Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus or Malware Infested [Solved]

Started by JohnGo , Nov 02 2014 11:54 PM

This topic is locked

#1
JohnGo

Posted 02 November 2014 - 11:54 PM

Member

Member
339 posts

Puget Systems Custom Build 8gb ram, 750 gb hdd, Win 7

Hello, I need help to clear up my computer from a virus that is causing my computer to be very sluggish. Most times it may or may not go on internet, and can open very few websites.

I downloaded and ran MalwareBytes and it quaranteened 3 serious threats and 8 that weren't serious. After that the computer does better except that a popup as attached below is continuously popping up and down in the lower right corner of the screen. The popups don't have the same message. Also, the computer is randomly changing the file download checkbox (under Security tab) from "enable" to "disable" and I have to manually change it back to enable. I will attach 2 examples of the popups below as well as the OTL log.

Thanks for your help.

OTL Extras logfile created on: 11/2/2014 10:51:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17116)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.69 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 74.94% Memory free
15.37 Gb Paging File | 13.21 Gb Available in Paging File | 85.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 357.78 Gb Free Space | 76.83% Space Free | Partition Type: NTFS

Computer Name: PUGET-114848 | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061696B8-B0EA-4DEF-91C3-072E146DF81C}" = rport=138 | protocol=17 | dir=out | app=system |
"{149C6822-45BB-4F2D-BB3E-15E01045E350}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E5D7C28-4011-40DB-8C26-6F97A9CF6A24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42CC7F52-6F44-4A39-B7D6-8AC7D2C4EB33}" = lport=138 | protocol=17 | dir=in | app=system |
"{43061711-B3AC-4BD7-BA16-87A4CA86CAD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44B250A9-90AA-43E7-B573-7870A66CC6BA}" = rport=137 | protocol=17 | dir=out | app=system |
"{568E747E-255B-405A-B5BB-A1FFE73CA4FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6793D71E-B88A-41A3-9984-A1DA6841A6E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{7387C159-DDBA-454B-A4DC-2DEB18AE1BBE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{81DEB854-E665-42C8-91B4-1C39E2F92248}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{843F1863-04FA-4458-9E2E-714187772623}" = rport=139 | protocol=6 | dir=out | app=system |
"{86D4F471-2F4A-456D-A523-304510C4F9F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{89ED216E-9D23-49A2-9FCA-E997943E5C3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9F110E14-9ADC-47EA-8D02-2F4AC9485526}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3E15E1C-54A9-4CC8-B69B-76741720E62D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BC18E899-2DB7-4D3F-B24C-03E0834FD7AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CD45B83D-F393-4289-BFBF-9E39741C8387}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD72A73D-6E85-4494-BF82-E6D240AAF799}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6AE900E-4548-43AC-B36A-55CE8BA5E418}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D85B472E-9C86-4113-9C04-0F0BB0283B16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB703FC8-3A11-4CAE-916A-2576708A35BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F7019642-BAAB-4B54-B2A0-8199F92F91F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{F99BFC15-6E3E-46DC-8095-8C2A9CE6C294}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BFC799-D34C-4C02-8A4D-EB9744C3913A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08C52619-CB3E-423A-9957-A2C3CE2B8C9C}" = protocol=1 | dir=out | [email protected],-28544 |
"{0CFD91DC-00DE-40AD-A708-7DF678260FA6}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe |
"{118D4CF6-9E3D-4492-A3C3-21C4C6E491A7}" = protocol=58 | dir=out | [email protected],-28546 |
"{1D345536-5991-4455-82E2-7445172B0A25}" = protocol=1 | dir=in | [email protected],-28543 |
"{234AE524-22F4-4F71-AF88-D23A5573B145}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B632604-FE77-4DFF-98AD-DBE88C3E1FB3}" = protocol=58 | dir=in | [email protected],-28545 |
"{4C63FDBA-7446-4F1E-8555-ECACAF9AE354}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe |
"{50E27B0E-56ED-41FB-A177-70869D45E596}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6452FEC2-C7BA-42D0-867D-85A6DCF7AC44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{859BAD03-AE36-4198-A96C-33D1EA50A97B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87BE8914-E286-45C9-BBF3-1BD05C7F212A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5C66C64-94B6-432A-8ABC-1F3E767E140F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6BF9137-9730-4D3E-BF79-68A7FFE7CF16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A7889278-0FB4-445B-830C-D85280FDA317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF9C3C34-C231-4284-ACC8-460AF09FA4E4}" = protocol=6 | dir=out | app=system |
"{DAD13291-F968-4467-9FCA-C35BC36E37DA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4540057-4DA8-4F80-919F-D6DA113F6A5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4898FA6-2E57-4B84-B725-C0B6BB59265C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F128B6BF-BDE2-4CBA-837E-C5E0047EDF62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5A231DC-1343-4419-8C52-AAE32AA1C5AC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{44948B6E-F88B-4A5C-9E54-E05CBC81DAC7}" = Intel® Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{C0CA6788-386E-4BE1-B214-629E746A5302}" = HP Officejet 6700 Basic Device Software
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}" = HP Officejet 6700 Help
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{968CB479-6163-415F-A9D3-4489BF07DAFF}" = Sonic Foundry Sound Forge 6.0b
"{A7401380-F015-475B-A5AA-7AE1F23B3DB3}" = Sony Vegas 5.0b
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Belarc Advisor" = Belarc Advisor 8.4
"Corel Applications" = Corel Applications
"FileZilla Client" = FileZilla Client 3.9.0.6
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"MVApplication1" = Memorex exPressit Label Design Studio

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2014 12:13:10 PM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2014 12:55:28 AM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2014 12:58:18 AM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2014 3:17:46 PM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/13/2014 5:28:04 AM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/14/2014 3:39:51 PM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2014 1:42:17 AM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2014 8:27:50 AM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2014 2:56:55 PM | Computer Name = Puget-114848 | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17116,
time stamp: 0x541ccf72 Faulting module name: MSHTML.dll, version: 10.0.9200.17116,
time stamp: 0x541ce30c Exception code: 0xc0000005 Fault offset: 0x0066757b Faulting
process id: 0xc50 Faulting application start time: 0x01cfe877421ba038 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 07c88d7c-549d-11e4-913c-74d02b90190f

