.MA~ (187943) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (187948) into directory file 130284.
Recovering orphaned file PAFF8A~1.CAT (187971) into directory file 130284.
Recovering orphaned file package_8_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (187971) into directory file 130284.
Recovering orphaned file PACE3A~1.MUM (188148) into directory file 130284.
Recovering orphaned file MS7725~1.MA~ (188150) into directory file 130284.
Recovering orphaned file PA1D57~1.MUM (188161) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188161) into directory file 130284.
Recovering orphaned file PAFF3C~1.CAT (188163) into directory file 130284.
Recovering orphaned file MSFA37~1.MA~ (188164) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188166) into directory file 130284.
Recovering orphaned file MS78C4~1.MA~ (188186) into directory file 130284.
Recovering orphaned file PA090F~1.MUM (188197) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188197) into directory file 130284.
Recovering orphaned file MSB4BA~1.MA~ (188200) into directory file 130284.
Recovering orphaned file package_7_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188201) into directory file 130284.
Recovering orphaned file MSBDC5~1.MA~ (188205) into directory file 130284.
Recovering orphaned file PA524E~1.MUM (188207) into directory file 130284.
Recovering orphaned file package_77_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188207) into directory file 130284.
Recovering orphaned file PA0F99~1.CAT (188209) into directory file 130284.
Recovering orphaned file PAF941~1.MUM (188216) into directory file 130284.
Recovering orphaned file package_77_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188242) into directory file 130284.
Recovering orphaned file package_77_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188272) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188347) into directory file 130284.
Recovering orphaned file MSED68~1.MA~ (188351) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188358) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188392) into directory file 130284.
Recovering orphaned file PA1A5D~1.CAT (188393) into directory file 130284.
Recovering orphaned file package_76_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188404) into directory file 130284.
Recovering orphaned file package_75_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188426) into directory file 130284.
Recovering orphaned file PA1C5D~1.CAT (188428) into directory file 130284.
Recovering orphaned file PA082C~1.CAT (188438) into directory file 130284.
Recovering orphaned file package_75_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188438) into directory file 130284.
Recovering orphaned file PA519E~1.MUM (188457) into directory file 130284.
Recovering orphaned file package_75_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188457) into directory file 130284.
Recovering orphaned file MS3133~1.MA~ (188464) into directory file 130284.
Recovering orphaned file MS1D6A~1.MA~ (188487) into directory file 130284.
Recovering orphaned file PACFB5~1.MUM (188494) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188494) into directory file 130284.
Recovering orphaned file PA5627~1.CAT (188497) into directory file 130284.
Recovering orphaned file PACD52~1.CAT (188520) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188520) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188540) into directory file 130284.
Recovering orphaned file package_74_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188558) into directory file 130284.
Recovering orphaned file PA0A8F~1.MUM (188636) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188636) into directory file 130284.
Recovering orphaned file MS7690~1.MA~ (188683) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (188708) into directory file 130284.
Recovering orphaned file PA0D89~1.MUM (188713) into directory file 130284.
Recovering orphaned file MS5F75~1.MA~ (188732) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188741) into directory file 130284.
Recovering orphaned file MSAC14~1.MA~ (188746) into directory file 130284.
Recovering orphaned file package_73_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188773) into directory file 130284.
Recovering orphaned file MSF27B~1.MA~ (188780) into directory file 130284.
Recovering orphaned file package_72_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (188784) into directory file 130284.
Recovering orphaned file PAF971~1.CAT (188787) into directory file 130284.
Recovering orphaned file MS039F~1.MA~ (188792) into directory file 130284.
Recovering orphaned file MS06A9~1.MA~ (188803) into directory file 130284.
Recovering orphaned file package_72_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (188804) into directory file 130284.
Recovering orphaned file package_72_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (188934) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (189781) into directory file 130284.
Recovering orphaned file MS2B46~1.MA~ (190219) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (190229) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (191082) into directory file 130284.
Recovering orphaned file MS12C1~1.MA~ (191479) into directory file 130284.
Recovering orphaned file package_71_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (191728) into directory file 130284.
Recovering orphaned file MS1C89~1.MA~ (192965) into directory file 130284.
Recovering orphaned file package_70_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194398) into directory file 130284.
Recovering orphaned file package_70_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (194414) into directory file 130284.
Recovering orphaned file package_70_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (194422) into directory file 130284.
Recovering orphaned file MSAC96~1.MA~ (194520) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194522) into directory file 130284.
Recovering orphaned file MSFD24~1.MA~ (194575) into directory file 130284.
Recovering orphaned file msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.18532_da-dk_f8f78f73988804c6.manifest (194575) into directory file 130284.
Recovering orphaned file PA1238~1.CAT (194636) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (194636) into directory file 130284.
Recovering orphaned file msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_cafc8ef97b01928d.manifest (194645) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (194649) into directory file 130284.
Recovering orphaned file MS5EED~1.MA~ (194652) into directory file 130284.
Recovering orphaned file msil_system.servicemodel.resources_b77a5c561934e089_6.1.7601.18532_ar-sa_713451333e57d07f.manifest (194652) into directory file 130284.
Recovering orphaned file package_6_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (194653) into directory file 130284.
Recovering orphaned file PAC9FA~1.MUM (194655) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194655) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.cat (194662) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum (194683) into directory file 130284.
Recovering orphaned file PA0A06~1.CAT (194686) into directory file 130284.
Recovering orphaned file package_69_for_kb2973112_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat (194686) into directory file 130284.
Recovering orphaned file MS2481~1.MA~ (194688) into directory file 130284.
Recovering orphaned file msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_zh-tw_320e8a444e49bb68.manifest (194688) into directory file 130284.
Recovering orphaned file package_68_for_kb2973112~31bf3856ad364e35~amd64~~6.1.1.0.mum (194697) into directory file 130284.
Recovering orphaned file msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_zh-cn_326fb94a4e00f058.manifest (194704) into directory file 130284.
Recovering orphaned file msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_tr-tr_21cd9f0b9a78eb3f.manifest (194710) into directory file 130284.
Recovering orphaned file package_68_for_kb2973112_bf~
-----------------------------------------------------------------------
 


