This topic is lockedThanks for the information. On your previous post, did you happen to download Procmon.exe as requested or did you use an already existing one on your machine?
firefox redirect / "Reported Web Forgery" [Solved] [Solved]
Started by
redleader74
, Dec 26 2014 09:12 AM
#32
Posted 03 January 2015 - 11:17 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
You can ignore my question regarding Procmon.exe. I was able to review the logs so thank you. Can you verify for me again if a Proxy is shown?
1. Click the Start Orb and choose Control Panel.
2. Choose Classic View and then Internet Options.
3. Choose the Connections tab and click the LAN settings button.
4. Is there anything set under Proxy server ?
#33
Posted 03 January 2015 - 02:43 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
After you have verified the proxy please do the following.
There's one last issue we need to get to the bottom of and that's the proxy being injected back in to your registry. I'd like to try the following.
Step#1 - Run RogueKiller
NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here
- Click here to go to the RogueKiller download page.
- Click the Downoad button.
On the next page: - For the 32-bit version, click the Download button beside RogueKiller.exe and save the RogueKiller.exe file to the desktop.
- Quit all programs and close all browsers.
- Double click the RogueKiller icon to run the program.
NOTE: If this is the first time you have used the program you will need to accept the User Agreement and the browser will open with some information related to the program. - Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
- Click on Scan
- Wait for the end of the scan.
- DO NOT delete anything at this time.
- The report has been created on the desktop.
- Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Step#2 - OTL Logs
- Download OTL.exe from here and save this to your desktop.
- Double-click on OTL.exe and ensure you check the options that I have outlined in Red below.
- Click the "Run Scan" button.
- When the scan completes, it will open OTL.Txt on the desktop. There is another file named Extras.txt that will be minimized on the taskbar. We need the contents of both files. These files are also saved in the same location as you are running OTL from.
- Please copy the contents of the OTL.Txt and Extras.Txt file and paste it into your reply. Paste OTL.Txt first and then Paste Extras.txt.
Step#3 - Monitor Proxy Changes
1. Download ProcmonConfiguration.pmc and save it to your desktop. Note: Ensure you overwrite the one that is currently there.
2 Right-Click on Procmon.exe and select Run as administrator. You may receive a User Account Control prompt. Please allow it to run.
3. Click the File menu and choose Import Configuration....
4. Choose the ProcmonConfiguration.pmc file that you downloaded to your desktop.
5. Registry Changes are now being detected and recorded. Specifically the Proxy settings.
Step#4 - Remove the Proxy Settings
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. 
fixlist.txt 110bytes
192 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. No reboot will be requested which is what we want in this case.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
5. This will also confirm if our Process Monitor that we set up is working properly. You should see several lines from FRST.exe show up as shown below.
6. Let's just leave the monitor running until we see some more lines show up here. When we see more lines show up then it's time to send the log file to me.
Step#5- Saving a Procmon Log
1. Note: Only do this when you see more lines appear other than the FRST ones. Please click the Capture icon on the toolbar to stop the capture. (it's the icon that looks like a magnifying glass).
2. Select the file menu and choose Save. Keep all the defaults and click OK. This should save a file named Logfile.PML to your desktop. You may overwrite the one that is there.
3. Please send me the Logfile.PML file. You will need to use dropbox, skydrive or another service such as https://www.sendspace.com/ to attach the file and then send me a link to download it.
Items for your next Post
1. RogueKiller log
2. OTL and Extras logs
3. FRST Fix log
4. Logfile.PML (Please post the 1st two and only send this one when appropriate)
#34
Posted 04 January 2015 - 11:12 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
To answer your previous message, I do not see anything under proxy server, meaning, the "Use a proxy server for your LAN" is NOT checked off and there is nothing in the Address box. There is also nothing in any of the boxes on the screen that pops up when i click on "Advanced." What is a proxy server and why would someone use it?
As for the RogeKiller. When I click on the link you provide, the page that it takes me to has many "Download" buttons but I believe many of them are ads and not the button for downloading RogueKiller. I don't want to click on the wrong download. Here's what the page looks like to me (I've attached a photo). Can you please advise what i'm suppose to click on?
Attached Thumbnails
#35
Posted 04 January 2015 - 12:09 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
What is a proxy server and why would someone use it?
Many companies/schools use Proxy servers. It redirects your internet traffic to a device or piece of intermediate software that checks the requests and responses to ensure that it's meeting any acceptable use policies that are in place. So for example if I do a search on google, the request will go to the proxy (the intermediate device/software) and that device will validate if any of the search terms are unacceptable and if the search term is allowed to go through. There are many other uses as well which you can read about here.
This may be more information than you want but there are two types of malware that use proxy servers. Spyware and Rouges.
- Spyware: The malware is listening behind port 5555, it sees all important Internet traffic. For example, it can read all data (including passwords) send over the http (= not encrypted) protocol. This information can be used to steal accounts, steal important information, track you on the internet ... That is a reason why it is so very dangerous and why you should use https (which is encrypted) as much as you can. They can still see the data, but they can't use or read it.
- Rogue: A proxy server also controls what you receive from the internet. A rogue for example will show a custom made webpage instead of what you actually wanted. Probably just ignoring what you actually requested.
That's why we want to get rid of this. I hope this helps.
I dislike all of the advertising as well. You can use this link which is a result of clicking the following button shown below.