Error - 10/16/2014 9:20:20 AM | Computer Name = Puget-114848 | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 2/15/2014 10:44:02 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 8:44:02 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 3/25/2014 1:05:01 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 12:05:01 AM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 3/25/2014 1:05:01 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 12:05:01 AM - Failed to retrieve NetTV (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 3/25/2014 1:05:02 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 12:05:01 AM - Failed to retrieve MCESpotlight (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 3/25/2014 1:05:02 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 12:05:02 AM - Failed to retrieve MCEClientUX (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 3/25/2014 1:05:02 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 12:05:02 AM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 3/25/2014 1:05:02 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 12:05:02 AM - Failed to retrieve SportsV2 (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 3/25/2014 1:05:04 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 12:05:02 AM - Failed to retrieve Broadband (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 7/26/2014 11:23:04 PM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 10:23:04 PM - Error connecting to the internet. 10:23:04 PM -     Unable
to contact server..

Error - 8/8/2014 10:30:36 AM | Computer Name = Puget-114848 | Source = MCUpdate | ID = 0
Description = 9:30:36 AM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

[ System Events ]
Error - 11/2/2014 9:19:40 PM | Computer Name = Puget-114848 | Source = DCOM | ID = 10016
Description =

Error - 11/2/2014 10:22:14 PM | Computer Name = Puget-114848 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/2/2014 10:22:15 PM | Computer Name = Puget-114848 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/2/2014 10:22:17 PM | Computer Name = Puget-114848 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/2/2014 10:22:18 PM | Computer Name = Puget-114848 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/2/2014 10:22:19 PM | Computer Name = Puget-114848 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/2/2014 10:22:45 PM | Computer Name = Puget-114848 | Source = DCOM | ID = 10010
Description =

Error - 11/3/2014 12:24:29 AM | Computer Name = Puget-114848 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/3/2014 12:25:15 AM | Computer Name = Puget-114848 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   crlscsi

Error - 11/3/2014 12:26:23 AM | Computer Name = Puget-114848 | Source = DCOM | ID = 10010
Description =

< End of report >

Attached Thumbnails

#2
Essexboy

Posted 06 November 2014 - 11:27 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi could I have a fresh look please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#3
JohnGo

Posted 06 November 2014 - 04:40 PM

Member

Topic Starter
Member
339 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by John (administrator) on PUGET-114848 on 06-11-2014 16:27:50
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\igfxTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Farbar) C:\Users\John\Desktop\FarberRecoveryST64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-07-02] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [453448 2014-08-13] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [681256 2007-10-26] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [122880 2007-09-29] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1556106548-3433279612-2776821766-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1556106548-3433279612-2776821766-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA99A369063A5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope {4295C6CF-CF06-483A-A84F-5E37DB3BDA55} URL =
SearchScopes: HKCU - DefaultScope {4295C6CF-CF06-483A-A84F-5E37DB3BDA55} URL = http://search.condui...7692234811&UM=2
SearchScopes: HKCU - {4295C6CF-CF06-483A-A84F-5E37DB3BDA55} URL = http://search.condui...7692234811&UM=2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-05-28] ()
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-07-02] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2007-10-26] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [375280 2007-10-26] (CyberLink Corporation.)
S1 crlscsi; C:\Windows\SysWow64\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 cpuz135; \??\C:\Users\John\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\John\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\John\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 16:27 - 2014-11-06 16:28 - 00013137 _____ () C:\Users\John\Desktop\FRST.txt
2014-11-06 16:26 - 2014-11-06 16:27 - 00000000 ____D () C:\FRST
2014-11-06 16:24 - 2014-11-06 16:24 - 02114560 _____ (Farbar) C:\Users\John\Desktop\FarberRecoveryST64.exe
2014-11-06 05:53 - 2014-11-06 05:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\42416C51.sys
2014-11-04 18:59 - 2014-11-04 18:59 - 00008500 _____ () C:\Users\John\Documents\cc_20141104_185858.reg
2014-11-04 18:37 - 2014-11-04 18:37 - 00004042 _____ () C:\Windows\System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC}
2014-11-04 18:37 - 2014-11-04 18:37 - 00000000 _____ () C:\Users\John\AppData\Roaming\qzimk.dll
2014-11-02 22:58 - 2014-11-02 22:58 - 00067618 _____ () C:\Users\John\Desktop\OTL.Txt
2014-11-02 22:58 - 2014-11-02 22:58 - 00042876 _____ () C:\Users\John\Desktop\Extras.Txt
2014-11-02 22:46 - 2014-11-02 22:46 - 00602112 _____ (OldTimer Tools) C:\Users\John\Desktop\OTL.exe
2014-11-02 19:19 - 2014-11-02 19:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58331D32.sys
2014-11-01 20:59 - 2014-11-06 16:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 20:59 - 2014-11-01 20:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-01 20:59 - 2014-11-01 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-01 20:59 - 2014-11-01 20:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-01 20:59 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 20:59 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-01 20:59 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-01 18:26 - 2014-11-01 20:33 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-31 22:03 - 2014-11-01 21:18 - 00000000 ____D () C:\Users\John\AppData\Roaming\FrameworkUpdate7
2014-10-31 22:03 - 2014-11-01 20:32 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-31 22:03 - 2014-10-31 22:03 - 00000448 ____H () C:\Users\John\AppData\Roaming\麽鎒駓覜
2014-10-31 22:03 - 2014-10-31 22:03 - 00000000 ___HD () C:\17a1a5e
2014-10-31 22:03 - 2014-10-31 22:03 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-23 21:05 - 2014-10-23 21:05 - 00002136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-10-23 21:05 - 2014-10-23 21:05 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-10-23 21:05 - 2014-10-23 21:05 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-10-20 07:58 - 2014-10-20 07:58 - 06126536 _____ (Tim Kosse) C:\Users\John\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-10-15 07:58 - 2014-10-15 08:00 - 00000000 ____D () C:\Users\John\Documents\Anns Flash
2014-10-14 13:49 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 13:49 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 13:49 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 13:49 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 13:49 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 13:49 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 13:49 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 13:48 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 13:48 - 2014-09-19 23:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 13:48 - 2014-09-19 23:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 13:48 - 2014-09-19 23:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 13:48 - 2014-09-19 23:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 13:48 - 2014-09-19 23:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 13:48 - 2014-09-19 23:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 13:48 - 2014-09-19 21:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 13:48 - 2014-09-19 21:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 13:48 - 2014-09-19 21:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 13:48 - 2014-09-19 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 13:48 - 2014-09-19 21:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 13:48 - 2014-09-19 20:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-14 13:48 - 2014-09-19 20:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-14 13:48 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 13:48 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 13:48 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 13:48 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 13:48 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 13:48 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 13:48 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 13:48 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 13:48 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 13:48 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 13:48 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 13:48 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 13:48 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 13:48 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 13:48 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 13:48 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 13:48 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 13:48 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 13:48 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 13:48 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 13:48 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 13:48 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 13:48 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 13:48 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 13:48 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 13:48 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 13:48 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 13:48 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 13:48 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 13:48 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 13:48 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 13:48 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 13:48 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 13:48 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 13:48 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 13:48 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 13:48 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 13:48 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 13:48 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 13:48 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 13:48 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 13:48 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 13:48 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 13:47 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 13:47 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 13:47 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 13:47 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 13:46 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 13:46 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-13 10:03 - 2014-10-13 10:03 - 00191025 _____ () C:\Users\John\Documents\mvstcdxx.lst