  • 0

#8
BrianDrab
Posted 02 October 2014 - 06:20 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem and thank you for the log. Please follow the steps below.

 

Step#1 - Questions
1. Would you mind describing the symptoms you are having now with your machine? Same, different, better, worse?

2. Have you seen the Blue Screen of Death (BSOD) yet?

3. Can you tell me the exact model of your HP Computer?

4. Can you tell me that exact made/model of the hard drive that is in your computer? You can follow the instructions here to do so.

 

Step#2 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer if prompted.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from.
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check this log will be created as well. Please copy and paste this log as well.

 

 

 

 

Items for your next post

1. Answers to my questions

2. FRST and Addition logs


  • 0

#9
hrsepwrbrat
Posted 02 October 2014 - 06:42 PM

hrsepwrbrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Symptoms remain the same.

 

I've seen the blue screen twice. Each time, it was much smaller than the screen, and I couldn't read what it said because it was so quick to disappear.

 

It's an HP Pavilion DV7

 

The disk drive is ST9500420AS ATA Device

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Robbie (administrator) on HP on 02-10-2014 19:35:01
Running from C:\Users\Robbie\Desktop
Loaded Profile: Robbie (Available profiles: Robbie & Mcx1-HP)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SafeIP) C:\Program Files (x86)\SafeIP\SafeIPS.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [231384 2014-03-14] (Trend Micro Inc.)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [1974632 2014-08-29] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x291CE937CB59CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {CEFC0001-D36C-4DA8-9C3C-CF9D0E15399C} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {1E95ECFC-3DF2-435A-BC94-E66B7DFF2E8E} URL = https://duckduckgo.c...q={searchTerms}
SearchScopes: HKCU - {1E95ECFC-3DF2-435A-BC94-E66B7DFF2E8E} URL = https://duckduckgo.c...q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Trend Micro DirectPass BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Trend Micro DirectPass BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Trend Micro DirectPass ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro DirectPass ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 16 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 16 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://duckduckgo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\Robbie\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\searchplugins\duckduckgo.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2014-01-05]
FF Extension: iCloud Bookmarks - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2014-01-03]
FF Extension: MaskMe - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2014-01-15]
FF Extension: Ghostery - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2013-09-11]
FF Extension: DuckDuckGo Plus - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\[email protected] [2013-09-11]
FF Extension: Adblock Plus - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-11]
FF Extension: BetterPrivacy - C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\marilyn\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-09-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-10-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014-09-03]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files (x86)\WordWeb\WCaptureMoz [2011-08-29]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-04]
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2011-08-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S4 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S4 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [246616 2013-08-28] (Garmin Ltd or its subsidiaries)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1179696 2014-09-17] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [323048 2014-08-29] (Trend Micro Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [3860480 2013-06-28] (SafeIP) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2011-11-05] (CSR/PLT)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice64.sys [215808 2007-06-21] (eMPIA Technology, Inc.) [File not signed]
S3 emAudio; C:\Windows\System32\drivers\emAudio64.sys [79872 2007-08-31] (eMPIA Technology, Inc.) [File not signed]
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter64.sys [6400 2007-06-21] (eMPIA Technology, Inc.) [File not signed]
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [67408 2014-08-29] (Trend Micro Inc.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-24] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-22] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan64.sys [6144 2007-06-21] (eMPIA Technology, Inc.) [File not signed]
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-09] (CyberLink Corp.)
S3 ATICDSDr; \??\C:\Users\Robbie\AppData\Local\Temp\ATICDSDr.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U4 eabfiltr; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [X]