#36
Posted 06 January 2015 - 01:13 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kwong [Administrator]
Mode : Scan -- Date : 01/05/2015 22:35:22
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 23 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9174\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33F4A60B-B862-4776-8236-C62236751285} | DhcpNameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{33F4A60B-B862-4776-8236-C62236751285} | DhcpNameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{33F4A60B-B862-4776-8236-C62236751285} | DhcpNameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9174\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9174\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] u7fm3gfg.default : user_pref("browser.startup.homepage", "www.google.com"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT0 +++++
--- User ---
[MBR] b80d8aad0d4d70d0a376a58132ab2874
[BSP] 143500e28e0f7628a019343ed6099823 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21133312 | Size: 292365 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 619896832 | Size: 2560 MB
User = LL1 ... OK
User = LL2 ... OK
OTL logfile created on: 1/5/2015 10:38:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kwong\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.35% Memory free
4.22 Gb Paging File | 3.23 Gb Available in Paging File | 76.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 17.75 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.75% Space Free | Partition Type: NTFS
Computer Name: KC03 | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/01/05 22:37:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
PRC - [2014/05/08 03:20:58 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/01/07 01:51:06 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2013/06/18 06:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/20 02:50:38 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/09/04 11:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/16 21:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 13:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/04/27 08:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/06/18 06:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/09/04 11:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/04/27 08:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
========== Services (SafeList) ==========
SRV - [2014/05/08 03:20:58 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/07/02 19:27:15 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008/12/16 21:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
========== Driver Services (SafeList) ==========
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2013/03/14 13:41:56 | 000,042,592 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/10/24 20:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/02/12 14:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/11/04 15:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/01/18 21:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/09/13 13:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/14 16:25:00 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/10 01:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 06:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 27 8F 1D 39 0F CE 01 [binary data]
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..\SearchScopes,DefaultScope = {AA56EC2C-D35C-4444-A54A-B59D9534D591}
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..\SearchScopes\{AA56EC2C-D35C-4444-A54A-B59D9534D591}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files\Java\jre6\bin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kwong\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/22 17:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/14 15:32:49 | 000,000,000 | ---D | M]
[2014/11/19 09:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/02 19:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/14 18:14:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2011/12/20 14:55:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..Trusted Domains: bankofamerica.com ([bills] https in Trusted sites)
O15 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\..Trusted Domains: lorexddns.net ([cpcoakland] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab (RemoteDvr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33F4A60B-B862-4776-8236-C62236751285}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6B9967C-5C87-4D8A-AA55-BE9081EADCF0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015/01/05 22:37:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
[2015/01/05 22:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015/01/03 03:33:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2015/01/03 03:33:10 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015/01/03 03:33:10 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/01/03 03:33:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/01/03 03:33:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2015/01/03 03:33:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2015/01/03 03:33:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2015/01/03 03:33:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2015/01/03 03:33:08 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/01/03 03:33:08 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/01/03 03:33:08 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/01/03 03:33:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2015/01/03 03:33:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/01/03 03:33:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015/01/03 03:33:07 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/01/03 03:33:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/01/03 03:33:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015/01/03 03:33:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015/01/03 03:33:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015/01/03 03:33:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/01/03 03:33:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2015/01/03 03:33:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2015/01/03 03:33:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2015/01/03 03:33:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2015/01/03 03:33:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/01/03 03:33:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/01/03 03:33:04 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/01/03 03:33:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2015/01/03 03:33:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2015/01/03 03:33:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2015/01/03 03:33:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2015/01/03 03:33:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2015/01/03 03:33:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/01/03 03:33:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2015/01/03 03:33:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/01/03 03:33:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2015/01/03 03:33:03 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2015/01/03 03:32:06 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2015/01/03 03:32:05 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2015/01/03 03:32:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2015/01/03 03:32:05 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2015/01/03 03:32:04 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2015/01/03 03:32:04 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2015/01/03 03:32:04 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2015/01/03 03:32:01 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2015/01/03 03:32:00 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/01/03 03:32:00 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015/01/03 03:32:00 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015/01/03 03:32:00 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2015/01/03 03:31:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/01/03 03:31:59 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015/01/03 03:31:59 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2015/01/03 03:31:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015/01/03 03:31:59 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015/01/03 03:31:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015/01/03 03:31:58 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2015/01/03 03:31:58 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2015/01/03 03:31:58 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2015/01/03 03:31:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2015/01/03 03:31:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2015/01/03 03:31:57 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2015/01/03 03:30:33 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2015/01/03 03:30:33 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2015/01/03 03:30:33 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2015/01/03 03:30:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2015/01/03 03:30:32 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2015/01/03 03:30:32 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2015/01/01 23:08:08 | 000,000,000 | ---D | C] -- C:\Users\Kwong\Desktop\bluescreenview