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 16:27 - 2013-10-23 19:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 15:58 - 2013-08-30 02:50 - 01973804 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 15:58 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 15:58 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 15:56 - 2009-07-13 23:13 - 00798050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 15:52 - 2013-10-23 19:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 15:52 - 2013-09-03 15:49 - 00071801 _____ () C:\Windows\setupact.log
2014-11-06 15:52 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 20:31 - 2014-08-28 20:11 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-11-05 20:06 - 2013-09-13 19:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-05 20:06 - 2013-09-13 19:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-03 23:03 - 2013-09-18 05:46 - 00001149 _____ () C:\Users\John\Desktop\CyberLink Power2Go.lnk
2014-11-03 18:56 - 2014-03-01 19:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate
2014-11-02 21:47 - 2013-09-13 21:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\FileZilla
2014-11-02 19:18 - 2013-09-13 21:45 - 00014888 _____ () C:\Windows\PFRO.log
2014-11-01 21:18 - 2013-08-31 03:35 - 00000000 ____D () C:\Windows\Panther
2014-11-01 21:17 - 2013-09-13 21:17 - 00000000 ____D () C:\ProgramData\Conduit
2014-11-01 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 05:25 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 07:22 - 2013-10-23 19:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 07:22 - 2013-10-23 19:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 07:59 - 2013-09-13 21:57 - 00002004 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-10-20 07:59 - 2013-09-13 21:57 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-15 10:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-14 23:38 - 2013-09-03 15:49 - 00474384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 18:43 - 2013-09-20 11:22 - 00000000 ____D () C:\Users\John\Documents\OMZ CHURCH STUFF 2
2014-10-14 13:52 - 2013-08-30 15:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 13:50 - 2013-08-30 15:26 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 13:42 - 2014-02-12 11:14 - 00261632 ___SH () C:\Users\John\Documents\Thumbs.db
2014-10-13 03:26 - 2009-07-13 23:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-11 21:19 - 2013-09-23 22:53 - 00000000 ____D () C:\Users\John\Documents\My Audio

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 20:27

==================== End Of Log ===============

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by John at 2014-11-06 16:28:11
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.3426 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1007 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1005 - CyberLink Corp.)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.0.1036 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version: - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Sonic Foundry Sound Forge 6.0b (HKLM-x32\...\{968CB479-6163-415F-A9D3-4489BF07DAFF}) (Version: 6.0.185 - Sonic Foundry)
Sony Vegas 5.0b (HKLM-x32\...\{A7401380-F015-475B-A5AA-7AE1F23B3DB3}) (Version: 5.0.160 - Sony)
Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1556106548-3433279612-2776821766-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1556106548-3433279612-2776821766-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points =========================

02-11-2014 00:36:30 Windows Update
06-11-2014 02:06:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {114C178E-C681-4DB2-91F5-7C664EAE7E4B} - System32\Tasks\{95406AD9-222A-4061-A8DE-6CBD83027D10} => C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe [2007-10-05] (CyberLink Corp.)
Task: {5E7F84C3-279C-4C04-860E-6E0BC9BD485F} - System32\Tasks\{8F93FAB9-9E40-4988-BDEA-F1131F54E252} => D:\Crack for All Sonic Foundry Programs\kgsonyall.exe
Task: {636443E8-69FE-4510-ABC1-0FFA8DB94A13} - System32\Tasks\{DD5CB04C-7BD4-4974-9559-01D82C09E4AB} => C:\Program Files (x86)\Sony\Vegas 5.0\vegas50.exe [2004-06-21] (Sony Pictures Digital Inc.)
Task: {8A71CF02-0D2B-48C7-8091-A350B389A725} - System32\Tasks\{89825CEB-1925-4F70-9333-47EF0AA82989} => D:\Crack for All Sonic Foundry Programs\kgsonyall.exe
Task: {9DD9ED57-4F24-4478-87DE-E8FCAB25D59A} - System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC} => C:\Users\John\AppData\Roaming\bfhtni.dll/s "C:\Users\John\AppData\Roaming\bfhtni.dll" <==== ATTENTION
Task: {BBD1BE0C-C1C6-4330-A4E8-F94433F5DFD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {BD480371-BA53-4E28-BC50-8B9C9BD081A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {DC9DEDDA-FE3B-4F07-9224-6C3197BF3263} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E8BCD90D-008D-48F6-ACA8-C8CAC0484DD7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-01 13:29 - 2014-05-01 13:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-28 00:54 - 2014-05-28 00:47 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2013-11-04 15:52 - 2014-08-13 23:24 - 00453448 _____ () C:\Windows\System32\igfxTray.exe
2013-09-03 15:41 - 2013-08-19 15:25 - 00313391 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe
2014-05-29 14:26 - 2014-11-06 15:52 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-05-28 00:54 - 2012-05-07 10:04 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-09-14 21:48 - 2007-04-10 14:01 - 08357424 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2007-09-28 12:08 - 2007-09-28 12:08 - 00630784 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2007-09-26 16:14 - 2007-09-26 16:14 - 00007680 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-08-30 14:02 - 2013-03-12 14:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-16 03:15 - 2014-10-16 03:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 10:41 - 2014-05-24 10:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 10:41 - 2014-05-24 10:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1556106548-3433279612-2776821766-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1556106548-3433279612-2776821766-1004 - Limited - Enabled)
Guest (S-1-5-21-1556106548-3433279612-2776821766-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1556106548-3433279612-2776821766-1002 - Limited - Enabled)
John (S-1-5-21-1556106548-3433279612-2776821766-1000 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 03:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 05:54:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 07:57:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 08:25:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 07:51:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DllHost.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13dc