U2 TMAgent; No ImagePath
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 19:35 - 2014-10-02 19:36 - 00021788 _____ () C:\Users\Robbie\Desktop\FRST.txt
2014-10-02 19:34 - 2014-10-02 19:34 - 02109440 _____ (Farbar) C:\Users\Robbie\Desktop\FRST64.exe
2014-10-02 19:34 - 2014-10-02 19:34 - 00000000 ____D () C:\Users\Robbie\Desktop\FRST-OlderVersion
2014-10-01 00:03 - 2014-10-01 00:03 - 00007072 ____N () C:\bootsqm.dat
2014-09-29 17:38 - 2014-10-01 12:13 - 00000000 ____D () C:\Users\Robbie\Desktop\GTG
2014-09-29 17:29 - 2014-10-01 17:24 - 00045296 _____ () C:\Users\Robbie\Desktop\ListChkdskResult.txt
2014-09-29 17:28 - 2014-09-29 17:28 - 00000008 __RSH () C:\Users\Robbie\ntuser.pol
2014-09-29 12:29 - 2014-09-29 12:23 - 00197679 _____ () C:\Users\Robbie\Desktop\ListChkdskResult.exe
2014-09-29 12:26 - 2014-09-29 12:26 - 00268776 _____ () C:\Windows\Minidump\092914-48500-01.dmp
2014-09-29 12:15 - 2014-09-29 12:16 - 00274704 _____ () C:\Windows\Minidump\092914-31231-01.dmp
2014-09-29 12:14 - 2014-09-29 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2014-09-29 03:01 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-29 03:01 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-29 03:01 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-29 03:01 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-29 03:01 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-29 03:01 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-29 03:01 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-29 03:01 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-29 03:01 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-29 03:01 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-29 03:01 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-29 03:01 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-29 03:01 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-29 03:01 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-29 03:01 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-29 03:01 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-29 03:01 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-29 03:01 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-29 03:01 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-29 03:01 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-29 03:01 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-29 03:01 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-29 03:01 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-29 03:01 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-29 03:01 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-29 03:01 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-29 03:01 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-29 03:01 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-29 03:01 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-29 03:01 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-29 03:01 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-29 03:01 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-29 03:01 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-29 03:01 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-29 03:01 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-29 03:01 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-29 03:01 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-29 03:01 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-29 03:01 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-29 03:01 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-29 03:01 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-29 03:01 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-29 03:01 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-29 03:01 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-29 03:01 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-29 03:01 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-29 03:01 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-29 03:01 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-29 03:01 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-29 03:01 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-29 03:01 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-29 03:01 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-29 03:01 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-29 03:01 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-29 03:01 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-29 03:01 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-28 18:19 - 2014-09-28 18:20 - 00000000 ____D () C:\0e723be4736bcf5fe0c54585933508
2014-09-28 18:17 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-28 18:17 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-28 18:17 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-28 18:17 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-28 18:17 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-28 18:04 - 2014-09-28 18:04 - 00000000 ____D () C:\c777a11e5b542c0ba41ed365f246a7ea