[2015/01/01 22:57:47 | 002,510,528 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Kwong\Desktop\procmon.exe
[2014/12/30 21:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/12/29 23:58:17 | 020,447,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kwong\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/28 02:24:38 | 005,198,336 | ---- | C] (AVAST Software) -- C:\Users\Kwong\Desktop\aswMBR.exe
[2014/12/27 12:48:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/27 12:47:11 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Kwong\Desktop\JRT.exe
[2014/12/27 12:03:02 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2014/12/27 12:03:02 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2014/12/27 12:03:01 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2014/12/27 03:29:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/27 03:16:55 | 000,000,000 | ---D | C] -- C:\Users\Kwong\Desktop\FRST-OlderVersion
[2014/12/26 08:48:43 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/26 08:47:58 | 001,115,136 | ---- | C] (Farbar) -- C:\Users\Kwong\Desktop\FRST.exe
[2014/12/26 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apps
[2014/12/16 20:38:33 | 000,000,000 | ---D | C] -- C:\Users\Kwong\AppData\Local\Apple
[2014/12/13 17:12:03 | 000,000,000 | ---D | C] -- C:\Users\Kwong\Desktop\2014-12 Xmas gifts
========== Files - Modified Within 30 Days ==========
[2015/01/05 22:37:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kwong\Desktop\OTL.exe
[2015/01/05 22:29:16 | 000,035,064 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015/01/05 22:29:09 | 015,298,136 | ---- | M] () -- C:\Users\Kwong\Desktop\RogueKiller.exe
[2015/01/05 22:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/05 22:26:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/05 22:26:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/04 15:23:03 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/04 15:23:03 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/01/04 08:55:30 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/04 08:55:30 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/04 00:54:27 | 364,367,210 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/01/03 07:58:38 | 001,115,136 | ---- | M] (Farbar) -- C:\Users\Kwong\Desktop\FRST.exe
[2015/01/03 07:55:38 | 000,000,944 | ---- | M] () -- C:\Users\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/01/03 07:50:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2015/01/03 03:33:22 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2015/01/03 03:33:22 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2015/01/03 03:33:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2015/01/03 03:33:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015/01/03 03:33:10 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/01/03 03:33:09 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/01/03 03:33:09 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2015/01/03 03:33:09 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2015/01/03 03:33:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2015/01/03 03:33:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2015/01/03 03:33:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2015/01/03 03:33:08 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/01/03 03:33:08 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/01/03 03:33:08 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/01/03 03:33:07 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/01/03 03:33:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015/01/03 03:33:07 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/01/03 03:33:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/01/03 03:33:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015/01/03 03:33:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015/01/03 03:33:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2015/01/03 03:33:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015/01/03 03:33:07 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2015/01/03 03:33:06 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/01/03 03:33:06 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2015/01/03 03:33:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2015/01/03 03:33:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2015/01/03 03:33:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/01/03 03:33:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/01/03 03:33:04 | 001,810,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/01/03 03:33:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2015/01/03 03:33:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2015/01/03 03:33:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2015/01/03 03:33:04 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2015/01/03 03:33:04 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2015/01/03 03:33:04 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/01/03 03:33:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2015/01/03 03:33:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/01/03 03:33:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2015/01/03 03:33:03 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2015/01/03 03:32:06 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2015/01/03 03:32:05 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2015/01/03 03:32:05 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2015/01/03 03:32:05 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2015/01/03 03:32:04 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2015/01/03 03:32:04 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2015/01/03 03:32:04 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2015/01/03 03:32:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2015/01/03 03:32:00 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/01/03 03:32:00 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015/01/03 03:32:00 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015/01/03 03:32:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2015/01/03 03:31:59 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/01/03 03:31:59 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015/01/03 03:31:59 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2015/01/03 03:31:59 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015/01/03 03:31:59 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015/01/03 03:31:59 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015/01/03 03:31:58 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2015/01/03 03:31:58 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2015/01/03 03:31:58 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2015/01/03 03:31:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2015/01/03 03:31:58 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2015/01/03 03:31:57 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2015/01/03 03:30:34 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2015/01/03 03:30:33 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2015/01/03 03:30:33 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2015/01/03 03:30:33 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2015/01/03 03:30:33 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2015/01/03 03:30:32 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2015/01/03 03:30:32 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2015/01/03 02:35:54 | 000,852,504 | ---- | M] () -- C:\Users\Kwong\Desktop\SecurityCheck.exe
[2015/01/01 23:21:46 | 019,608,628 | ---- | M] () -- C:\Users\Kwong\Desktop\Logfile.PML