Start Time: 01cff7d196ae7de5

Termination Time: 7

Application Path: C:\Windows\system32\DllHost.exe

Report Id: 187caff1-63c5-11e4-9e0c-74d02b90190f

Error: (11/03/2014 06:49:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:25:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 10:26:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:20:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:19:40 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

System errors:
=============
Error: (11/06/2014 03:53:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 03:52:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
crlscsi

Error: (11/06/2014 03:52:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/06/2014 05:53:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 05:52:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
crlscsi

Error: (11/06/2014 05:52:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/05/2014 10:32:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/05/2014 10:32:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/05/2014 07:56:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (11/06/2014 03:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 07:51:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DllHost.exe6.1.7600.1638513dc01cff7d196ae7de57C:\Windows\system32\DllHost.exe187caff1-63c5-11e4-9e0c-74d02b90190f

Error: (11/02/2014 07:19:40 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

CodeIntegrity Errors:
===================================
Date: 2013-09-23 15:14:30.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 17:37:44.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 15:26:57.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 15:12:37.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 14:57:30.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 11:30:12.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 11:18:55.256
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-19 16:17:03.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-19 14:19:51.085
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-19 13:58:03.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 32%
Total physical RAM: 7872.04 MB
Available physical RAM: 5341.04 MB
Total Pagefile: 15742.27 MB
Available Pagefile: 13025.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:364.04 GB) NTFS

==================== MBR & Partition Table

#4
Essexboy

Posted 07 November 2014 - 06:39 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi you have the Poweliks infection, ESET has released an automatic removal tool. If you are happy I would like to try it out on your system as you have the run variant. After that I will remove the trigger files with FRST so that it does not respawn

First though

Follow these steps to display hidden files and folders.

◾Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
◾Click the View tab.
◾Under Advanced settings, click Show hidden files and folders, and then click OK.

Then navigate to this location and delete the following file/folder :

C:\Users\John\AppData\Roaming\麽鎒駓覜

OK TO WORK

1. Please download ESET Poweliks cleaner to your desktop

2. When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.

3. Read the terms of the End-user license agreement and click Agree if you agree to them.

4. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

5. Once the tool has run reboot the computer

6. A report will be located on your desktop (ESET Powliks date_time) please post that.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

2014-11-04 18:37 - 2014-11-04 18:37 - 00004042 _____ () C:\Windows\System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC}
2014-11-04 18:37 - 2014-11-04 18:37 - 00000000 _____ () C:\Users\John\AppData\Roaming\qzimk.dll
2014-11-01 18:26 - 2014-11-01 20:33 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-31 22:03 - 2014-11-01 20:32 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-31 22:03 - 2014-10-31 22:03 - 00000000 ___HD () C:\17a1a5e
2014-11-01 21:18 - 2013-08-31 03:35 - 00000000 ____D () C:\Windows\Panther
2014-11-01 21:17 - 2013-09-13 21:17 - 00000000 ____D () C:\ProgramData\Conduit
2014-11-01 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
Now run a fresh FRST scan so that I can confirm the ESET tool worked properly

#5
JohnGo

Posted 07 November 2014 - 07:43 AM

Member

Topic Starter
Member
339 posts

WhenI click the desktop icon the "open file" box pops up and wants me to choose one of 10 programs to open the file.

Attached Thumbnails

#6
JohnGo

Posted 07 November 2014 - 08:06 AM

Member

Topic Starter
Member
339 posts

Also, in the location C\Users\John\AppData\Roaming\XXXX, the only thing I deleted was \XXXX. Is that correct?

#7
Essexboy

Posted 07 November 2014 - 08:20 AM

GeekU Moderator

Retired Staff
69,964 posts

That is correct yes

If this is the ESET programme that you are having problems with try the following :

Press the windows and R key together and a run dialogue will open
Select Browse
Select Desktop on the left
Click on the ESET programme and then click OK
Let me know if that works, if not we can try something else

#8
JohnGo

Posted 07 November 2014 - 09:48 AM

Member

Topic Starter
Member
339 posts

Hi you have the Poweliks infection, ESET has released an automatic removal tool. If you are happy I would like to try it out on your system as you have the run variant. After that I will remove the trigger files with FRST so that it does not respawn

First though

Follow these steps to display hidden files and folders.

◾Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
◾Click the View tab.
◾Under Advanced settings, click Show hidden files and folders, and then click OK.