2014-09-28 17:51 - 2014-09-28 17:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-28 17:47 - 2014-09-28 17:48 - 00274704 _____ () C:\Windows\Minidump\092814-52931-01.dmp
2014-09-28 17:31 - 2014-09-28 17:31 - 00000000 __SHD () C:\found.000
2014-09-22 07:59 - 2014-09-29 12:25 - 160147944 _____ () C:\Windows\MEMORY.DMP
2014-09-22 07:59 - 2014-09-22 07:59 - 00274648 _____ () C:\Windows\Minidump\092214-26036-01.dmp
2014-09-21 21:05 - 2014-10-01 17:22 - 00014992 _____ () C:\Windows\PFRO.log
2014-09-03 11:23 - 2014-09-28 20:14 - 00000010 _____ () C:\Users\Robbie\AppData\Local\sponge.last.runtime.cache
2014-09-03 09:49 - 2014-08-29 02:50 - 00067408 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\kbfilter.sys
2014-09-03 09:49 - 2014-08-29 02:50 - 00067408 _____ (Trend Micro Inc.) C:\kbfilter.sys
2014-09-03 09:49 - 2014-08-29 02:50 - 00007799 _____ () C:\kbfilter.cat
2014-09-03 09:49 - 2014-08-29 02:50 - 00000098 _____ () C:\install.bat
2014-09-03 09:49 - 2014-08-29 02:50 - 00000081 _____ () C:\uninstall.bat
2014-09-03 09:44 - 2014-10-02 19:32 - 00002240 _____ () C:\Windows\setupact.log
2014-09-03 09:44 - 2014-09-03 09:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-03 09:35 - 2014-09-03 09:35 - 00000000 ___HD () C:\TMRescueDisk
2014-09-03 09:34 - 2014-09-21 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro DirectPass
2014-09-03 09:33 - 2014-09-03 09:33 - 00000000 ____D () C:\Users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2014-09-03 09:32 - 2014-10-01 14:59 - 00003812 _____ () C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum
2014-09-03 09:32 - 2013-06-13 01:35 - 00100640 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-09-03 09:32 - 2013-05-15 05:23 - 00303392 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-09-03 09:32 - 2011-08-22 10:33 - 00105744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
2014-09-03 09:30 - 2014-09-03 09:30 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-09-03 09:30 - 2013-12-03 03:57 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-09-03 09:30 - 2013-12-03 03:57 - 00117312 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-09-03 09:30 - 2013-12-03 03:57 - 00085936 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-09-03 09:30 - 2013-07-01 08:08 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2014-09-03 08:52 - 2014-09-03 08:53 - 228713128 _____ (Trend Micro Inc.) C:\Users\Robbie\Downloads\TTi_7.2_MR_Full.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 19:35 - 2013-07-29 21:04 - 00000000 ____D () C:\FRST
2014-10-02 19:32 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 15:01 - 2012-08-01 21:32 - 01871457 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 14:59 - 2010-01-09 17:47 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-10-01 14:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 14:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-29 20:20 - 2012-09-26 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 17:28 - 2012-08-01 22:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-29 17:28 - 2010-01-09 17:19 - 00000000 ____D () C:\Users\Robbie
2014-09-29 12:29 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-29 12:26 - 2014-04-28 15:35 - 00000000 ____D () C:\Windows\Minidump
2014-09-28 21:51 - 2014-08-15 03:51 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForRobbie.job
2014-09-28 20:04 - 2009-07-14 00:13 - 00006434 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-28 18:23 - 2013-07-27 16:24 - 00806528 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-28 18:04 - 2013-08-02 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-28 18:04 - 2010-01-11 14:25 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-22 08:17 - 2014-05-19 00:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 08:04 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-21 20:49 - 2013-04-09 13:14 - 00000000 ____D () C:\Users\Mcx1-HP
2014-09-21 20:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-21 20:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-09-21 20:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-21 20:48 - 2013-09-02 11:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 20:48 - 2012-12-30 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-09-21 20:48 - 2010-08-23 01:49 - 00000000 ____D () C:\Users\Robbie\AppData\Roaming\XnView
2014-09-21 20:48 - 2010-04-11 22:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-09-21 20:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-21 20:44 - 2010-04-11 22:30 - 00000000 ____D () C:\ProgramData\GARMIN
2014-09-03 09:43 - 2013-05-06 22:03 - 00000000 ____D () C:\Users\Robbie\AppData\Local\Trend Micro
2014-09-03 09:34 - 2014-07-01 07:32 - 00000000 ____D () C:\Program Files\Trend Micro
2014-09-03 09:28 - 2012-07-07 10:41 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-09-03 09:11 - 2013-07-27 16:29 - 00000000 ____D () C:\ProgramData\SketchUp
2014-09-03 09:11 - 2013-07-27 16:29 - 00000000 ____D () C:\Program Files (x86)\SketchUp
2014-09-02 14:36 - 2012-02-27 15:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 13:52 - 2010-01-09 18:37 - 00000000 ___RD () C:\Users\Robbie\software