[2015/01/01 23:06:45 | 000,066,913 | ---- | M] () -- C:\Users\Kwong\Desktop\bluescreenview.zip
[2015/01/01 22:57:55 | 002,510,528 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Kwong\Desktop\procmon.exe
[2015/01/01 22:57:55 | 000,002,582 | ---- | M] () -- C:\Users\Kwong\Desktop\ProcmonConfiguration.pmc
[2014/12/29 23:59:20 | 020,447,072 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kwong\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/28 07:55:21 | 000,000,512 | ---- | M] () -- C:\Users\Kwong\Desktop\MBR.dat
[2014/12/28 02:24:49 | 005,198,336 | ---- | M] (AVAST Software) -- C:\Users\Kwong\Desktop\aswMBR.exe
[2014/12/27 12:47:12 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Kwong\Desktop\JRT.exe
[2014/12/27 03:28:23 | 002,173,952 | ---- | M] () -- C:\Users\Kwong\Desktop\AdwCleaner.exe
[2014/12/10 22:01:32 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/12/10 22:01:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2015/01/05 22:29:16 | 000,035,064 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015/01/05 22:28:50 | 015,298,136 | ---- | C] () -- C:\Users\Kwong\Desktop\RogueKiller.exe
[2015/01/03 07:55:38 | 000,000,944 | ---- | C] () -- C:\Users\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/01/03 03:33:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2015/01/03 02:35:39 | 000,852,504 | ---- | C] () -- C:\Users\Kwong\Desktop\SecurityCheck.exe
[2015/01/01 23:19:44 | 019,608,628 | ---- | C] () -- C:\Users\Kwong\Desktop\Logfile.PML
[2015/01/01 23:06:42 | 000,066,913 | ---- | C] () -- C:\Users\Kwong\Desktop\bluescreenview.zip
[2015/01/01 22:57:55 | 000,002,582 | ---- | C] () -- C:\Users\Kwong\Desktop\ProcmonConfiguration.pmc
[2014/12/28 07:55:21 | 000,000,512 | ---- | C] () -- C:\Users\Kwong\Desktop\MBR.dat
[2014/12/27 03:28:13 | 002,173,952 | ---- | C] () -- C:\Users\Kwong\Desktop\AdwCleaner.exe
[2014/09/02 20:39:01 | 000,179,808 | ---- | C] () -- C:\Windows\hpwins14.dat
[2014/09/02 20:39:01 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2013/11/11 19:03:18 | 000,928,399 | ---- | C] () -- C:\Windows\unins000.exe
[2013/08/10 14:06:01 | 000,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2013/05/22 07:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/04/20 16:27:59 | 000,077,389 | ---- | C] () -- C:\Windows\hpqins05.dat.temp
[2013/04/20 16:25:01 | 000,099,331 | ---- | C] () -- C:\Windows\hpqins01.dat
[2013/04/20 13:59:59 | 000,179,441 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2013/04/20 13:59:59 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2013/03/19 20:01:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/03/19 19:59:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/03/19 19:59:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/03 21:48:06 | 000,000,208 | -H-- | C] () -- C:\ProgramData\RmUserCfg.ini
[2011/06/03 21:48:06 | 000,000,031 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2010/04/28 22:32:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ==========
[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/10 22:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/09/27 21:44:14 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\acccore
[2012/12/31 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\Amazon
[2014/01/20 08:44:46 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\AnvSoft
[2013/04/20 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\Garmin
[2013/08/12 17:43:02 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\HandBrake
[2013/09/14 16:41:25 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\JawboneUpdater
[2013/05/23 20:43:36 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\MAGIX
[2013/07/16 23:03:19 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\Orbit
[2011/09/15 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\The Journal
[2011/10/20 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\ThumbsPlus
[2013/12/13 08:43:42 | 000,000,000 | ---D | M] -- C:\Users\Kwong\Application Data\Tyre
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 1/5/2015 10:38:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kwong\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.35% Memory free
4.22 Gb Paging File | 3.23 Gb Available in Paging File | 76.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 17.75 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.75% Space Free | Partition Type: NTFS
Computer Name: KC03 | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3634781665-3730177948-736442605-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6536E538-8867-4BA6-AFF0-668A5C947326}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |
"{AD7E0B14-B23E-4B3B-A352-4A2DBB0F408B}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |
"{D8BCC815-0508-46BD-9DFF-3CBFDF640BD4}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |
"{F69D89CE-B3DD-4EDC-B314-E068FD91A70B}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |
"TCP Query User{87FE5B57-9BDD-4AA1-9DE0-701CF22FC1A8}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{A3E246CB-F5B3-45CB-BFD4-9B3DB4850290}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{CBFE3A71-F8E7-478C-8983-360371DA396A}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{5D976853-0263-4F39-B14E-DA42D7D0C480}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{90C5ACDF-7783-4420-8B05-A1F85CB11C7E}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{B0046C7F-6B66-41DE-9E99-04C7058E5198}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio 2.7.2
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{245B4BB9-D643-4A87-968D-6C856FF1706A}" = VChannelClient
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D48CBE-DE70-44AB-B631-C3E60F5184D5}" = STOIK Video Converter 3
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}" = ScrewDrivers Client v4
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}" = AppliedOnline Upload Center Launcher - 32 bit
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}" = iTunes
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE318321-7909-4D3E-8540-EFED111E1786}" = STOIK Video Converter 3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Any Video Converter_is1" = Any Video Converter 5.0.5
"AppliedOnline Install_is1" = AppliedOnline Install
"Audacity_is1" = Audacity 1.2.6
"AVGO Free DVD Ripper_is1" = AVGO Free DVD Ripper 1.03.1
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.02.01.0612)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"Jawbone Updater" = Jawbone Updater
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOKR" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"ReNamer_is1" = ReNamer
"Revo Uninstaller" = Revo Uninstaller 1.85
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Dell Touchpad
"The Journal 4_is1" = The Journal 4
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"TibetSystem - Uninstall Web Viewer" = Uninstall Web Viewer
"WinMerge_is1" = WinMerge 2.14.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/5/2015 3:46:37 AM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/5/2015 3:46:37 AM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10312
Error - 1/5/2015 3:46:37 AM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10312
Error - 1/5/2015 3:46:38 AM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/5/2015 3:46:38 AM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11373
Error - 1/5/2015 3:46:38 AM | Computer Name = KC03 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11373
Error - 1/6/2015 2:29:18 AM | Computer Name = KC03 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 1/6/2015 2:29:19 AM | Computer Name = KC03 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 1/6/2015 2:37:01 AM | Computer Name = KC03 | Source = VSS | ID = 8193
Description =
Error - 1/6/2015 2:41:31 AM | Computer Name = KC03 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 1/28/2012 9:04:54 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712
seconds with 660 seconds of active time. This session ended with a crash.
Error - 4/29/2012 9:42:09 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052
seconds with 120 seconds of active time. This session ended with a crash.
Error - 5/27/2012 9:37:09 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180
seconds with 60 seconds of active time. This session ended with a crash.
Error - 9/9/2012 11:56:50 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923
seconds with 240 seconds of active time. This session ended with a crash.
Error - 10/13/2012 1:20:26 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238
seconds with 960 seconds of active time. This session ended with a crash.