Then navigate to this location and delete the following file/folder :

C:\Users\John\AppData\Roaming\麽鎒駓覜

OK TO WORK

1. Please download ESET Poweliks cleaner to your desktop

2. When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.

3. Read the terms of the End-user license agreement and click Agree if you agree to them.

4. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

5. Once the tool has run reboot the computer

6. A report will be located on your desktop (ESET Powliks date_time) please post that.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

2014-11-04 18:37 - 2014-11-04 18:37 - 00004042 _____ () C:\Windows\System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC}
2014-11-04 18:37 - 2014-11-04 18:37 - 00000000 _____ () C:\Users\John\AppData\Roaming\qzimk.dll
2014-11-01 18:26 - 2014-11-01 20:33 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-31 22:03 - 2014-11-01 20:32 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-31 22:03 - 2014-10-31 22:03 - 00000000 ___HD () C:\17a1a5e
2014-11-01 21:18 - 2013-08-31 03:35 - 00000000 ____D () C:\Windows\Panther
2014-11-01 21:17 - 2013-09-13 21:17 - 00000000 ____D () C:\ProgramData\Conduit
2014-11-01 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
Now run a fresh FRST scan so that I can confirm the ESET tool worked properly

[2014.11.07 08:51:23.998] - Begin
[2014.11.07 08:51:23.998] -
[2014.11.07 08:51:23.998] -     ....................................
[2014.11.07 08:51:23.998] -   ..::::::::::::::::::....................
[2014.11.07 08:51:23.998] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.07 08:51:23.998] - .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.07 08:51:23.998] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.07 08:51:23.998] - .::EE:::::::::::::SS:.EE..........TT......
[2014.11.07 08:51:23.998] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.07 08:51:23.998] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.07 08:51:23.998] -     ....................................
[2014.11.07 08:51:23.998] -
[2014.11.07 08:51:23.998] - --------------------------------------------------------------------------------
[2014.11.07 08:51:23.998] -
[2014.11.07 08:51:23.998] - INFO: OS: 6.1.7601 SP1
[2014.11.07 08:51:23.998] - INFO: Product Type: Workstation
[2014.11.07 08:51:23.998] - INFO: WoW64: True
[2014.11.07 08:51:23.998] - INFO: Machine guid: A942725D-9634-4726-A35F-AFD28F83748E
[2014.11.07 08:51:23.998] -
[2014.11.07 08:51:31.355] - INFO: Scanning for system infection...
[2014.11.07 08:51:31.355] - --------------------------------------------------------------------------------
[2014.11.07 08:51:31.355] -
[2014.11.07 08:51:31.355] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 08:51:31.355] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 08:51:31.355] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 08:51:31.355] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 08:51:31.355] - INFO: Processing classes...
[2014.11.07 08:51:31.355] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}]
[2014.11.07 08:51:31.355] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}]
[2014.11.07 08:51:31.355] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.07 08:51:31.355] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.07 08:51:31.355] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 08:51:31.355] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 08:51:31.355] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 08:51:31.355] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 08:51:31.355] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 08:51:31.355] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 08:51:31.355] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 08:51:31.355] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 08:51:31.355] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 08:51:31.355] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.07 08:51:31.365] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 08:51:31.365] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 08:51:31.365] - INFO: Win32/Poweliks found
[2014.11.07 08:52:51.118] - INFO: process: dllhost.exe, pid 4136, parent 3912
[2014.11.07 08:52:51.128] - INFO: Terminated process pid = 4136
[2014.11.07 08:52:51.128] - INFO: process: dllhost.exe, pid 4188, parent 4136
[2014.11.07 08:52:51.128] - INFO: Terminated process pid = 4188
[2014.11.07 08:52:51.128] - INFO: process: dllhost.exe, pid 776, parent 4188
[2014.11.07 08:52:51.128] - INFO: Terminated process pid = 776
[2014.11.07 08:52:51.128] - INFO: process: dllhost.exe, pid 7972, parent 4188
[2014.11.07 08:52:51.128] - INFO: Terminated process pid = 7972
[2014.11.07 08:52:51.128] - INFO: process: dllhost.exe, pid 8724, parent 4188
[2014.11.07 08:52:51.128] - INFO: Terminated process pid = 8724
[2014.11.07 08:52:51.128] - INFO: process: dllhost.exe, pid 8748, parent 4188
[2014.11.07 08:52:51.128] - INFO: Terminated process pid = 8748
[2014.11.07 08:52:51.138] - INFO: process: dllhost.exe, pid 5656, parent 4188
[2014.11.07 08:52:51.138] - INFO: Terminated process pid = 5656
[2014.11.07 08:52:51.138] - INFO: process: dllhost.exe, pid 8992, parent 4188
[2014.11.07 08:52:51.138] - INFO: Terminated process pid = 8992
[2014.11.07 08:52:51.138] - INFO: process: dllhost.exe, pid 5428, parent 4188
[2014.11.07 08:52:51.138] - INFO: Terminated process pid = 5428
[2014.11.07 08:52:51.138] - INFO: process: dllhost.exe, pid 7104, parent 4188
[2014.11.07 08:52:51.138] - INFO: Terminated process pid = 7104
[2014.11.07 08:52:51.138] - INFO: process: dllhost.exe, pid 8508, parent 4188
[2014.11.07 08:52:51.138] - INFO: Terminated process pid = 8508
[2014.11.07 08:52:51.138] - INFO: process: dllhost.exe, pid 3248, parent 4188
[2014.11.07 08:52:51.138] - INFO: Terminated process pid = 3248
[2014.11.07 08:52:51.138] - INFO: process: dllhost.exe, pid 4224, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 4224
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 6772, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 6772
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 7308, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 7308
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 6928, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 6928
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 6080, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 6080
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 6464, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 6464
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 3688, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 3688
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 952, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 952
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 6716, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 6716
[2014.11.07 08:52:51.148] - INFO: process: dllhost.exe, pid 7188, parent 4188
[2014.11.07 08:52:51.148] - INFO: Terminated process pid = 7188
[2014.11.07 08:52:51.148] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 08:52:51.148] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 08:52:51.148] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 08:52:51.148] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 08:52:51.148] - INFO: Processing classes...
[2014.11.07 08:52:51.148] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}]
[2014.11.07 08:52:51.148] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}]
[2014.11.07 08:52:51.148] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.07 08:52:51.148] - INFO: Deleted classid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.07 08:52:51.148] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 08:52:51.148] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 08:52:51.148] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 08:52:51.148] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 08:52:51.148] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 08:52:51.148] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 08:52:51.148] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 08:52:51.148] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 08:52:51.148] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 08:52:51.148] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.07 08:52:51.148] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 08:52:51.148] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 08:52:51.148] - INFO: Cleaning status: 0
[2014.11.07 09:39:08.272] - End

#9
Essexboy

Posted 07 November 2014 - 09:56 AM

GeekU Moderator

Retired Staff
69,964 posts

Once the FRST fix has run could I have a fresh FRST scan please

#10
JohnGo

Posted 07 November 2014 - 01:45 PM

Member

Topic Starter
Member
339 posts

.07 13:43:51.649] - Begin
[2014.11.07 13:43:51.649] -
[2014.11.07 13:43:51.649] -     ....................................
[2014.11.07 13:43:51.649] -   ..::::::::::::::::::....................
[2014.11.07 13:43:51.649] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.07 13:43:51.649] - .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.07 13:43:51.649] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.07 13:43:51.649] - .::EE:::::::::::::SS:.EE..........TT......
[2014.11.07 13:43:51.649] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.07 13:43:51.649] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.07 13:43:51.649] -     ....................................
[2014.11.07 13:43:51.649] -
[2014.11.07 13:43:51.649] - --------------------------------------------------------------------------------
[2014.11.07 13:43:51.649] -
[2014.11.07 13:43:51.649] - INFO: OS: 6.1.7601 SP1
[2014.11.07 13:43:51.649] - INFO: Product Type: Workstation
[2014.11.07 13:43:51.649] - INFO: WoW64: True
[2014.11.07 13:43:51.649] - INFO: Machine guid: A942725D-9634-4726-A35F-AFD28F83748E
[2014.11.07 13:43:51.649] -
[2014.11.07 13:43:51.649] - INFO: Scanning for system infection...
[2014.11.07 13:43:51.649] - --------------------------------------------------------------------------------
[2014.11.07 13:43:51.649] -
[2014.11.07 13:43:51.649] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 13:43:51.649] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 13:43:51.659] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 13:43:51.659] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 13:43:51.659] - INFO: Processing classes...
[2014.11.07 13:43:51.659] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}]
[2014.11.07 13:43:51.659] - INFO: Processing clsid [\Registry\User\S-1-5-21-1556106548-3433279612-2776821766-1000\SOFTWARE\Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}]
[2014.11.07 13:43:51.659] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 13:43:51.659] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 13:43:51.659] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 13:43:51.659] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 13:43:51.659] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 13:43:51.659] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 13:43:51.659] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 13:43:51.659] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 13:43:51.659] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 13:43:51.659] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.07 13:43:51.659] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 13:43:51.659] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 13:43:51.659] - INFO: Win32/Poweliks not found
[2014.11.07 13:44:02.849] - End

#11
Essexboy

Posted 07 November 2014 - 01:53 PM

GeekU Moderator

Retired Staff
69,964 posts

I will need a fresh FRST scan please, how is the computer behaving now ?

Right click FRST to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#12
JohnGo

Posted 07 November 2014 - 02:29 PM

Member

Topic Starter
Member
339 posts

Hi could I have a fresh look please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Select additions at the bottom

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please attach both logs generated.

The computer seems to be better although, I'm not using it currently except working with you. Been doing other things and just check on it occasionally for a reply.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by John (administrator) on PUGET-114848 on 07-11-2014 14:21:45
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\igfxTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-07-02] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [453448 2014-08-13] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [681256 2007-10-26] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [122880 2007-09-29] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1556106548-3433279612-2776821766-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA99A369063A5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope {4295C6CF-CF06-483A-A84F-5E37DB3BDA55} URL =
SearchScopes: HKCU - DefaultScope {4295C6CF-CF06-483A-A84F-5E37DB3BDA55} URL = http://search.condui...7692234811&UM=2
SearchScopes: HKCU - {4295C6CF-CF06-483A-A84F-5E37DB3BDA55} URL = http://search.condui...7692234811&UM=2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-05-28] ()
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-07-02] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2007-10-26] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [375280 2007-10-26] (CyberLink Corporation.)
S1 crlscsi; C:\Windows\SysWow64\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 cpuz135; \??\C:\Users\John\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\John\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\John\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 14:21 - 2014-11-07 14:21 - 00012456 _____ () C:\Users\John\Desktop\FRST.txt
2014-11-07 14:19 - 2014-11-07 14:19 - 02114560 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-11-07 08:51 - 2014-11-07 08:51 - 00186568 _____ (ESET) C:\Users\John\Downloads\ESETPoweliksCleaner.exe
2014-11-06 16:26 - 2014-11-07 14:21 - 00000000 ____D () C:\FRST
2014-11-06 05:53 - 2014-11-06 05:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\42416C51.sys
2014-11-04 18:59 - 2014-11-04 18:59 - 00008500 _____ () C:\Users\John\Documents\cc_20141104_185858.reg
2014-11-04 18:37 - 2014-11-04 18:37 - 00004042 _____ () C:\Windows\System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC}
2014-11-04 18:37 - 2014-11-04 18:37 - 00000000 _____ () C:\Users\John\AppData\Roaming\qzimk.dll
2014-11-02 19:19 - 2014-11-02 19:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58331D32.sys
2014-11-01 20:59 - 2014-11-07 13:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 20:59 - 2014-11-01 20:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-01 20:59 - 2014-11-01 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-01 20:59 - 2014-11-01 20:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-01 20:59 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 20:59 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-01 20:59 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-01 18:26 - 2014-11-01 20:33 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-31 22:03 - 2014-11-01 21:18 - 00000000 ____D () C:\Users\John\AppData\Roaming\FrameworkUpdate7
2014-10-31 22:03 - 2014-11-01 20:32 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-31 22:03 - 2014-10-31 22:03 - 00000000 ___HD () C:\17a1a5e
2014-10-31 22:03 - 2014-10-31 22:03 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-23 21:05 - 2014-10-23 21:05 - 00002136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-10-23 21:05 - 2014-10-23 21:05 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-10-23 21:05 - 2014-10-23 21:05 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-10-20 07:58 - 2014-10-20 07:58 - 06126536 _____ (Tim Kosse) C:\Users\John\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-10-15 07:58 - 2014-10-15 08:00 - 00000000 ____D () C:\Users\John\Documents\Anns Flash
2014-10-14 13:49 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 13:49 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 13:49 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 13:49 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 13:49 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 13:49 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 13:49 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 13:48 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 13:48 - 2014-09-19 23:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 13:48 - 2014-09-19 23:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 13:48 - 2014-09-19 23:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 13:48 - 2014-09-19 23:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 13:48 - 2014-09-19 23:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 13:48 - 2014-09-19 23:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 13:48 - 2014-09-19 23:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 13:48 - 2014-09-19 21:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 13:48 - 2014-09-19 21:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 13:48 - 2014-09-19 21:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 13:48 - 2014-09-19 21:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 13:48 - 2014-09-19 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 13:48 - 2014-09-19 21:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 13:48 - 2014-09-19 20:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-14 13:48 - 2014-09-19 20:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-14 13:48 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 13:48 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 13:48 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 13:48 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 13:48 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 13:48 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 13:48 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 13:48 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 13:48 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 13:48 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 13:48 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 13:48 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 13:48 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 13:48 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 13:48 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 13:48 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 13:48 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 13:48 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 13:48 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 13:48 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 13:48 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 13:48 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 13:48 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 13:48 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 13:48 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 13:48 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 13:48 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 13:48 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 13:48 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 13:48 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 13:48 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 13:48 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 13:48 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 13:48 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 13:48 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 13:48 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 13:48 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 13:48 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 13:48 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 13:48 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 13:48 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 13:48 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 13:48 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 13:48 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 13:48 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 13:48 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 13:48 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 13:47 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 13:47 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 13:47 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 13:47 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 13:46 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 13:46 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-13 10:03 - 2014-10-13 10:03 - 00191025 _____ () C:\Users\John\Documents\mvstcdxx.lst

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 13:27 - 2013-10-23 19:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 11:20 - 2013-08-30 02:50 - 02033169 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 09:46 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 09:46 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 09:45 - 2009-07-13 23:13 - 00798050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 09:40 - 2013-10-23 19:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 09:40 - 2013-09-03 15:49 - 00071913 _____ () C:\Windows\setupact.log
2014-11-07 09:40 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 20:31 - 2014-08-28 20:11 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-11-05 20:06 - 2013-09-13 19:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-05 20:06 - 2013-09-13 19:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-03 23:03 - 2013-09-18 05:46 - 00001149 _____ () C:\Users\John\Desktop\CyberLink Power2Go.lnk
2014-11-03 18:56 - 2014-03-01 19:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate
2014-11-02 21:47 - 2013-09-13 21:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\FileZilla
2014-11-02 19:18 - 2013-09-13 21:45 - 00014888 _____ () C:\Windows\PFRO.log
2014-11-01 21:18 - 2013-08-31 03:35 - 00000000 ____D () C:\Windows\Panther
2014-11-01 21:17 - 2013-09-13 21:17 - 00000000 ____D () C:\ProgramData\Conduit
2014-11-01 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 05:25 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 07:22 - 2013-10-23 19:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 07:22 - 2013-10-23 19:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 07:59 - 2013-09-13 21:57 - 00002004 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-10-20 07:59 - 2013-09-13 21:57 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-15 10:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-14 23:38 - 2013-09-03 15:49 - 00474384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 21:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 18:43 - 2013-09-20 11:22 - 00000000 ____D () C:\Users\John\Documents\OMZ CHURCH STUFF 2
2014-10-14 13:52 - 2013-08-30 15:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 13:50 - 2013-08-30 15:26 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 13:42 - 2014-02-12 11:14 - 00261632 ___SH () C:\Users\John\Documents\Thumbs.db
2014-10-13 03:26 - 2009-07-13 23:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-11 21:19 - 2013-09-23 22:53 - 00000000 ____D () C:\Users\John\Documents\My Audio

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 20:27

==================== End Of Log ===========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by John at 2014-11-07 14:22:07
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.3426 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1007 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1005 - CyberLink Corp.)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.0.1036 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version: - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Sonic Foundry Sound Forge 6.0b (HKLM-x32\...\{968CB479-6163-415F-A9D3-4489BF07DAFF}) (Version: 6.0.185 - Sonic Foundry)
Sony Vegas 5.0b (HKLM-x32\...\{A7401380-F015-475B-A5AA-7AE1F23B3DB3}) (Version: 5.0.160 - Sony)
Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1556106548-3433279612-2776821766-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

02-11-2014 00:36:30 Windows Update
06-11-2014 02:06:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {114C178E-C681-4DB2-91F5-7C664EAE7E4B} - System32\Tasks\{95406AD9-222A-4061-A8DE-6CBD83027D10} => C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe [2007-10-05] (CyberLink Corp.)
Task: {5E7F84C3-279C-4C04-860E-6E0BC9BD485F} - System32\Tasks\{8F93FAB9-9E40-4988-BDEA-F1131F54E252} => D:\Crack for All Sonic Foundry Programs\kgsonyall.exe
Task: {636443E8-69FE-4510-ABC1-0FFA8DB94A13} - System32\Tasks\{DD5CB04C-7BD4-4974-9559-01D82C09E4AB} => C:\Program Files (x86)\Sony\Vegas 5.0\vegas50.exe [2004-06-21] (Sony Pictures Digital Inc.)
Task: {8A71CF02-0D2B-48C7-8091-A350B389A725} - System32\Tasks\{89825CEB-1925-4F70-9333-47EF0AA82989} => D:\Crack for All Sonic Foundry Programs\kgsonyall.exe
Task: {9DD9ED57-4F24-4478-87DE-E8FCAB25D59A} - System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC} => C:\Users\John\AppData\Roaming\bfhtni.dll/s "C:\Users\John\AppData\Roaming\bfhtni.dll" <==== ATTENTION
Task: {BBD1BE0C-C1C6-4330-A4E8-F94433F5DFD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {BD480371-BA53-4E28-BC50-8B9C9BD081A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {DC9DEDDA-FE3B-4F07-9224-6C3197BF3263} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E8BCD90D-008D-48F6-ACA8-C8CAC0484DD7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-01 13:29 - 2014-05-01 13:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-28 00:54 - 2014-05-28 00:47 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2013-11-04 15:52 - 2014-08-13 23:24 - 00453448 _____ () C:\Windows\System32\igfxTray.exe
2013-09-03 15:41 - 2013-08-19 15:25 - 00313391 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe
2014-05-29 14:26 - 2014-11-07 09:40 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-05-28 00:54 - 2012-05-07 10:04 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-09-14 21:48 - 2007-04-10 14:01 - 08357424 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2007-09-28 12:08 - 2007-09-28 12:08 - 00630784 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2007-09-26 16:14 - 2007-09-26 16:14 - 00007680 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-08-30 14:02 - 2013-03-12 14:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1556106548-3433279612-2776821766-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1556106548-3433279612-2776821766-1004 - Limited - Enabled)
Guest (S-1-5-21-1556106548-3433279612-2776821766-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1556106548-3433279612-2776821766-1002 - Limited - Enabled)
John (S-1-5-21-1556106548-3433279612-2776821766-1000 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 09:42:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 07:03:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 06:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17116, time stamp: 0x541ccf72
Faulting module name: jscript9.dll, version: 10.0.9200.17116, time stamp: 0x541cda0b
Exception code: 0xc0000005
Fault offset: 0x0002359e
Faulting process id: 0x119c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/06/2014 03:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 05:54:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 07:57:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 08:25:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 07:51:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DllHost.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13dc

Start Time: 01cff7d196ae7de5

Termination Time: 7

Application Path: C:\Windows\system32\DllHost.exe

Report Id: 187caff1-63c5-11e4-9e0c-74d02b90190f

Error: (11/03/2014 06:49:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:25:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/07/2014 09:40:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
crlscsi

Error: (11/07/2014 09:40:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/07/2014 07:03:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/07/2014 07:01:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
crlscsi

Error: (11/07/2014 07:01:26 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/06/2014 03:53:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 03:52:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
crlscsi

Error: (11/06/2014 03:52:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/06/2014 05:53:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 05:52:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
crlscsi

Microsoft Office Sessions:
=========================
Error: (11/07/2014 09:42:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 07:03:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 06:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17116541ccf72jscript9.dll10.0.9200.17116541cda0bc00000050002359e119c01cffa0ed6a0fd31C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dllad371504-6615-11e4-9d9a-74d02b90190f

Error: (11/06/2014 03:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 05:54:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 07:57:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 08:25:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 07:51:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DllHost.exe6.1.7600.1638513dc01cff7d196ae7de57C:\Windows\system32\DllHost.exe187caff1-63c5-11e4-9e0c-74d02b90190f

Error: (11/03/2014 06:49:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:25:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2013-09-23 15:14:30.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 17:37:44.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 15:26:57.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 15:12:37.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 14:57:30.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 11:30:12.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-20 11:18:55.256
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-19 16:17:03.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-19 14:19:51.085
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-19 13:58:03.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 24%
Total physical RAM: 7872.04 MB
Available physical RAM: 5926.52 MB
Total Pagefile: 15742.27 MB
Available Pagefile: 13711.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:363.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B692E02A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#13
Essexboy

Posted 07 November 2014 - 02:48 PM

GeekU Moderator

Retired Staff
69,964 posts

After this run could you take it for a test drive and let me know of any problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

2014-11-04 18:37 - 2014-11-04 18:37 - 00004042 _____ () C:\Windows\System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC}
2014-11-04 18:37 - 2014-11-04 18:37 - 00000000 _____ () C:\Users\John\AppData\Roaming\qzimk.dll
2014-11-01 18:26 - 2014-11-01 20:33 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-31 22:03 - 2014-11-01 21:18 - 00000000 ____D () C:\Users\John\AppData\Roaming\FrameworkUpdate7
2014-10-31 22:03 - 2014-11-01 20:32 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-31 22:03 - 2014-10-31 22:03 - 00000000 ___HD () C:\17a1a5e
Task: {5E7F84C3-279C-4C04-860E-6E0BC9BD485F} - System32\Tasks\{8F93FAB9-9E40-4988-BDEA-F1131F54E252} => D:\Crack for All Sonic Foundry Programs\kgsonyall.exe
Task: {8A71CF02-0D2B-48C7-8091-A350B389A725} - System32\Tasks\{89825CEB-1925-4F70-9333-47EF0AA82989} => D:\Crack for All Sonic Foundry Programs\kgsonyall.exe
Task: {9DD9ED57-4F24-4478-87DE-E8FCAB25D59A} - System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC} => C:\Users\John\AppData\Roaming\bfhtni.dll/s "C:\Users\John\AppData\Roaming\bfhtni.dll" <==== ATTENTION
D:\Crack for All Sonic Foundry Programs
C:\Users\John\AppData\Roaming\bfhtni.dl
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

#14
JohnGo

Posted 07 November 2014 - 04:46 PM

Member

Topic Starter
Member
339 posts

C:\Windows\System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC} => Moved successfully.
C:\Users\John\AppData\Roaming\qzimk.dll => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\Users\John\AppData\Roaming\FrameworkUpdate7 => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\17a1a5e => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E7F84C3-279C-4C04-860E-6E0BC9BD485F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E7F84C3-279C-4C04-860E-6E0BC9BD485F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8F93FAB9-9E40-4988-BDEA-F1131F54E252} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F93FAB9-9E40-4988-BDEA-F1131F54E252}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A71CF02-0D2B-48C7-8091-A350B389A725}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A71CF02-0D2B-48C7-8091-A350B389A725}" => Key deleted successfully.
C:\Windows\System32\Tasks\{89825CEB-1925-4F70-9333-47EF0AA82989} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{89825CEB-1925-4F70-9333-47EF0AA82989}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DD9ED57-4F24-4478-87DE-E8FCAB25D59A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DD9ED57-4F24-4478-87DE-E8FCAB25D59A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8963D953-6473-C9CD-4C5A-A5AA791FCDEC}" => Key deleted successfully.
"D:\Crack for All Sonic Foundry Programs" => File/Directory not found.
"C:\Users\John\AppData\Roaming\bfhtni.dl" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {6E9FBE74-2DA3-48A2-9083-82677A5F56EE}.
0 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====