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 23:28

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Robbie at 2014-10-02 19:37:56
Running from C:\Users\Robbie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2570 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
2570_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
2570Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.243 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.243 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.144 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Audacity 1.3.11 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{2492AE96-F681-4922-B5EB-3045B03BEC12}) (Version: 0.8.20 - Kovid Goyal)
Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0702.1239.20840 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help English (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help French (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help German (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0702.1238.20840 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
ccc-utility64 (Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elevated Installer (x32 Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ExpertGPS 4.36 (HKLM-x32\...\ExpertGPS_is1) (Version: 4.36 - TopoGrafix)
Facebook Messenger 2.1.4520.0 (HKLM-x32\...\{52EFF266-98B7-4094-BD24-65490ED8E45D}) (Version: 2.1.4520.0 - Facebook)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{d0fa5283-14fe-4f9e-9716-3343b8925ff6}) (Version: 2.3.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3309 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3309 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.5.1 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LightScribe Applications (HKLM-x32\...\{61F25370-7465-4404-BE28-4629BF808699}) (Version: 1.18.15.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
LightScribe Template Designs - Animal Pack 1 (HKLM-x32\...\{F8C7F1F2-EF8A-4019-89A8-77C5667F75C7}) (Version: 1.17.0.0 - LightScribe)
LightScribe Template Designs - Art Pack 1 (HKLM-x32\...\{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}) (Version: 1.10.16.1 - LightScribe)
LightScribe Template Designs - Athletic Pack 1 (HKLM-x32\...\{1102D7B1-098C-4F48-92F4-DC403E45A527}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Fantasy Pack 1 (HKLM-x32\...\{DE72186D-A4A5-4504-839C-B14FC3432DA1}) (Version: 1.13.0.0 - LightScribe)
LightScribe Template Designs - Grab Bag Pack 1 (HKLM-x32\...\{B5ECA6E5-C943-4A40-936B-8E16D5B233ED}) (Version: 1.17.0.0 - LightScribe)
LightScribe Template Designs - Hobby Pack 1 (HKLM-x32\...\{79D16FEF-F66A-4DF3-AE01-DF0AE3E3BA45}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Music Pack 1 (HKLM-x32\...\{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Mythology Pack 1 (HKLM-x32\...\{18143CE1-430E-4FF3-A44F-811FD2910929}) (Version: 1.15.0.0 - LightScribe)
LightScribe Template Designs - Tattoo Pack 1 (HKLM-x32\...\{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}) (Version: 1.13.0.0 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
Louisiana ci20/10 (HKLM-x32\...\mc73_la) (Version:  - )
LOUISIANA TOPO (HKLM-x32\...\latopo11) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Map Calibrator 2.6 (HKLM-x32\...\Map Calibrator) (Version: 2.6 - Megalith)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1049 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modern Ballistics (HKLM-x32\...\{74FA577B-5B3B-4791-B310-E3E5773C9B5A}) (Version: 1.0.2006.305 - FlashTek)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{26D3E377-1DCA-4043-9410-B4A9BACF1033}) (Version: 7.02.9888 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17800.8.5 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10400.26.0 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.3.4630 - Barnesandnoble.com)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pearson VUE Tutorial and Demo (HKLM-x32\...\{AB693641-099A-478E-844A-643CB05F426B}) (Version: 2.12.5.74 - Pearson VUE)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.5615 - CyberLink Corp.) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM-x32\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version:  - )
Plantronics MyHeadset Updater (x64) (HKLM\...\{0F384994-7E93-45AD-969A-CD648669C18B}) (Version: 2.6.50023.0 - Plantronics, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shooter for Windows (HKLM-x32\...\{3AE8C084-A228-49E2-8D78-AEA88005CD5C}) (Version: 1.20.0000 - D & C Software)
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Studio 10.8 Patch (x32 Version: 10.8.0.4641 - Pinnacle Systems) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trend Micro DirectPass (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.0.1112 - Trend Micro Inc.)
Trend Micro DirectPass (Version: 1.9.0.1044 - Trend Micro Inc.) Hidden
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.2 - Trend Micro Inc.)
Trend Micro Titanium (Version: 7.2 - Trend Micro Inc.) Hidden
Try Corel Snapfire muvee autoProducer add on (x32 Version: 1.00.0000 - Corel Corporation) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 1.60.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 1.60.0000 - Magellan Navigation, Inc.) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.7 Beta - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB  (08/15/2010 2.1.0.2) (HKLM\...\0799181C3332EF8BCBD444BC080F9CA0737F8279) (Version: 08/15/2010 2.1.0.2 - Cambridge Silicon Radio)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)