Error - 9/18/2013 11:22:25 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/24/2013 10:00:49 PM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/6/2013 1:24:14 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/28/2014 5:27:02 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/15/2014 1:53:23 AM | Computer Name = KC03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 1/4/2015 12:26:07 AM | Computer Name = KC03 | Source = Service Control Manager | ID = 7011
Description =
Error - 1/4/2015 4:55:24 AM | Computer Name = KC03 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:41:24 AM on 1/4/2015 was unexpected.
Error - 1/4/2015 4:55:41 AM | Computer Name = KC03 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
Error - 1/4/2015 4:56:06 AM | Computer Name = KC03 | Source = Service Control Manager | ID = 7000
Description =
Error - 1/4/2015 4:56:42 AM | Computer Name = KC03 | Source = DCOM | ID = 10016
Description =
Error - 1/4/2015 4:57:07 AM | Computer Name = KC03 | Source = Service Control Manager | ID = 7022
Description =
Error - 1/4/2015 4:59:16 AM | Computer Name = KC03 | Source = Service Control Manager | ID = 7009
Description =
Error - 1/4/2015 4:59:16 AM | Computer Name = KC03 | Source = Service Control Manager | ID = 7000
Description =
Error - 1/5/2015 12:51:46 AM | Computer Name = KC03 | Source = Service Control Manager | ID = 7034
Description =
Error - 1/5/2015 3:24:53 AM | Computer Name = KC03 | Source = Service Control Manager | ID = 7034
Description =
< End of report >
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 02
Ran by Kwong at 2015-01-05 23:05:18 Run:7
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
==== End of Fixlog 23:05:18 ====
Procmon has been running for about 10 minutes and so far, only two lines of FRST are showing up. How long should I wait for more to show up?
#37
Posted 06 January 2015 - 05:30 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Procmon has been running for about 10 minutes and so far, only two lines of FRST are showing up. How long should I wait for more to show up?
Let's let it run as long as you can. Up to 24 hours if it's not causing you any issues. Thanks.
#38
Posted 06 January 2015 - 09:29 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Oops, I had turned it off last night before I shut down the computer. Should I start it up again? Do I need to rerun everything again from the last step?
#39
Posted 06 January 2015 - 10:46 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
That's OK. We may need to do something similar again but hold on and I'll be back to you with instructions. We'll get this!
#40
Posted 06 January 2015 - 05:47 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Please do the following. We're narrowing in on the culprit.
Step#1 - Run RogueKiller / Remove Entries
1. Open up RogueKiller.
2. Allow the pre-scan to finish and then click on Scan.
3. Once the scan finishes, click on the Registry tab and place a check mark in the following lines.
(These are all the lines that have have PUM.Proxy in the Type column.)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Found
Are you familiar with software called or by a company named RK Software that may be on your machine? If not please also check the following.
(These are all the lines that have Hj.RegVal or PUM.DesktopIcons in the Type column)
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9174\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9174\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9174\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
4. Click the Delete button.
5. Then click on the Report button. A text file will open. Please copy/paste the contents of this long in your next post.
6. Reboot your machine!
Step#2 - OTL Fix
1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
:Commands
[CreateRestorePoint]
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[2013/05/22 07:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
:Commands
[EmptyTemp]
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Step#3 - BSOD Log
1. Right-click on BlueScreenView.exe that is on your desktop and select Run as administrator. If prompted to Allow, please answer yes.
2. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
3. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt.
4. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.
Step#4 - Mini Toolbox
1. Please download MiniToolBox, save it to your desktop and run it.
2. Ensure your internet browsers are closed.
3. Click the "Select All" checkbox at the top of the form.
4. Click the Go button.
5. Notepad will open with the log once it completes. Post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Items for your next post
1. RogueKiller Delete Log
2. OTL Fix log
3. BSOD Log
4. MiniToolbox results
#41
Posted 07 January 2015 - 03:24 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kwong [Administrator]
Mode : Delete -- Date : 01/06/2015 21:41:05
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 23 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_6165\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Not selected
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Deleted
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> ERROR [2]
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33F4A60B-B862-4776-8236-C62236751285} | DhcpNameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{33F4A60B-B862-4776-8236-C62236751285} | DhcpNameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{33F4A60B-B862-4776-8236-C62236751285} | DhcpNameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_6165\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_6165\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] u7fm3gfg.default : user_pref("browser.startup.homepage", "www.google.com"); -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT0 +++++
--- User ---
[MBR] b80d8aad0d4d70d0a376a58132ab2874
[BSP] 143500e28e0f7628a019343ed6099823 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21133312 | Size: 292365 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 619896832 | Size: 2560 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_01052015_223522.log - RKreport_SCN_01062015_213404.log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3634781665-3730177948-736442605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
C:\ProgramData\ReadOnlyInstaller.msi moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kwong
->Temp folder emptied: 1230173 bytes
->Temporary Internet Files folder emptied: 1674692 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17037927 bytes
User: Public
User: TEMP
User: TEMP.KC03
User: Visitor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 120800051 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 411862 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 33182873 bytes
Total Files Cleaned = 166.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01072015_010546
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
==================================================
Dump File : Mini010415-01.dmp
Crash Time : 1/4/2015 12:53:09 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851de578
Parameter 3 : 0x868d2380
Parameter 4 : 0x84d7ab18
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini010415-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 1/4/2015 12:55:32 AM
==================================================
==================================================
Dump File : Mini123014-01.dmp
Crash Time : 12/30/2014 12:37:46 AM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001904aa
Parameter 2 : 0xa8bd4a1c
Parameter 3 : 0xa8bd4718
Parameter 4 : 0x888fa24b
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+ef24b
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : Ntfs.sys+19fff
Stack Address 2 : Ntfs.sys+17292
Stack Address 3 : ntkrnlpa.exe+ad1d8
Computer Name :
Full Path : C:\Windows\Minidump\Mini123014-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,648
Dump File Time : 12/30/2014 12:39:07 AM
==================================================
==================================================
Dump File : Mini121014-01.dmp
Crash Time : 12/10/2014 9:52:55 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851dd578
Parameter 3 : 0x86d2b030
Parameter 4 : 0x84a218d8
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini121014-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 12/10/2014 9:55:13 PM
==================================================
==================================================
Dump File : Mini092914-01.dmp
Crash Time : 9/28/2014 11:51:25 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851de6b0
Parameter 3 : 0x86ae7030
Parameter 4 : 0x85d5a890
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini092914-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 9/28/2014 11:53:17 PM
==================================================
==================================================
Dump File : Mini072214-01.dmp
Crash Time : 7/21/2014 11:36:13 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851dcb70
Parameter 3 : 0x85c36380
Parameter 4 : 0x8500e008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini072214-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 7/21/2014 11:37:14 PM
==================================================
==================================================
Dump File : Mini053014-01.dmp
Crash Time : 5/30/2014 6:36:27 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851dc6b0
Parameter 3 : 0x86be1030
Parameter 4 : 0x84b88a60
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini053014-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 5/30/2014 6:37:49 AM
==================================================
==================================================
Dump File : Mini050514-01.dmp
Crash Time : 5/5/2014 9:50:25 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851de578
Parameter 3 : 0x85c3b380
Parameter 4 : 0x85140008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini050514-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 5/5/2014 9:51:47 PM
==================================================
==================================================
Dump File : Mini040214-01.dmp
Crash Time : 4/2/2014 10:58:49 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851de6b0
Parameter 3 : 0x86bef030
Parameter 4 : 0x863696e8
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini040214-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 4/2/2014 10:59:46 PM
==================================================
==================================================
Dump File : Mini022714-01.dmp
Crash Time : 2/27/2014 2:44:45 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851de6b0
Parameter 3 : 0x86bf9030
Parameter 4 : 0x84a574e0
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini022714-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 2/27/2014 2:46:11 AM
==================================================
==================================================
Dump File : Mini011414-01.dmp
Crash Time : 1/14/2014 8:05:06 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851ef030
Parameter 3 : 0x86c5b030
Parameter 4 : 0x861c0608
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini011414-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 1/14/2014 8:06:26 AM
==================================================
==================================================
Dump File : Mini011114-01.dmp
Crash Time : 1/11/2014 12:09:29 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x08290015
Parameter 4 : 0x91fc62f0
Caused By Driver : NETw4v32.sys
Caused By Address : NETw4v32.sys+2166d0
File Description : Intel® Wireless WiFi Link Driver
Product Name : Intel® Wireless WiFi Link Adapter
Company : Intel Corporation
File Version : 11.1.0.86
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+ee9c0
Stack Address 3 : NETw4v32.sys+6897
Computer Name :
Full Path : C:\Windows\Minidump\Mini011114-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,648
Dump File Time : 1/11/2014 12:10:37 PM
==================================================
==================================================
Dump File : Mini010414-01.dmp
Crash Time : 1/4/2014 6:29:40 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x851deb70
Parameter 3 : 0x86d6a030
Parameter 4 : 0x86039868
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb0d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb0d
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa2eb
Computer Name :
Full Path : C:\Windows\Minidump\Mini010414-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 143,600
Dump File Time : 1/4/2014 6:31:10 AM
==================================================
MiniToolBox by Farbar Version: 30-11-2014
Ran by Kwong (administrator) on 07-01-2015 at 01:20:22
Running from "C:\Users\Kwong\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Broadcom NetLink ™ Fast Ethernet = Local Area Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : KC03
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1D-E0-86-89-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::257e:cc32:feea:2ca%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, January 07, 2015 1:07:40 AM
Lease Expires . . . . . . . . . . : Thursday, January 08, 2015 1:07:41 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218111456
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-42-3F-56-00-15-C5-82-A3-94
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
Physical Address. . . . . . . . . : 00-1D-09-56-AB-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A6B9967C-5C87-4D8A-AA55-BE9081EADCF0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:14c2:3458:3f57:fe99(Preferred)
Link-local IPv6 Address . . . . . : fe80::14c2:3458:3f57:fe99%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 10:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 18:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 20:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A6B9967C-5C87-4D8A-AA55-BE9081EADCF0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 23:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1EE4017C-AF4E-4A05-9E95-7EEC8E7F338C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 24:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D8D8C62C-726F-4179-B15B-6E8EBC5CA43F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: google.com