XnView 1.97.6 (HKLM-x32\...\XnView_is1) (Version: 1.97.6 - Gougelet Pierre-e)
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3378118443-294144380-135819489-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3378118443-294144380-135819489-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-09-2014 08:00:15 Windows Update
05-09-2014 08:00:11 Windows Update
06-09-2014 08:00:11 Windows Update
07-09-2014 08:00:11 Windows Update
08-09-2014 08:00:11 Windows Update
09-09-2014 08:00:10 Windows Update
10-09-2014 08:00:11 Windows Update
12-09-2014 08:00:18 Windows Update
13-09-2014 01:55:23 Garmin Express
13-09-2014 01:55:54 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-09-2014 01:57:40 Garmin Express
21-09-2014 19:51:32 Windows Update
22-09-2014 00:30:19 Windows Update
22-09-2014 12:57:33 Windows Update
22-09-2014 13:13:11 Windows Update
28-09-2014 22:53:22 Windows Update
28-09-2014 23:02:57 Windows Update
28-09-2014 23:17:43 Windows Update
29-09-2014 01:00:44 Windows Update
29-09-2014 08:00:18 Windows Update
30-09-2014 01:21:31 Removed Nero 7 Ultra Edition. Available with Windows Installer version 1.2 and later.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-07-29 21:21 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {136CAD87-E51F-407E-BB1F-38496E01CC3C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3378118443-294144380-135819489-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {18615AB7-506F-4E9E-A067-CA14668C8292} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {20992FD0-EED6-4924-A9EA-4FFA8653AA65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2B8C1DF0-187A-474C-8C05-A6C00EF78EB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {30AEC8A6-73BB-4D87-8576-D3A5496F06BF} - System32\Tasks\HPCeeScheduleForRobbie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {30FD6BC6-66D8-4249-8CA2-62E5A5AA9741} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-28] (Adobe Systems Incorporated)
Task: {3546ADAB-4D2A-4CB8-AB13-8417DF04D559} - System32\Tasks\{DBE80D23-0B61-4154-976A-182E3E686E6B} => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [2014-03-14] (Trend Micro Inc.)
Task: {5D02553B-7C8A-42F8-8FC3-C16B7C3E861C} - System32\Tasks\{59E04425-F287-472C-85EF-E9552EB378BE} => C:\Program Files (x86)\Free YouTube Downloader plus\FreeYouTubeDownloaderPlus.exe
Task: {79DDFE7E-4887-4E8D-9FC6-C8521D503CFA} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {85A6B6A7-EDFC-4E3C-ABCC-8CE0CD22F526} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-HP => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {90D865DA-D1E6-4DA0-8E73-2896E713B0D1} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09] (CyberLink Corp.)
Task: {A943D50D-192A-4291-80B6-1E284D0A5CE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3378118443-294144380-135819489-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B2BD4255-4876-4EA6-8845-7522BC9AC80A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN1C54328S05QB => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {D35ABF7B-9B0C-4025-A8E2-68ACB8BB36CB} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe
Task: {D50BECD0-386F-4B7A-98E7-A162424CE113} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D78D99F4-88EB-407D-BDA1-9EFC0C106875} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D7BED7F0-DAE2-435D-9AB4-169AA53C7BCE} - System32\Tasks\{57AF54A7-6B14-4797-BDDB-37AF01053AF7} => C:\Program Files (x86)\Free YouTube Downloader plus\FreeYouTubeDownloaderPlus.exe
Task: {D97AF0CB-4CEE-4D71-B71C-053707707EAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {F22E5EE3-EC9E-49E8-B068-D950EF339CEF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {FE6417DA-CA3E-4691-8B17-55612D4F328C} - System32\Tasks\{6F64B50F-6077-4527-99B0-ACBE8B423C7C} => C:\Program Files (x86)\Free YouTube Downloader plus\FreeYouTubeDownloaderPlus.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRobbie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-09-03 09:29 - 2013-01-15 21:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-09-03 09:29 - 2013-04-01 23:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-09-03 09:29 - 2013-01-15 21:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-09-03 09:29 - 2012-12-18 15:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-09-03 09:29 - 2013-01-15 21:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2013-10-25 13:12 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2009-07-23 13:37 - 2009-07-23 13:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3378118443-294144380-135819489-500 - Administrator - Disabled)
Guest (S-1-5-21-3378118443-294144380-135819489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3378118443-294144380-135819489-1004 - Limited - Enabled)
Mcx1-HP (S-1-5-21-3378118443-294144380-135819489-1005 - Limited - Enabled) => C:\Users\Mcx1-HP
Robbie (S-1-5-21-3378118443-294144380-135819489-1000 - Administrator - Enabled) => C:\Users\Robbie

==================== Faulty Device Manager Devices =============

Name: Photosmart 6510 series
Description: Photosmart 6510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2014 00:14:59 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131506

Error: (09/29/2014 03:00:46 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Office Access Runtime (English) 2007 - Update 'Microsoft Office 2007 Service Pack 3 (SP3)' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI13f38.LOG.