Addresses: 2607:f8b0:4005:800::1009
74.125.239.129
74.125.239.131
74.125.239.128
74.125.239.134
74.125.239.142
74.125.239.137
74.125.239.136
74.125.239.135
74.125.239.133
74.125.239.130
74.125.239.132
Pinging google.com [74.125.239.110] with 32 bytes of data:
Reply from 74.125.239.110: bytes=32 time=18ms TTL=55
Reply from 74.125.239.110: bytes=32 time=19ms TTL=55
Ping statistics for 74.125.239.110:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 19ms, Average = 18ms
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=37ms TTL=51
Reply from 206.190.36.45: bytes=32 time=35ms TTL=51
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 37ms, Average = 36ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9 ...00 1d e0 86 89 41 ...... Intel® Wireless WiFi Link 4965AGN
8 ...00 1d 09 56 ab c9 ...... Broadcom NetLink ™ Fast Ethernet
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{A6B9967C-5C87-4D8A-AA55-BE9081EADCF0}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
23 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
20 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
21 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
29 ...00 00 00 00 00 00 00 e0 isatap.{A6B9967C-5C87-4D8A-AA55-BE9081EADCF0}
28 ...00 00 00 00 00 00 00 e0 isatap.{1EE4017C-AF4E-4A05-9E95-7EEC8E7F338C}
26 ...00 00 00 00 00 00 00 e0 isatap.{D8D8C62C-726F-4179-B15B-6E8EBC5CA43F}
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:9d38:90d7:14c2:3458:3f57:fe99/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::14c2:3458:3f57:fe99/128
On-link
9 281 fe80::257e:cc32:feea:2ca/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/07/2015 01:18:21 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {fdbc70f1-cba9-439f-a6dd-5df9915c7152}
Error: (01/07/2015 01:05:58 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {308e368f-2c66-4aa5-8b18-68fc867adb75}
Error: (01/07/2015 01:01:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 102462
Error: (01/07/2015 01:01:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 102462
Error: (01/07/2015 01:01:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/06/2015 10:59:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e6b80d35-63d5-49e5-872b-ca2ce4108ddf}
Error: (01/06/2015 07:28:21 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000, time stamp 0x47918b89, faulting module hpslpsvc32.dll, version 100.0.170.0, time stamp 0x4712d173, exception code 0xc0000005, fault offset 0x000410c9,
process id 0xb54, application start time 0xsvchost.exe_HPSLPSVC0.
Error: (01/06/2015 07:22:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21292498
Error: (01/06/2015 07:22:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21292498
Error: (01/06/2015 07:22:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/07/2015 01:11:00 AM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate)%%1053
Error: (01/07/2015 01:11:00 AM) (Source: Service Control Manager) (User: )
Description: 120000Google Update Service (gupdate)
Error: (01/07/2015 01:09:02 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (01/07/2015 01:09:02 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (01/07/2015 01:08:34 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/07/2015 01:07:31 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
Feature: %%835
Error Code: 0x80004005
Error description: Unspecified error
Reason: %%842
Error: (01/07/2015 01:05:46 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service1150001Restart the service
Error: (01/06/2015 09:55:30 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (01/06/2015 09:51:06 PM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate)%%1053
Error: (01/06/2015 09:51:06 PM) (Source: Service Control Manager) (User: )
Description: 120000Google Update Service (gupdate)
Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:53:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3380 seconds with 120 seconds of active time. This session ended with a crash.
Error: (09/28/2014 01:27:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/05/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 460 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/24/2013 06:00:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/18/2013 07:22:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 326 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/13/2012 09:20:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128238 seconds with 960 seconds of active time. This session ended with a crash.
Error: (09/09/2012 07:56:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55923 seconds with 240 seconds of active time. This session ended with a crash.
Error: (05/27/2012 05:37:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47180 seconds with 60 seconds of active time. This session ended with a crash.
Error: (04/29/2012 05:42:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92052 seconds with 120 seconds of active time. This session ended with a crash.
Error: (01/28/2012 05:04:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205712 seconds with 660 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-01-01 13:11:51.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-01 13:11:51.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-01 13:11:51.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-01 13:11:51.026
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-01 13:11:50.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-01 13:11:50.317
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-01 13:11:50.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-01 13:11:50.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-31 00:37:06.961
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-31 00:37:06.929
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
AIM 7 (HKLM\...\AIM_7) (Version: - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version: - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AVGO Free DVD Ripper 1.03.1 (HKLM\...\AVGO Free DVD Ripper_is1) (Version: - AVGO Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dell Driver Download Manager (HKCU\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.2 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jawbone Updater (HKLM\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Laptop Integrated Webcam Driver (1.02.01.0612) (HKLM\...\Creative OEM002) (Version: - )
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mHelp (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Outlook 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Client (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetDeviceManager (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Connectivity Solution (HKLM\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Revo Uninstaller 1.85 (HKLM\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
ScrewDrivers Client v4 (HKLM\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
STOIK Video Converter 3 (HKLM\...\{75D48CBE-DE70-44AB-B631-C3E60F5184D5}) (Version: 3.0.0 - STOIK Imaging)
STOIK Video Converter 3 (Version: 3.0.0 - STOIK Imaging) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks)
The Journal 4 (HKLM\...\The Journal 4_is1) (Version: 4.01 - DavidRM Software)
ThumbsPlus version 7 SP2 (HKLM\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Web Viewer (HKLM\...\TibetSystem - Uninstall Web Viewer) (Version: Version 5.5.0.0 - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
========================= Devices: ================================
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
========================= Memory info: ===================================
Percentage of memory in use: 41%
Total physical RAM: 2045.31 MB
Available physical RAM: 1196.22 MB
Total Pagefile: 4327.87 MB
Available Pagefile: 3536.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.86 MB
========================= Partitions: =====================================
1 Drive c: (DRIVE_C) (Fixed) (Total:285.51 GB) (Free:23.68 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.87 GB) NTFS
========================= Users: ========================================
User accounts for \\KC03
Administrator Guest Kwong
Visitor
========================= Minidump Files ==================================
C:\Windows\Minidump\Mini010414-01.dmp
C:\Windows\Minidump\Mini010415-01.dmp
C:\Windows\Minidump\Mini011114-01.dmp
C:\Windows\Minidump\Mini011414-01.dmp
C:\Windows\Minidump\Mini022714-01.dmp
C:\Windows\Minidump\Mini040214-01.dmp
C:\Windows\Minidump\Mini050514-01.dmp
C:\Windows\Minidump\Mini053014-01.dmp
C:\Windows\Minidump\Mini072214-01.dmp
C:\Windows\Minidump\Mini092914-01.dmp
C:\Windows\Minidump\Mini121014-01.dmp
C:\Windows\Minidump\Mini123014-01.dmp
========================= Restore Points ==================================
29-12-2014 05:21:11 Restore Point Created by FRST
29-12-2014 09:59:32 Windows Update
30-12-2014 07:51:26 Restore Point Created by FRST
30-12-2014 15:34:43 Windows Update
31-12-2014 23:57:40 Windows Update
01-01-2015 00:39:12 Windows Update
02-01-2015 00:41:57 Windows Update
02-01-2015 06:49:07 Restore Point Created by FRST
03-01-2015 02:34:08 Windows Update
03-01-2015 10:33:20 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.4.1028
03-01-2015 11:30:09 Windows Modules Installer
04-01-2015 04:36:47 Windows Update
04-01-2015 09:50:33 Windows Update
06-01-2015 06:37:00 Windows Update
07-01-2015 06:59:26 Scheduled Checkpoint
07-01-2015 09:05:58 OTL Restore Point - 1/7/2015 1:05:57 AM
07-01-2015 09:18:21 Windows Update
**** End of log ****
#42
Posted 07 January 2015 - 10:06 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Thank you for the information. We may have got it but need to validate. In summary here are the issues left on your machine.
1. Proxy Issue (may be solved...will verify)
2. Blue Screen errors. Your machine is periodically crashing with DRIVER_POWER_STATE_FAILURE. I'll provide suggestions on drivers to update to hopefully remedy this.
3. Your Volume Shadow Copy Service is failing/crashing. We'll also try to resolve this.
Please follow the instructions below so I can get the necessary info to resolve the above issues.
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
fixlist.txt 299bytes
176 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#2 - Mini Toolbox
1. Ensure your internet browsers are closed.
2. Open up MiniToolbox which should still be on your desktop.
3. Place a check mark in only the following two.
Report IE Proxy Settings
Report FF Proxy Settings
4. Click the Go button.
5. Notepad will open with the log once it completes. Post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Items for your next post
1. FRST Fix Log
2. MiniToolbox results
#43
Posted 07 January 2015 - 02:53 PM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Kwong at 2015-01-07 12:37:45 Run:8
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
cmd: wmic computersystem get manufacturer
cmd: wmic computersystem get model
cmd: wmic bios get serialnumber
cmd: wmic bios get name
reg: reg delete "HKLM\RK_Software_ON_D_6165" /F
reg: reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
EmptyTemp:
*****************
Restore point was successfully created.
========= wmic computersystem get manufacturer =========
M a n u f a c t u r e r
D e l l I n c .
========= End of CMD: =========
========= wmic computersystem get model =========
M o d e l
X P S M 1 3 3 0
========= End of CMD: =========
========= wmic bios get serialnumber =========
S e r i a l N u m b e r
B J 7 9 T F 1
========= End of CMD: =========
========= wmic bios get name =========
N a m e
P h o e n i x R O M B I O S P L U S V e r s i o n 1 . 1 0 A 1 5
========= End of CMD: =========
========= reg delete "HKLM\RK_Software_ON_D_6165" /F =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList" =========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3634781665-3730177948-736442605-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3634781665-3730177948-736442605-1002.bak
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3634781665-3730177948-736442605-1003
========= End of Reg: =========
EmptyTemp: => Removed 36.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:38:15 ====
MiniToolBox by Farbar Version: 30-11-2014
Ran by Kwong (administrator) on 07-01-2015 at 12:50:49
Running from "C:\Users\Kwong\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
**** End of log ****
#44
Posted 08 January 2015 - 10:16 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Great news. The infection causing the proxy to be injected is now gone! In addition we identified the cause of the VSS failures. This fix should resolve that. The last one (the Blue Screen issue) I want to get one more piece of information if I can before providing driver recommendations.
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
fixlist.txt 167bytes
161 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#2 - Retrieve Memory Dump
1. Can you copy the file C:\Windows\MEMORY.DMP to your desktop?
2. Then right-click on the file that is on your desktop and choose Send to...Compressed (zipped) folder. This will create a zip file on your desktop.
3. Can you upload this to SendSpace and provide me the link?
Items for your next post
1. FRST Fix Log
2. Link to zipped up Memory.dmp file.
#45
Posted 10 January 2015 - 02:11 AM
redleader74
- Topic Starter
-
- Member
-
- 195 posts
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Kwong at 2015-01-09 23:58:15 Run:9
Running from C:\Users\Kwong\Desktop
Loaded Profile: Kwong (Available profiles: Kwong & Visitor)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
reg: reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3634781665-3730177948-736442605-1002.bak" /F
EmptyTemp:
*****************
Restore point was successfully created.
========= reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3634781665-3730177948-736442605-1002.bak" /F =========
The operation completed successfully.
========= End of Reg: =========
EmptyTemp: => Removed 191.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 23:58:46 ====
https://www.sendspace.com/file/irwhi7
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