Error: (09/29/2014 03:00:46 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office Access Runtime (English) 2007 -- Error 2709. An internal error has occurred.  (Global_WebComponents11_Core                  )

Error: (09/28/2014 08:04:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/28/2014 08:04:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (10/02/2014 07:33:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Platinum Host Service service failed to start due to the following error:
%%1053

Error: (10/02/2014 07:33:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Platinum Host Service service to connect.

Error: (10/02/2014 07:32:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:29:45 PM on ‎10/‎2/‎2014 was unexpected.

Error: (10/02/2014 07:27:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Platinum Host Service service failed to start due to the following error:
%%1053

Error: (10/02/2014 07:27:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Platinum Host Service service to connect.

Error: (10/02/2014 07:26:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:25:54 PM on ‎10/‎1/‎2014 was unexpected.

Error: (10/01/2014 05:23:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Platinum Host Service service failed to start due to the following error:
%%1053

Error: (10/01/2014 05:23:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Platinum Host Service service to connect.

Error: (10/01/2014 05:22:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:02:07 PM on ‎10/‎1/‎2014 was unexpected.

Error: (10/01/2014 00:11:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:10:06 PM on ‎10/‎1/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (10/01/2014 00:14:59 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131506
System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (09/29/2014 03:00:46 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft Office Access Runtime (English) 2007Microsoft Office 2007 Service Pack 3 (SP3)1603C:\Windows\TEMP\MSI13f38.LOG(NULL)(NULL)

Error: (09/29/2014 03:00:46 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office Access Runtime (English) 2007 -- Error 2709. An internal error has occurred.  (Global_WebComponents11_Core                  ) (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/28/2014 08:04:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/28/2014 08:04:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2014-09-22 08:04:45.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 08:04:45.563
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-08 12:28:45.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-08 12:28:45.193
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-01 21:43:02.536
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-01 21:43:02.505
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-05-31 09:04:14.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 09:04:14.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 09:04:14.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-31 09:04:11.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Turion™ II Ultra Dual-Core Mobile M600
Percentage of memory in use: 56%
Total physical RAM: 3836.2 MB
Available physical RAM: 1656.07 MB
Total Pagefile: 7670.57 MB
Available Pagefile: 5422.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.13 GB) (Free:36.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.84 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6FE0338E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 960.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#10
BrianDrab
Posted 03 October 2014 - 09:39 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the info, that was helpful. Please do the following.

 

Step#1 - Create Restore Point
1. Please click your start button, right-click on the Computer menu item and select Properties as show below.

ComputerProperties.JPG

 

2. Click on the Advanced system settings link.

AdvancedSystemSettings.JPG

 

3. Click the System Protection tab and then click the Create button.

 

SystemProperties.JPG

 

4. You will be asked to provide a description. Please type G2G and click Create

 

SystemProtection.JPG

 

5. You will get a message telling you when it's complete. Click Close on the message.

6. Next, click on the Advanced tab and click on Settings in the Startup and Recovery section.

AdvancedTab.JPG

 

7. In the System failure section please ensure that the settings match the screen shot below. Note: Please let me know if you needed to make any changes to this screen.

SystemFailure.JPG

 

8. Click OK to exit the screen.
 

 

Step#2 - BSOD Log
1. Double-click on the Bluescreen view folder that is on your desktop.
2. Right-click on BlueScreenView.exe and select Run as administrator. If prompted to Allow, please answer yes.
3. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
4. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt.
5. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.

 

Step#3 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   387bytes   208 downloads

Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#4 - Hard Drive/Memory Diagnostics

1. Shut down your computer. Please read bullet#2. You will need to do that when you power on the machine. Go ahead and power on the machine.

2. Access the Setup Utility by pressing F10 on the keyboard when you see "Press the ESC Key for Startup Menu" in the lower left corner of the screen.

3. Select the diagnostics menu and choose Hard Disk Self Test. This will run a comprehensive test on the hard drive. Let me know the results. If there are any error codes, please document them.

4. Once the hard drive test is complete, please select the Memory Test option. Let me know the results.

 

  

 

Items for your next post

1. BSOD log

2. FRST Fix Log

3. Results of the Hard Drive and Memory tests


Edited by BrianDrab, 03 October 2014 - 09:41 AM.

  • 0

Advertisements

#11
hrsepwrbrat
Posted 03 October 2014 - 06:50 PM

hrsepwrbrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Takes a bit to get things going! Several freezes and restarts.

 

==================================================
Dump File         : 092914-48500-01.dmp
Crash Time        : 9/29/2014 12:25:22 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ataport.SYS
Caused By Address : ataport.SYS+15594
File Description  : ATAPI Driver Extension
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor         : x64
Crash Address     : ntoskrnl.exe+75b90
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\092914-48500-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 268,776
Dump File Time    : 9/29/2014 12:26:33 PM
==================================================

==================================================
Dump File         : 092914-31231-01.dmp
Crash Time        : 9/29/2014 12:14:47 PM
Bug Check String  : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code    : 0x0000007f
Parameter 1       : 00000000`00000008
Parameter 2       : 00000000`80050033
Parameter 3       : 00000000`000006f8
Parameter 4       : fffff800`034d7e2c
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\092914-31231-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274,704
Dump File Time    : 9/29/2014 12:16:01 PM
==================================================

==================================================
Dump File         : 092814-52931-01.dmp
Crash Time        : 9/28/2014 5:45:34 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : ffffffff`ffffff83
Parameter 2       : 00000000`0000000b
Parameter 3       : 00000000`00000001
Parameter 4       : fffff880`0471f850
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+27f850
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : ATI Technologies Inc.
File Version      : 8.01.01.921
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\092814-52931-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274,704
Dump File Time    : 9/28/2014 5:48:06 PM
==================================================

==================================================
Dump File         : 092214-26036-01.dmp
Crash Time        : 9/22/2014 7:58:53 AM
Bug Check String  : MEMORY_MANAGEMENT
Bug Check Code    : 0x0000001a
Parameter 1       : 00000000`00041201
Parameter 2       : fffff680`000012d8
Parameter 3       : e0500000`6d924847
Parameter 4       : fffffa80`05a78540
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\092214-26036-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274,648
Dump File Time    : 9/22/2014 7:59:54 AM
==================================================
 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Robbie at 2014-10-03 17:41:27 Run:2
Running from C:\Users\Robbie\Desktop
Loaded Profile: Robbie (Available profiles: Robbie & Mcx1-HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
U2 TMAgent; No ImagePath
cmd: netsh winsock reset
reboot:


*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
TMAgent => Service deleted successfully.

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====

 

 

 

Hard Disk Test Passed

 

Memory Test Passed


  • 0

#12
BrianDrab
Posted 04 October 2014 - 05:47 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I would like to see if the symptoms you have, present themselves when you are running in Safe Mode With Networking. Please boot your computer...tap F8 to bring up the advanced boot menu and select Safe Mode With Networking.

 

Let me know if you have the same or different symptoms when running like this.

 

Thank you.


  • 0

#13
hrsepwrbrat
Posted 04 October 2014 - 09:11 PM

hrsepwrbrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

After sitting there doing nothing for a few hours, it hadn't locked up in safe mode with networking. When I tried surfing to a few websites, Firefox had an error and closed, then it locked up shortly after. After restarting, again in safe mode with networking, I navigated to the site again and IE had an error. Froze again, so I think it's safe to say that the thing is still unhappy!


  • 0

#14
BrianDrab
Posted 05 October 2014 - 03:29 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, please run the following virus/MBR Rootkit scan. If it doesn't work in normal mode, please try it in Safe Mode With Networking. Just let me know which mode worked.

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

5. Please change the AV Scan drop down from Quick Scan to C:\ as shown below.

     FullScan.JPG
6. Click the "Scan" button to start scan. This scan can take awhile.
7. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 


  • 0

#15
hrsepwrbrat
Posted 05 October 2014 - 03:17 PM

hrsepwrbrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

I have begun the scan several times. In normal mode, I can't get it to stay functioning long enough to start the scan. In Safe Mode with Networking, I have tried about 3 times and it freezes before it's finished. Same with Safe Mode. I've probably started the scan 6 or 7 times. It's scanning again right now in Safe Mode, but I'm afraid it's locked up again. The cap lock and number lock lights aren't flashing, but the time is stuck at 4:07 and the mouse won't move. It's 4:17 now.

 

So, I'll continue trying!


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP