Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Shell Commor problems

permissions virus windows shell commor icons change printer problems

  • Please log in to reply

#1
tink03

tink03

    Member

  • Member
  • PipPip
  • 16 posts

My computer started acting strange about 8 months ago. I noticed that the file and folder permissions kept changing and my printer wouldn't work. I was supposed to be the owner on all files and folders, but the permissions kept changing to make Trusted Installer, Windows Media Player Network Sharing Service, or Administrator the owner. The computer also started running really slow. I brought up task manager and Wmp sharing service was using anywhere from 50-80% of my CPU. I disabled it in Services, but then iexplore.exe or svchost.exe started doing the same thing. I have tried over and over to change all of the folder and file permissions back to me as the owner, but within a day, they all change back. I've tried Malwarebytes and several anti-virus programs, but whatever virus or malware is on my computer took over those types of programs 1st. Windows Defender and Windows Essentials do nothing. Then my icons started changing. I noticed today that when I tried to change the permisions back on my downloads, it didn't show a drive (\\KELLY-PC\Kelly\Downloads) and wouldn't allow me to change the auditing permissions. It said "You do not have permission to view or edit this object's permissions". It said it opens with Windows Shell Commor. That was another thing I noticed. A lot of the names of my programs in Program Files, such as F12Tools.dll had a little blue bolt icon next to them. There are so many application extensions that have that, I wouldn't be able to count. HELP!!!!!! Here is the report that was generated by OTL:

 

OTL logfile created on: 1/22/2015 3:58:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kelly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.93 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.46% Memory free
7.86 Gb Paging File | 5.81 Gb Available in Paging File | 73.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 247.29 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
 
Computer Name: KELLY-PC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/22 15:58:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/06 14:26:26 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/12/11 16:47:32 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2015/01/14 19:18:31 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/22 21:17:28 | 000,089,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2014/05/06 14:26:26 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2014/04/03 19:21:48 | 000,315,008 | ---- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/11 16:47:32 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 06:04:49 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/22 15:27:02 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/03/31 20:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/03/19 14:27:44 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/03 15:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/08/09 22:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/06 11:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/13 19:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...vast&type=iedef
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Kelly\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKCU\..\SearchScopes\{CB58EFCC-020E-4273-9EB9-4C8696A4541E}: "URL" = https://search.yahoo...rtPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2014/10/26 20:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\mMSRbFBY.default\extensions
[2014/10/29 23:25:03 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\mMSRbFBY.default\extensions\[email protected]
 
O1 HOSTS File: ([2014/06/24 19:24:49 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 957kjr.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: paypal.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([screen] https in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.n...X_WEB_Win32.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3684E32D-4846-436A-B1F8-95238FCB0EFA}: DhcpNameServer = 168.95.1.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/22 15:58:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2015/01/16 12:54:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015/01/15 12:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2015/01/15 12:45:38 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Roaming\Lavasoft
[2015/01/15 12:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2015/01/15 12:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2015/01/15 12:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2015/01/15 12:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2015/01/14 12:06:36 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/14 12:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/14 12:06:15 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/01/14 12:06:15 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/01/14 12:06:15 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/01/14 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/14 12:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/13 18:05:36 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Documents\Malwarebytes scan log results
[2014/12/28 20:42:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/22 15:58:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2015/01/22 15:27:02 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/22 15:25:27 | 000,012,470 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat
[2015/01/22 15:25:27 | 000,008,704 | ---- | M] () -- C:\Users\Kelly\Documents\geeks to go.wps
[2015/01/22 15:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/22 14:42:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/21 21:11:52 | 000,093,818 | ---- | M] () -- C:\Users\Kelly\AppData\Local\recently-used.xbel
[2015/01/21 08:15:58 | 000,005,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 08:15:58 | 000,005,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 08:10:29 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/20 15:43:44 | 000,011,776 | ---- | M] () -- C:\Users\Kelly\Documents\wilson.wps
[2015/01/20 11:54:43 | 000,016,896 | ---- | M] () -- C:\Users\Kelly\Documents\Cross The Line Member Agreement 2.wps
[2015/01/19 21:46:56 | 000,031,232 | ---- | M] () -- C:\Users\Kelly\Documents\CROSS THE LINE CONTRACT DRAFT.wps
[2015/01/19 17:41:27 | 000,016,384 | ---- | M] () -- C:\Users\Kelly\Documents\Three Cheers For Five Years Lyrics.wps
[2015/01/19 13:01:35 | 000,013,824 | ---- | M] () -- C:\Users\Kelly\Documents\uptown funk lyrics.wps
[2015/01/16 12:53:52 | 286,060,936 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/01/15 19:54:48 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2015/01/15 17:40:42 | 000,010,752 | ---- | M] () -- C:\Users\Kelly\Documents\SSI username and password.wps
[2015/01/15 16:39:49 | 000,011,776 | ---- | M] () -- C:\Users\Kelly\Documents\believe lyrics.wps
[2015/01/15 15:29:30 | 000,002,236 | ---- | M] () -- C:\Users\Kelly\Documents\SSI payee confirmation2.pdf
[2015/01/15 12:48:55 | 000,010,752 | ---- | M] () -- C:\Users\Kelly\Documents\ad aware lavasoft registration key.wps
[2015/01/14 12:06:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/14 11:46:42 | 000,781,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/14 11:46:42 | 000,650,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/14 11:46:42 | 000,118,302 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/13 18:43:41 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/13 18:43:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/11 19:59:19 | 000,027,648 | ---- | M] () -- C:\Users\Kelly\Documents\autoruns symbols.wps
[2015/01/11 19:39:47 | 000,001,087 | ---- | M] () -- C:\Users\Kelly\Documents\Documents - Shortcut.lnk
[2015/01/11 10:28:54 | 002,931,184 | ---- | M] () -- C:\Users\Kelly\Documents\football mc logo transparent100 red background plus transparency 300dpi.xcf
[2015/01/11 00:47:30 | 000,009,216 | ---- | M] () -- C:\Users\Kelly\Documents\facebook happy birthday.wps
[2015/01/10 13:40:18 | 000,009,728 | ---- | M] () -- C:\Users\Kelly\Documents\jewelry cleaner.wps
[2015/01/10 13:33:59 | 000,012,800 | ---- | M] () -- C:\Users\Kelly\Documents\JEWELRY CLEANER2.wps
[2015/01/06 12:51:39 | 000,010,240 | ---- | M] () -- C:\Users\Kelly\Documents\capital one.wps
[2015/01/05 13:47:36 | 000,008,704 | ---- | M] () -- C:\Users\Kelly\Documents\stannie's address.wps
[2015/01/05 11:18:54 | 000,071,938 | ---- | M] () -- C:\Users\Kelly\Documents\high five hand with alpha.png
[2015/01/05 11:18:43 | 000,110,870 | ---- | M] () -- C:\Users\Kelly\Documents\high five hand with alpha.xcf
[2015/01/05 10:09:27 | 000,057,398 | ---- | M] () -- C:\Users\Kelly\Documents\high five for not killing you with transparency.png
[2015/01/05 10:09:09 | 000,116,755 | ---- | M] () -- C:\Users\Kelly\Documents\high five for not killing you.xcf
[2015/01/05 09:59:28 | 000,059,176 | ---- | M] () -- C:\Users\Kelly\Documents\high five for not killing you.png
[2015/01/04 20:27:40 | 000,120,557 | ---- | M] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY.xcf
[2015/01/04 20:16:47 | 000,117,597 | ---- | M] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY maybe.xcf
[2015/01/04 11:31:39 | 000,007,605 | ---- | M] () -- C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg
[2015/01/03 20:19:24 | 000,008,704 | ---- | M] () -- C:\Users\Kelly\Documents\Dish Info.wps
[2015/01/01 10:10:40 | 000,237,206 | ---- | M] () -- C:\Users\Kelly\Documents\Health Insurance - Jenny Morse Mandel.zip
[2014/12/29 13:00:40 | 004,147,416 | ---- | M] () -- C:\Users\Kelly\Documents\football mc logo transparent.xcf
[2014/12/27 23:20:33 | 000,012,800 | ---- | M] () -- C:\Users\Kelly\Documents\iexplore removal from ehow.wps
[2014/12/26 22:32:39 | 000,069,632 | ---- | M] () -- C:\Users\Kelly\Documents\log power shell.evtx
[2014/12/26 22:31:21 | 001,052,672 | ---- | M] () -- C:\Users\Kelly\Documents\event logs.evtx
[2014/12/26 16:52:31 | 000,011,776 | ---- | M] () -- C:\Users\Kelly\Documents\let it go lyrics.wps
[2014/12/24 11:47:44 | 000,047,104 | ---- | M] () -- C:\Users\Kelly\Documents\collage.wps
 
========== Files Created - No Company Name ==========
 
[2015/01/22 15:25:27 | 000,008,704 | ---- | C] () -- C:\Users\Kelly\Documents\geeks to go.wps
[2015/01/21 21:11:52 | 000,093,818 | ---- | C] () -- C:\Users\Kelly\AppData\Local\recently-used.xbel
[2015/01/20 15:43:43 | 000,011,776 | ---- | C] () -- C:\Users\Kelly\Documents\wilson.wps
[2015/01/20 11:54:42 | 000,016,896 | ---- | C] () -- C:\Users\Kelly\Documents\Cross The Line Member Agreement 2.wps
[2015/01/19 20:22:40 | 000,031,232 | ---- | C] () -- C:\Users\Kelly\Documents\CROSS THE LINE CONTRACT DRAFT.wps
[2015/01/19 17:41:26 | 000,016,384 | ---- | C] () -- C:\Users\Kelly\Documents\Three Cheers For Five Years Lyrics.wps
[2015/01/16 12:53:52 | 286,060,936 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/01/15 16:33:59 | 000,011,776 | ---- | C] () -- C:\Users\Kelly\Documents\believe lyrics.wps
[2015/01/15 15:29:30 | 000,002,236 | ---- | C] () -- C:\Users\Kelly\Documents\SSI payee confirmation2.pdf
[2015/01/15 12:48:54 | 000,010,752 | ---- | C] () -- C:\Users\Kelly\Documents\ad aware lavasoft registration key.wps
[2015/01/15 12:45:05 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2015/01/14 19:18:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/14 12:06:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/11 19:59:18 | 000,027,648 | ---- | C] () -- C:\Users\Kelly\Documents\autoruns symbols.wps
[2015/01/11 19:39:47 | 000,001,087 | ---- | C] () -- C:\Users\Kelly\Documents\Documents - Shortcut.lnk
[2015/01/11 10:41:10 | 000,013,824 | ---- | C] () -- C:\Users\Kelly\Documents\uptown funk lyrics.wps
[2015/01/11 10:28:54 | 002,931,184 | ---- | C] () -- C:\Users\Kelly\Documents\football mc logo transparent100 red background plus transparency 300dpi.xcf
[2015/01/10 13:33:59 | 000,012,800 | ---- | C] () -- C:\Users\Kelly\Documents\JEWELRY CLEANER2.wps
[2015/01/05 11:18:54 | 000,071,938 | ---- | C] () -- C:\Users\Kelly\Documents\high five hand with alpha.png
[2015/01/05 11:18:43 | 000,110,870 | ---- | C] () -- C:\Users\Kelly\Documents\high five hand with alpha.xcf
[2015/01/05 10:09:26 | 000,057,398 | ---- | C] () -- C:\Users\Kelly\Documents\high five for not killing you with transparency.png
[2015/01/05 09:59:27 | 000,059,176 | ---- | C] () -- C:\Users\Kelly\Documents\high five for not killing you.png
[2015/01/05 09:58:53 | 000,116,755 | ---- | C] () -- C:\Users\Kelly\Documents\high five for not killing you.xcf
[2015/01/04 20:16:47 | 000,117,597 | ---- | C] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY maybe.xcf
[2015/01/03 20:12:07 | 000,008,704 | ---- | C] () -- C:\Users\Kelly\Documents\Dish Info.wps
[2015/01/03 18:42:34 | 000,120,557 | ---- | C] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY.xcf
[2014/12/31 23:06:21 | 000,237,206 | ---- | C] () -- C:\Users\Kelly\Documents\Health Insurance - Jenny Morse Mandel.zip
[2014/12/29 12:56:50 | 004,147,416 | ---- | C] () -- C:\Users\Kelly\Documents\football mc logo transparent.xcf
[2014/12/27 23:20:33 | 000,012,800 | ---- | C] () -- C:\Users\Kelly\Documents\iexplore removal from ehow.wps
[2014/12/26 22:32:38 | 000,069,632 | ---- | C] () -- C:\Users\Kelly\Documents\log power shell.evtx
[2014/12/26 22:31:20 | 001,052,672 | ---- | C] () -- C:\Users\Kelly\Documents\event logs.evtx
[2014/12/26 16:52:31 | 000,011,776 | ---- | C] () -- C:\Users\Kelly\Documents\let it go lyrics.wps
[2014/12/24 11:47:44 | 000,047,104 | ---- | C] () -- C:\Users\Kelly\Documents\collage.wps
[2014/12/14 17:59:51 | 053,303,296 | ---- | C] () -- C:\Program Files (x86)\Silverlight.msp
[2014/10/10 21:35:00 | 000,007,605 | ---- | C] () -- C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg
[2014/09/21 18:53:55 | 000,027,947 | ---- | C] () -- C:\Users\Kelly\swimmernoback.xcf
[2014/06/24 18:28:46 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-KELLY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/06/13 13:06:29 | 000,001,102 | ---- | C] () -- C:\Program Files (x86)\AnvSoft - Shortcut.lnk
[2014/06/09 02:19:58 | 000,758,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/27 17:46:54 | 000,012,470 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2015/01/19 11:48:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/16 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\AnvSoft
[2015/01/16 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Audacity
[2014/11/22 09:46:06 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\AVG2015
[2014/09/28 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Doblon
[2014/06/10 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Oracle
[2014/12/17 09:23:15 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Panda Security
[2014/06/09 14:59:41 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Temp
[2014/05/27 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Template
[2014/05/30 08:34:56 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\TuneUp Software
[2014/07/18 08:13:09 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

 

Hi and thanks. Here is the Extras log:

 

OTL Extras logfile created on: 1/22/2015 3:58:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kelly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.93 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.46% Memory free
7.86 Gb Paging File | 5.81 Gb Available in Paging File | 73.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 247.29 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
 
Computer Name: KELLY-PC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C16063-607B-4B7F-89CA-E0DA65F221FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{094D4D87-48AE-4C67-BFC3-1CD29DA1A8B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{095DA52B-4A4B-4EF3-AE2C-632569563126}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B34BBEF-6B53-4994-9311-986223D4477C}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DEFB883-AB5A-4EFE-A8F2-7D29B8D29CE3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{321918D6-BE8F-473D-B0C8-DBD23805B618}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3ACC4182-9CAE-4130-B742-423C2A6F33E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{41A7D98E-7520-4027-A240-925A0D94D7F2}" = lport=139 | protocol=6 | dir=in | app=system |
"{44E22639-963E-4F60-B303-6FBDF990F975}" = lport=137 | protocol=17 | dir=in | app=system |
"{624F29C2-4B6D-4B66-9DD0-2ECA938CBF1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67F23FB4-D6E6-402B-A4DA-BAFF2AF25086}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6994657F-73DA-490A-B417-49BABB14BAF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D623210-A24D-493B-AAC1-20A91515F4F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74F2DE60-9132-42B7-BF14-FAFCC1E692D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{775AD816-1C72-4027-9DB5-B4FEBB3CA498}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77F073F4-0E47-4140-A0A0-D001EBD16EE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77FE3BDF-7F29-4AFB-B611-1D16F097A187}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B053284-B808-4D36-9857-8D254102896E}" = rport=138 | protocol=17 | dir=out | app=system |
"{7CE33628-BF52-40A2-A5E2-4513C7182EC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{88A44C9A-24C9-4371-8365-EDE74047284D}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{8DC109E4-974E-4489-8307-624D88C7B011}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C69F2CF-AE6D-4FCB-8AAA-6170C2457911}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D9B6EF8-8E52-4C06-BBB0-76A23F8F475C}" = rport=445 | protocol=6 | dir=out | app=system |
"{A02B3A68-0783-4FAA-9768-39BABDC8EABE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2C920D4-2F67-4A21-933F-2FA323FBF7F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B362179E-C259-4102-AAB3-B3856A9A3A12}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B54C877A-2B6A-4B9E-8BD0-1D1DA3708AC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B65A30D2-C94F-495B-93DF-30FDAA52A32F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCB9DF92-E7C2-4EDC-8D79-CB0F63AFBA17}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{C422D013-4E7E-41A1-8D43-1B1FEFCC97E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD073948-00F2-46CA-9486-08AF304F6DBA}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{CF44A257-AE4C-4A09-BCA0-46B445BBE297}" = rport=139 | protocol=6 | dir=out | app=system |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D514CBF0-019B-48C5-99DF-0C7E3C670556}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5857959-1C6E-43E6-A7F9-75931627A121}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA1FE76D-377D-4BDE-8957-7B7CD9648A1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBDA4FF0-1E4A-4B80-9FB2-6CCB0E242317}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{EE4E0D48-89FE-4A70-89E1-4EE21D6FDA3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3538A5D-E739-40DF-8E16-E0587702E5FD}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\wdexpress.exe |
"{F50BFED1-B13A-4ED9-A96B-B0D8540EB814}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018B1460-7FFA-4976-8061-7E9E69107693}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{0494849F-663E-4590-B4E5-6AAD17468B07}" = protocol=6 | dir=out | app=system |
"{066A6090-6094-4345-84A0-F1F353E50C72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B3DB9E1-2A11-4339-9501-18DE336B49AD}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{0E1E9C83-F34C-41F0-9105-3B32AB57C943}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{128D77D6-2C76-4809-B57C-F9E502911378}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17A4B59E-3195-4A79-A4F3-5335DF4B1385}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{18ACF084-E579-4B3F-9A92-83F43CC6216F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E8ADBC3-3BAC-4D76-81BE-B45E6CF2238C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22FD522B-6B76-4F50-8005-1F7E3F8D9805}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{26E1C9DF-E192-4A6F-B6DA-0BF63BB43D00}" = protocol=1 | dir=in | [email protected],-28543 |
"{27A8355E-E886-4D9A-AD26-9457BB202837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{287209BA-19B1-4244-B0FE-9545A0D198D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{28A3224E-26AF-43E4-8B1F-9C0A76DC3AED}" = protocol=58 | dir=in | [email protected],-28545 |
"{2ACCBA01-9AFA-4788-8042-6553F8065374}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31DF0805-3789-41E7-9655-9357AFEF8D42}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{349A1A51-BB53-40C0-8181-DC56D6F1A9FE}" = protocol=1 | dir=out | [email protected],-28544 |
"{3548DBC7-9869-4D76-AA68-2D0325432AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{39FDC151-8B06-4A14-B6FD-0E674C2C5D98}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B5B56BB-52F3-4936-BAD3-FD6ED57DC5E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42112DF0-7AB3-46A7-A19B-C42A5422A011}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A0B3F82-34BC-4115-BC7D-C666CC12D9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{578283D5-41FF-4FE0-B8C4-38CAEC72F9C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{591FF791-B802-4D40-84E2-5503E14FA6DD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5980535F-C8D9-488F-BD58-BB43406871E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65196E70-C515-47DC-A010-860E91199605}" = protocol=6 | dir=out | app=system |
"{6EA396F1-0F8D-4F59-B51F-B10D6D597809}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{74C8D90E-EEE3-41FD-91BF-1461CE4D7418}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{7C258521-3EDA-41F0-88EF-24E20F19194E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{860C08BF-CCB2-456E-8EB4-8CA6E2DA86E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87A85B45-7F72-4F90-8BE8-E9F6EECD6B15}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{8AAF36FA-9E56-4935-9B38-B7BC9378F182}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{942FF846-F5A0-4B13-83D9-D47F43CD140B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{943B1190-3523-49FE-9919-CCDE24E0B829}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9522A42F-D492-4704-88F6-F40D0EB57752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E2F669C-E415-466E-A8AD-2CD422A0E68E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3DF7D9C-E0FA-4756-8A4F-CD009DCF5695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7D64641-CA44-49B7-B5AF-5C1A2F0886FF}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{B199A37B-85DE-4108-8F8A-58269AFE5C55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B312F392-13E9-4C0D-BB5C-54C0931CD3E3}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{C178AF2C-FCDC-452B-9C93-2286F6F94FB2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C67A4085-450C-4CAF-B133-5DB19F5E4E25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CD428526-9B76-44EE-9F65-D53D761B1C77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D00EAAF3-D93B-4281-9C10-0947C57A3924}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D751A7B8-AE53-43A8-97EA-42EA0FA61C3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D793DCCE-BED9-4276-A993-5FEE4201D0A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D82BED42-B3BC-46E7-A65E-C25E2CC18EC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF3C6B5-8CB3-4671-A128-6FA912B095C6}" = protocol=58 | dir=out | [email protected],-28546 |
"{E5A50D0A-B822-4389-823C-00FCD2620D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{E9C9F621-4D61-44F2-B1AF-42C534E2FB44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ECC18F95-AF34-4A19-A978-20385EB01DEC}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{F327E091-B9EF-4FB4-8A98-4E0B9CB23C1D}" = dir=in | app=c:\users\kelly\appdata\local\microsoft\skydrive\skydrive.exe |
"{F461BEB1-9DDA-4985-A938-4DAEB20C1264}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F877DAA0-1CEA-4171-BD07-37C9F8127590}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8DC20D7-DF7E-4CAE-B9C0-16BB835E0EA8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}" = Microsoft SQL Server 2014 Management Objects  (x64)
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities
"{60391499-BB97-3FC7-9F17-2BF560DCE231}" = Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C06D6DB-A391-4686-B050-99CC522A7843}" = Microsoft System CLR Types for SQL Server 2014
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"GIMP-2_is1" = GIMP 2.8.10
"HDMI" = Intel® Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++  x64 Libraries
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1AA110-D758-30C1-A1B4-5484C72BCACE}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
"{21373064-AD95-48DB-A32E-0D9E08EF7355}" = Prerequisites for SSDT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{2774595F-BC2A-4B12-A25B-0C37A37049B0}" = Microsoft SQL Server 2014 Management Objects
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{47D08E7A-92A1-489B-B0BF-415516497BCE}" = Microsoft SQL Server 2014 T-SQL Language Service
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{4AEB505C-95E1-4964-9B64-8D27F3186D30}" = Microsoft System CLR Types for SQL Server 2014
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{64484316-E4BA-38B3-8954-0358522A8D40}" = Microsoft Visual Studio Express 2013 for Windows Desktop
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9E7DE17D-A9E2-4762-8C10-1E80F5976F4A}" = Microsoft Visual Studio 2013 Preparation
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++  x86 Libraries
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Any Video Converter_is1" = Any Video Converter 5.7.6
"Audacity_is1" = Audacity 2.0.3
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/13/2015 2:11:59 PM | Computer Name = Kelly-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa.
 PTR Kelly-PC.local.
 
Error - 1/15/2015 1:33:06 PM | Computer Name = Kelly-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17496 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: bfc    Start
 Time: 01d030e9235fb940    Termination Time: 0    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id: 8a74b007-9cdc-11e4-b209-00262265ba35 
 
Error - 1/15/2015 7:43:23 PM | Computer Name = Kelly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4  Faulting module name: msi.dll, version: 5.0.7601.18637, time
 stamp: 0x543c864f  Exception code: 0xc0000005  Fault offset: 0x00000000001f1046  Faulting
 process id: 0x478  Faulting application start time: 0x01d030eeea650c4f  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\system32\msi.dll  Report
 Id: 4ad3dc81-9d10-11e4-b197-00262265ba35
 
Error - 1/20/2015 2:28:20 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
 - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002 
 
Error - 1/20/2015 2:28:22 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
 - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002 
 
Error - 1/20/2015 2:51:49 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
 - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002 
 
Error - 1/20/2015 2:51:52 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
 - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002 
 
Error - 1/21/2015 9:40:10 PM | Computer Name = Kelly-PC | Source = Application Hang | ID = 1002
Description = The program gimp-2.8.exe version 2.8.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 519c    Start
 Time: 01d035e4405ea08c    Termination Time: 10    Application Path: C:\Program Files\GIMP
 2\bin\gimp-2.8.exe    Report Id: 95c7c72e-a1d7-11e4-95fa-00262265ba35 
 
Error - 1/22/2015 1:48:58 PM | Computer Name = Kelly-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Kits\8.0\bin\x64\makecat.exe.Manifest".  Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/22/2015 1:48:59 PM | Computer Name = Kelly-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Kits\8.0\bin\x86\makecat.exe.Manifest".  Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 1/22/2015 2:20:49 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
 following error:   %%1079
 
Error - 1/22/2015 2:20:49 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%1079
 
Error - 1/22/2015 2:21:35 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
 following error:   %%1079
 
Error - 1/22/2015 2:21:35 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%1079
 
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
 following error:   %%1079
 
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%1079
 
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
 following error:   %%1079
 
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%1079
 
Error - 1/22/2015 3:42:52 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
 following error:   %%1079
 
Error - 1/22/2015 3:42:52 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%1079
 
 
< End of report >

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kelly (administrator) on KELLY-PC on 23-01-2015 08:11:32
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly &  (Available profiles: Kelly)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(OldTimer Tools) C:\Users\Kelly\Desktop\OTL.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\ALU.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> {CB58EFCC-020E-4273-9EB9-4C8696A4541E} URL = https://search.yahoo...rtPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CB58EFCC-020E-4273-9EB9-4C8696A4541E} URL = https://search.yahoo...rtPage?}&fr=ie8
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.n...X_WEB_Win32.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 08:11 - 2015-01-23 08:12 - 00012395 _____ () C:\Users\Kelly\Desktop\FRST.txt
2015-01-23 08:11 - 2015-01-23 08:11 - 00000000 ____D () C:\FRST
2015-01-23 08:08 - 2015-01-23 08:08 - 02126848 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe
2015-01-22 16:09 - 2015-01-22 19:27 - 00080416 _____ () C:\Users\Kelly\Desktop\Extras.Txt
2015-01-22 16:09 - 2015-01-22 16:09 - 00079502 _____ () C:\Users\Kelly\Desktop\OTL.Txt
2015-01-22 15:58 - 2015-01-22 15:58 - 00602112 _____ (OldTimer Tools) C:\Users\Kelly\Desktop\OTL.exe
2015-01-22 15:25 - 2015-01-22 15:25 - 00008704 _____ () C:\Users\Kelly\Documents\geeks to go.wps
2015-01-21 21:11 - 2015-01-21 21:11 - 00093818 _____ () C:\Users\Kelly\AppData\Local\recently-used.xbel
2015-01-20 15:43 - 2015-01-20 15:43 - 00011776 _____ () C:\Users\Kelly\Documents\wilson.wps
2015-01-20 11:54 - 2015-01-20 11:54 - 00016896 _____ () C:\Users\Kelly\Documents\Cross The Line Member Agreement 2.wps
2015-01-20 11:51 - 2015-01-20 11:52 - 00030503 _____ () C:\Users\Kelly\Downloads\Band Member Agreement Take 2.zip
2015-01-19 20:22 - 2015-01-19 21:46 - 00031232 _____ () C:\Users\Kelly\Documents\CROSS THE LINE CONTRACT DRAFT.wps
2015-01-19 20:12 - 2015-01-19 20:12 - 00032374 _____ () C:\Users\Kelly\Downloads\Draft Band Member Agreement.zip
2015-01-19 17:41 - 2015-01-19 17:41 - 00016384 _____ () C:\Users\Kelly\Documents\Three Cheers For Five Years Lyrics.wps
2015-01-16 12:54 - 2015-01-16 12:54 - 00270720 _____ () C:\Windows\Minidump\011615-41199-01.dmp
2015-01-16 12:54 - 2015-01-16 12:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-16 12:53 - 2015-01-16 12:53 - 286060936 _____ () C:\Windows\MEMORY.DMP
2015-01-15 19:33 - 2015-01-15 19:33 - 00000622 _____ () C:\Users\Kelly\Downloads\takeownership.zip
2015-01-15 16:33 - 2015-01-15 16:39 - 00011776 _____ () C:\Users\Kelly\Documents\believe lyrics.wps
2015-01-15 12:54 - 2015-01-15 12:54 - 00000000 ____D () C:\ProgramData\BitDefender
2015-01-15 12:48 - 2015-01-15 12:48 - 00010752 _____ () C:\Users\Kelly\Documents\ad aware lavasoft registration key.wps
2015-01-15 12:45 - 2015-01-15 19:54 - 00002288 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-15 12:45 - 2015-01-15 19:54 - 00002288 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2015-01-15 12:45 - 2015-01-15 12:45 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Lavasoft
2015-01-15 12:45 - 2015-01-15 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-15 12:41 - 2015-01-15 12:41 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-15 12:40 - 2015-01-15 12:40 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-15 12:38 - 2015-01-15 12:38 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-14 20:36 - 2015-01-14 20:36 - 01054400 _____ (Adobe) C:\Users\Kelly\Downloads\install_flashplayer16x32ax_chrd_dn_awa_aih.exe
2015-01-14 19:18 - 2015-01-23 08:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 19:18 - 2015-01-22 22:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 19:18 - 2015-01-22 22:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 19:18 - 2015-01-22 22:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 12:55 - 2015-01-14 12:55 - 00003114 _____ () C:\Windows\System32\Tasks\{D4A4982A-88D2-470E-8CF6-7CB6E19C996A}
2015-01-14 12:06 - 2015-01-22 19:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 12:06 - 2015-01-16 15:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 12:06 - 2015-01-14 12:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 12:06 - 2015-01-14 12:06 - 00001109 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 12:06 - 2015-01-14 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 12:06 - 2015-01-14 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 12:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 12:06 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 12:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 18:06 - 2015-01-13 18:06 - 00001469 _____ () C:\Users\Kelly\Documents\mwb 1.txt
2015-01-13 18:05 - 2015-01-13 18:05 - 00000000 ____D () C:\Users\Kelly\Documents\Malwarebytes scan log results
2015-01-11 20:02 - 2015-01-16 15:41 - 00000000 ____D () C:\Users\Kelly\Downloads\Autoruns best
2015-01-11 20:01 - 2015-01-11 20:01 - 00511633 _____ () C:\Users\Kelly\Downloads\Autoruns best.zip
2015-01-11 19:59 - 2015-01-11 19:59 - 00027648 _____ () C:\Users\Kelly\Documents\autoruns symbols.wps
2015-01-11 19:39 - 2015-01-11 19:39 - 00001087 _____ () C:\Users\Kelly\Documents\Documents - Shortcut.lnk
2015-01-11 10:41 - 2015-01-19 13:01 - 00013824 _____ () C:\Users\Kelly\Documents\uptown funk lyrics.wps
2015-01-11 10:28 - 2015-01-11 10:28 - 02931184 _____ () C:\Users\Kelly\Documents\football mc logo transparent100 red background plus transparency 300dpi.xcf
2015-01-10 23:48 - 2015-01-10 23:49 - 00654928 _____ () C:\Users\Kelly\Documents\kaspersky report2.txt
2015-01-10 23:48 - 2015-01-10 23:48 - 00654928 _____ () C:\Users\Kelly\Documents\kaspersky report1.txt
2015-01-10 18:50 - 2015-01-10 18:50 - 00000886 _____ () C:\Users\Kelly\Downloads\exe_fix_w7.zip
2015-01-10 13:33 - 2015-01-10 13:33 - 00012800 _____ () C:\Users\Kelly\Documents\JEWELRY CLEANER2.wps
2015-01-05 11:18 - 2015-01-05 11:18 - 00110870 _____ () C:\Users\Kelly\Documents\high five hand with alpha.xcf
2015-01-05 09:58 - 2015-01-05 10:09 - 00116755 _____ () C:\Users\Kelly\Documents\high five for not killing you.xcf
2015-01-04 20:16 - 2015-01-04 20:16 - 00117597 _____ () C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY maybe.xcf
2015-01-03 20:12 - 2015-01-03 20:19 - 00008704 _____ () C:\Users\Kelly\Documents\Dish Info.wps
2015-01-03 18:42 - 2015-01-04 20:27 - 00120557 _____ () C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY.xcf
2014-12-31 23:06 - 2015-01-01 10:10 - 00237206 _____ () C:\Users\Kelly\Documents\Health Insurance - Jenny Morse Mandel.zip
2014-12-29 12:56 - 2014-12-29 13:00 - 04147416 _____ () C:\Users\Kelly\Documents\football mc logo transparent.xcf
2014-12-27 23:20 - 2014-12-27 23:20 - 00012800 _____ () C:\Users\Kelly\Documents\iexplore removal from ehow.wps
2014-12-26 22:32 - 2014-12-26 22:32 - 00069632 _____ () C:\Users\Kelly\Documents\log power shell.evtx
2014-12-26 22:31 - 2014-12-26 22:31 - 01052672 _____ () C:\Users\Kelly\Documents\event logs.evtx
2014-12-26 16:57 - 2015-01-21 08:10 - 00001456 _____ () C:\Windows\setupact.log
2014-12-26 16:57 - 2014-12-26 16:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 16:52 - 2014-12-26 16:52 - 00011776 _____ () C:\Users\Kelly\Documents\let it go lyrics.wps
2014-12-24 11:47 - 2014-12-24 11:47 - 00047104 _____ () C:\Users\Kelly\Documents\collage.wps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 08:03 - 2014-05-26 00:08 - 01321941 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 18:47 - 2014-06-06 18:32 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-22 15:25 - 2014-05-27 17:46 - 00012470 _____ () C:\Users\Kelly\AppData\Roaming\wklnhst.dat
2015-01-21 21:46 - 2014-07-12 11:10 - 00000000 ____D () C:\Users\Kelly\.gimp-2.8
2015-01-21 21:11 - 2014-07-12 11:28 - 00000000 ____D () C:\Users\Kelly\AppData\Local\gtk-2.0
2015-01-21 08:15 - 2014-12-20 18:54 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 08:15 - 2014-12-20 18:54 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 08:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 12:29 - 2014-10-26 20:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-20 12:28 - 2014-12-14 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-01-20 12:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-20 12:26 - 2014-12-14 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-01-19 14:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-01-16 15:49 - 2009-08-28 05:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-16 15:49 - 2009-08-28 05:41 - 00000000 ____D () C:\Windows\OOBEOffer
2015-01-16 15:49 - 2009-08-28 05:40 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sppui
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ras
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\icsxml
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ias
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-01-16 15:48 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2015-01-16 15:44 - 2014-05-26 00:07 - 00000000 ____D () C:\Windows\SysWOW64\x64
2015-01-16 15:44 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-16 15:44 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-16 15:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-01-16 15:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-01-16 15:43 - 2014-12-14 19:54 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-01-16 15:43 - 2014-07-29 11:17 - 00000000 ____D () C:\Windows\SysWOW64\20-20 Technologies
2015-01-16 15:43 - 2014-06-09 15:02 - 00000000 ____D () C:\Windows\system32\kodak
2015-01-16 15:43 - 2014-06-06 18:36 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2015-01-16 15:43 - 2014-05-30 11:13 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-16 15:43 - 2014-05-29 06:16 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-16 15:43 - 2014-05-26 00:07 - 00000000 ____D () C:\Windows\SysWOW64\Lang
2015-01-16 15:43 - 2009-08-28 06:03 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2015-01-16 15:43 - 2009-08-28 05:59 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\nti
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\winrm
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\WCN
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\slmgr
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-01-16 15:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-01-16 15:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-16 15:43 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spp
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spool
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\SMI
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\IME
2015-01-16 15:42 - 2014-12-20 20:19 - 00000000 ____D () C:\Windows\pss
2015-01-16 15:42 - 2014-12-14 19:54 - 00000000 ____D () C:\Windows\system32\1033
2015-01-16 15:42 - 2009-07-14 02:45 - 00000000 ____D () C:\Windows\ShellNew
2015-01-16 15:41 - 2014-12-20 19:15 - 00000000 ____D () C:\Users\Kelly\Desktop\mbar
2015-01-16 15:41 - 2014-12-06 20:36 - 00000000 ____D () C:\Users\Kelly\Downloads\ProcessExplorer
2015-01-16 15:41 - 2014-11-02 11:04 - 00000000 ____D () C:\Users\Kelly\Downloads\Autoruns
2015-01-16 15:41 - 2014-07-17 21:47 - 00000000 ____D () C:\Users\Kelly\AppData\Local\OurrarUdl
2015-01-16 15:41 - 2014-06-26 22:43 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Skype
2015-01-16 15:41 - 2014-06-13 12:56 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Audacity
2015-01-16 15:41 - 2014-06-08 16:27 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\AnvSoft
2015-01-16 15:41 - 2014-06-03 12:54 - 00000000 ____D () C:\Windows\en
2015-01-16 15:41 - 2014-05-25 21:19 - 00000000 ___RD () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-16 15:41 - 2014-05-25 21:19 - 00000000 ___RD () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 15:41 - 2009-08-28 06:28 - 00000000 ____D () C:\Windows\DeployWinRE
2015-01-16 15:38 - 2014-10-31 13:55 - 00000000 ____D () C:\Program Files\iTunes
2015-01-16 15:38 - 2014-09-22 10:32 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-16 15:38 - 2014-09-21 10:39 - 00000000 ____D () C:\Program Files\iPod
2015-01-16 15:38 - 2014-09-21 10:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-16 15:38 - 2014-07-24 10:50 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-16 15:38 - 2014-06-09 14:29 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Eastman_Kodak_Company
2015-01-16 15:38 - 2014-06-05 18:57 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Microsoft Help
2015-01-16 15:38 - 2014-06-03 12:50 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-16 15:38 - 2014-05-27 05:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-16 15:38 - 2014-05-25 21:27 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-16 15:38 - 2014-05-25 21:25 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-16 15:38 - 2009-08-28 06:04 - 00000000 ____D () C:\Program Files\Google
2015-01-16 15:38 - 2009-08-28 06:01 - 00000000 ____D () C:\Program Files\Gateway
2015-01-16 15:38 - 2009-08-28 05:40 - 00000000 ____D () C:\Program Files\Realtek
2015-01-16 15:38 - 2009-08-28 05:36 - 00000000 ____D () C:\Program Files\CONEXANT
2015-01-16 15:38 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-16 15:38 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-16 15:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-16 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-16 15:20 - 2009-08-28 06:06 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-16 15:15 - 2014-05-26 08:41 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-16 15:10 - 2014-06-09 02:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-16 15:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2015-01-16 14:55 - 2014-06-26 22:43 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Skype
2015-01-16 14:55 - 2014-06-24 09:33 - 00000000 ____D () C:\Users\Kelly\Documents\tweaking.com_windows_repair_aio
2015-01-16 14:55 - 2014-05-25 22:11 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Adobe
2015-01-16 14:55 - 2014-05-25 21:23 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Macromedia
2015-01-16 14:44 - 2009-08-28 05:46 - 00000000 ____D () C:\Program Files\Preload
2015-01-16 14:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-16 14:43 - 2014-12-14 19:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-16 14:43 - 2009-08-28 05:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-16 14:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2015-01-16 13:03 - 2014-05-25 21:19 - 00000000 ____D () C:\Users\Kelly
2015-01-15 17:40 - 2014-11-25 09:47 - 00010752 _____ () C:\Users\Kelly\Documents\SSI username and password.wps
2015-01-14 19:23 - 2009-08-28 06:09 - 00991424 _____ () C:\Windows\PFRO.log
2015-01-14 19:18 - 2014-06-11 16:44 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Adobe
2015-01-14 17:38 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default
2015-01-14 17:00 - 2014-09-04 10:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Eastman_Kodak_Company
2015-01-14 17:00 - 2014-09-04 10:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Eastman_Kodak_Company
2015-01-14 12:57 - 2009-08-28 05:41 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-14 12:57 - 2009-08-28 05:41 - 00000000 ____D () C:\Program Files (x86)\Gateway Games
2015-01-14 12:57 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 12:55 - 2009-08-28 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2015-01-14 12:55 - 2009-08-28 05:41 - 00000000 ____D () C:\Program Files (x86)\Gateway
2015-01-14 12:54 - 2014-06-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-14 11:46 - 2009-07-14 00:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 18:43 - 2014-05-25 22:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 18:43 - 2014-05-25 22:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 17:52 - 2014-12-12 12:04 - 00000000 ____D () C:\Users\Kelly\AppData\Local\FileTypeAssistant
2015-01-13 16:31 - 2014-05-25 22:57 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 16:31 - 2014-05-25 22:56 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-11 18:05 - 2009-08-28 05:39 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-01-11 18:05 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 18:03 - 2014-12-12 16:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-11 18:03 - 2009-08-28 05:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-11 18:03 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-11 17:54 - 2014-12-07 16:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2015-01-11 17:54 - 2014-11-30 12:33 - 00000000 ____D () C:\Windows\erdnt
2015-01-11 17:54 - 2014-11-28 17:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 17:54 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Performance
2015-01-11 17:54 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2015-01-11 17:53 - 2014-06-04 14:58 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-11 17:53 - 2014-06-03 12:43 - 00000000 ___RD () C:\Users\Kelly\OneDrive
2015-01-11 17:50 - 2014-11-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-11 17:50 - 2014-07-17 21:40 - 00000000 ____D () C:\Program Files (x86)\YoutubeMusicDownloader
2015-01-11 17:50 - 2014-06-26 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-11 17:50 - 2014-05-25 21:25 - 00000000 ____D () C:\Program Files (x86)\Video Web Camera
2015-01-11 17:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-01-11 17:49 - 2014-09-22 10:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-11 17:49 - 2014-09-22 10:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-11 17:49 - 2014-09-21 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-11 17:49 - 2014-06-13 12:56 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-11 17:49 - 2014-06-09 14:19 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-01-11 17:49 - 2014-06-06 16:44 - 00000000 ____D () C:\Audio_Realtek_6.0.1.5904_Win7x86x64_NV74
2015-01-11 17:49 - 2014-06-03 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-11 17:49 - 2014-05-27 05:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-11 17:49 - 2009-08-28 06:26 - 00000000 ____D () C:\OEM
2015-01-11 17:49 - 2009-08-28 06:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-11 17:49 - 2009-08-28 05:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-11 16:20 - 2014-10-25 19:18 - 00000000 ____D () C:\Users\Administrator
2015-01-11 16:20 - 2014-06-24 18:27 - 00000000 ____D () C:\RegBackup
2015-01-11 16:16 - 2014-12-14 20:08 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-01-11 16:14 - 2009-08-28 05:36 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-11 16:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-11 16:13 - 2009-08-28 05:59 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-01-11 16:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-11 16:11 - 2014-12-14 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-11 16:10 - 2014-12-14 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-01-11 16:09 - 2014-08-05 09:25 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-11 16:06 - 2014-06-08 16:26 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-01-11 16:06 - 2009-08-28 06:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-11 16:04 - 2009-08-28 05:46 - 00000000 __RHD () C:\MSOCache
2015-01-11 00:47 - 2014-06-19 12:15 - 00009216 _____ () C:\Users\Kelly\Documents\facebook happy birthday.wps
2015-01-10 13:40 - 2014-06-19 12:55 - 00009728 _____ () C:\Users\Kelly\Documents\jewelry cleaner.wps
2015-01-08 09:55 - 2014-05-25 21:31 - 00298120 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 12:51 - 2014-08-02 16:03 - 00010240 _____ () C:\Users\Kelly\Documents\capital one.wps
2015-01-05 13:47 - 2014-11-03 14:20 - 00008704 _____ () C:\Users\Kelly\Documents\stannie's address.wps
2015-01-04 11:31 - 2014-10-10 21:35 - 00007605 _____ () C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg
2014-12-31 22:21 - 2014-11-30 12:33 - 00000000 ___RD () C:\Qoobox
2014-12-31 22:13 - 2014-06-08 16:28 - 00000000 ____D () C:\Users\Kelly\.cache
2014-12-27 22:44 - 2014-06-11 16:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======
2014-06-13 13:06 - 2014-06-13 13:06 - 0001102 _____ () C:\Program Files (x86)\AnvSoft - Shortcut.lnk
2014-12-14 17:59 - 2014-12-12 13:33 - 53303296 _____ () C:\Program Files (x86)\Silverlight.msp
2014-05-27 17:46 - 2015-01-22 15:25 - 0012470 _____ () C:\Users\Kelly\AppData\Roaming\wklnhst.dat
2014-06-06 16:38 - 2014-06-06 16:39 - 0005104 _____ () C:\Users\Kelly\AppData\Local\HWVendorDetection.log
2014-06-09 14:30 - 2014-06-09 14:30 - 0000236 _____ () C:\Users\Kelly\AppData\Local\LaunchHomeCenter.log
2015-01-21 21:11 - 2015-01-21 21:11 - 0093818 _____ () C:\Users\Kelly\AppData\Local\recently-used.xbel
2014-10-10 21:35 - 2015-01-04 11:31 - 0007605 _____ () C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 09:30

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Kelly at 2015-01-23 08:12:37
Running from C:\Users\Kelly\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Gateway Incorporated)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.56 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Gateway)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1519497777-177528772-3543348537-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.46.715 - Chicony Electronics Co.,Ltd.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-12-2014 08:30:55 Windows Update
06-12-2014 07:52:39 Windows Update
07-12-2014 10:24:17 Windows Update
07-12-2014 14:29:15 Restore Operation
12-12-2014 12:05:05 avast! antivirus system restore point
12-12-2014 12:25:44 Windows Update
12-12-2014 13:13:55 Windows Update
13-12-2014 10:21:33 Windows Update
14-12-2014 09:57:55 Windows Update
14-12-2014 10:44:26 avast! antivirus system restore point
14-12-2014 19:20:27 Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
14-12-2014 22:31:44 Removed Prerequisites for SSDT
15-12-2014 09:32:13 Windows Update
16-12-2014 08:35:29 Windows Update
16-12-2014 09:49:42 AA11
17-12-2014 08:32:14 Windows Update
17-12-2014 12:19:18 AA11
18-12-2014 07:51:39 Windows Update
19-12-2014 07:41:16 Windows Update
19-12-2014 07:51:49 AA11
20-12-2014 07:58:42 Windows Update
21-12-2014 09:56:17 Windows Update
22-12-2014 03:00:12 Windows Update
23-12-2014 03:00:11 Windows Update
23-12-2014 18:06:22 Restore Operation
24-12-2014 09:14:51 Windows Update
25-12-2014 09:12:34 Windows Update
27-12-2014 09:56:21 Windows Update
28-12-2014 09:29:46 Windows Update
28-12-2014 20:35:43 Windows Update
28-12-2014 20:44:54 Windows Update
05-01-2015 10:56:08 Scheduled Checkpoint
11-01-2015 11:02:17 Restore Operation
14-01-2015 11:49:05 AA11
14-01-2015 12:50:04 Removed Microsoft SQL Server Data Tools - enu (12.0.41012.0)
14-01-2015 12:51:44 Removed Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
14-01-2015 12:52:40 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom
14-01-2015 12:53:44 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU
15-01-2015 12:38:55 AA11
16-01-2015 08:47:14 Restore Operation
20-01-2015 12:15:58 Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
20-01-2015 12:22:37 Visual Studio 2013 Update 4 (KB2829760)
21-01-2015 08:35:12 Windows Backup
21-01-2015 09:34:37 Windows Backup
21-01-2015 09:36:24 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-06-24 19:24 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E5FADD6-5ACE-4E38-BDC8-5CF9B10BAEE5} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {2A4A440E-1036-4878-A0F6-12A027F3995D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
Task: {378949AC-89B1-4D4D-B05D-434D7A869A42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {6E2B8484-9A71-47C9-BB8E-A21FC4A3CEFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {9E3ECC7B-242E-47F1-ACED-F53943DEBE87} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {A5CCFA8A-9225-4A5E-884D-60CA6256BFC2} - System32\Tasks\{D4A4982A-88D2-470E-8CF6-7CB6E19C996A} => pcalua.exe -a "C:\Program Files (x86)\Gateway\Identity Card\Uninstall.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files (x86)\Video Web Camera\traybar.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1519497777-177528772-3543348537-500 - Administrator - Disabled)
Guest (S-1-5-21-1519497777-177528772-3543348537-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1519497777-177528772-3543348537-1002 - Limited - Enabled)
Kelly (S-1-5-21-1519497777-177528772-3543348537-1001 - Administrator - Enabled) => C:\Users\Kelly

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 00:48:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"1".
Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 00:48:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"1".
Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 08:40:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program gimp-2.8.exe version 2.8.10.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 519c

Start Time: 01d035e4405ea08c

Termination Time: 10

Application Path: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Report Id: 95c7c72e-a1d7-11e4-95fa-00262265ba35

Error: (01/20/2015 01:51:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error: (01/20/2015 01:51:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error: (01/20/2015 01:28:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error: (01/20/2015 01:28:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error: (01/15/2015 06:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: msi.dll, version: 5.0.7601.18637, time stamp: 0x543c864f
Exception code: 0xc0000005
Fault offset: 0x00000000001f1046
Faulting process id: 0x478
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/15/2015 00:33:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bfc

Start Time: 01d030e9235fb940

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 8a74b007-9cdc-11e4-b209-00262265ba35

Error: (01/13/2015 01:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

System errors:
=============
Error: (01/23/2015 08:02:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079

Error: (01/23/2015 08:02:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079

Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079

Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079

Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079

Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079

Error: (01/22/2015 10:28:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079

Error: (01/22/2015 10:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079

Error: (01/22/2015 10:28:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079

Error: (01/22/2015 10:28:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-30 13:01:33.554
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-30 13:01:33.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-29 18:10:33.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 18:10:33.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-28 16:16:24.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-28 16:16:24.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 60%
Total physical RAM: 4025.98 MB
Available physical RAM: 1586.44 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 5475 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:453.66 GB) (Free:246.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C170412A)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe  1,148 K 3,852 K 1204 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ehmsas.exe  1,744 K 5,568 K 3852 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
EKPrinterSDK.exe  1,732 K 5,124 K 1808 Status Monitor SDK for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
ePowerSvc.exe  1,896 K 4,968 K 1608 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
FlashUtil64_16_0_0_257_ActiveX.exe  4,028 K 9,968 K 20828 Adobe® Flash® Player Installer/Uninstaller 16.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
lsm.exe  2,568 K 4,244 K 584   
mbamscheduler.exe  4,640 K 9,704 K 1840 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe  345,800 K 73,760 K 2004 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
MsSpellCheckingFacility.exe  3,464 K 8,704 K 17500 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
notepad.exe  1,744 K 6,476 K 4092   
notepad.exe  9,352 K 24,872 K 7516   
procexp.exe  2,212 K 7,144 K 10652 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
services.exe  6,480 K 12,664 K 504   
smss.exe  448 K 1,092 K 256   
svchost.exe  1,076 K 2,932 K 1580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,324 K 3,488 K 1764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  4,068 K 8,692 K 1628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,352 K 4,112 K 1256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,304 K 5,696 K 2540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  5,104 K 10,504 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe  1,216 K 4,004 K 1656 Acer Update Service Acer (Verified) Acer Incorporated
wininit.exe  1,480 K 4,404 K 456   
winlogon.exe  2,804 K 7,136 K 544   
WLIDSVCM.EXE  1,208 K 3,212 K 2284   
svchost.exe < 0.01 44,648 K 29,264 K 2056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 14,884 K 18,500 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
OTL.exe < 0.01 14,848 K 28,216 K 5632   
csrss.exe < 0.01 3,240 K 5,316 K 392   
svchost.exe < 0.01 5,484 K 9,408 K 756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,680 K 13,288 K 1680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 155,304 K 162,608 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IScheduleSvc.exe 0.01 4,900 K 9,652 K 2040 Backup Manager Module NewTech Infosystems, Inc. (Verified) NewTech Infosystems
EKIJ5000MUI.exe 0.01 4,248 K 10,712 K 3836 Status Monitor for KODAK AiO Printer (64-Bit AMD Athlon™/Opteron™ Build) Eastman Kodak Company (No signature was present in the subject) Eastman Kodak Company
svchost.exe 0.01 24,324 K 27,636 K 740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 24,240 K 38,656 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 0.01 6,896 K 15,748 K 2120   
svchost.exe 0.01 25,308 K 25,952 K 844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.02 58,796 K 63,944 K 2148 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.02 30,172 K 62,924 K 10968 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 0.02 4,496 K 11,740 K 1236 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 0.04 14,692 K 23,284 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.05 9,556 K 16,868 K 576 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
GregHSRW.exe 0.07 1,492 K 4,816 K 1704 Global Registration Service Acer Incorporated (Verified) Acer Incorporated
iexplore.exe 0.15 75,760 K 92,616 K 8340 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
EKAiOHostService.exe 0.24 26,564 K 32,788 K 1784 EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
spoolsv.exe 0.30 13,196 K 23,164 K 1088 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.37 100,536 K 127,504 K 704 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ALU.exe 0.40 46,380 K 70,076 K 13700 Updater Client Acer (Verified) Acer Incorporated
taskhost.exe 0.69 17,100 K 21,264 K 2612 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
System 0.84 2,284 K 107,480 K 4   
csrss.exe 1.45 2,796 K 51,692 K 472   
mbam.exe 2.29 40,040 K 60,264 K 2180   
Interrupts 2.90 0 K 0 K n/a Hardware Interrupts and DPCs  
dwm.exe 3.67 66,796 K 46,356 K 2512 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 13.42 23,512 K 45,036 K 20904 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
iexplore.exe 22.95 215,988 K 258,148 K 7824 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 50.02 0 K 24 K 0   

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-01-23 08:36:25
-----------------------------
08:36:25.051    OS Version: Windows x64 6.1.7601 Service Pack 1
08:36:25.051    Number of processors: 2 586 0x170A
08:36:25.051    ComputerName: KELLY-PC  UserName: Kelly
08:36:26.455    Initialize success
08:36:26.533    VM: initialized successfully
08:36:26.533    VM: Intel CPU virtualization not supported
08:44:14.351    AVAST engine defs: 15012300
08:44:52.415    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:44:52.415    Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
08:44:52.555    Disk 0 MBR read successfully
08:44:52.571    Disk 0 MBR scan
08:44:52.571    Disk 0 Windows 7 default MBR code
08:44:52.586    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
08:44:52.602    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          101 MB offset 25173855
08:44:52.602    Disk 0 default boot code
08:44:52.633    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       464545 MB offset 25382700
08:44:52.758    Disk 0 scanning C:\Windows\system32\drivers
08:45:01.603    Service scanning
08:45:37.329    Modules scanning
08:45:38.749    AVAST engine scan C:\Windows
08:45:41.697    AVAST engine scan C:\Windows\system32
08:49:32.177    AVAST engine scan C:\Windows\system32\drivers
08:49:43.721    AVAST engine scan C:\Users\Kelly
09:06:42.969    AVAST engine scan C:\ProgramData
09:07:48.817    Disk 0 statistics 4671664/0/0 @ 2.10 MB/s
09:07:48.817    Scan finished successfully
09:09:00.889    Disk 0 MBR has been saved successfully to "C:\Users\Kelly\Desktop\MBR.dat"
09:09:00.889    The log file has been saved successfully to "C:\Users\Kelly\Desktop\aswMBR.txt"

 


Edited by tink03, 23 January 2015 - 08:11 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

If you have the Extras log that was generated the first time you ran OTL, I could use it.  

 

Also  

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

     
     
     
    Download aswMBR.exe  to your desktop.
    Right click aswMBR.exe and Run as Administrator
    uncheck trace disk IO calls
    Click the "Scan" button to start scan (Accept the Avast Engine)
    On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
    If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
     

    • 0

    #3
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

     

    If you have the Extras log that was generated the first time you ran OTL, I could use it.  

     

    Also  

     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    •  
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
    • Press Scan button. 
    • It will produce a log called FRST.txt in the same directory the tool is run from.  
    • Please copy and paste log back here. 
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
     
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

     
     
     
    Download aswMBR.exe  to your desktop.
    Right click aswMBR.exe and Run as Administrator
    uncheck trace disk IO calls
    Click the "Scan" button to start scan (Accept the Avast Engine)
    On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
    If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
     

     

    I did that a few days ago, but I'm not sure if I'm posting right. I've never used this site before. The information you requested is there now. Thanks for helping!


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Does it really say Windows Shell Commor or should the last word be Common?

     

    In the future just post your logs in a new reply.  If you go back and edit an old post I do not get notified.  I see several problems.  IE is causing a big slowdown.  I'm going to use FRST to clean it up and see if that will help.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    I see problems with your install of Microsoft Visual Studio Express 2013.  You should  uninstall it, run the System Update Readiness Tool 
     
    and then reinstall it.   Once you have done that:
     
     
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    In either case continue below:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
    Then use the 'Number of events' as follows:
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Run the built-in memory test:
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
    Run Process Explorer again as before and post a new log.
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    I do not see an anti-virus.  Please install the free Avast:
     
     
    Download, Save, and right click and Run As Administrator.
     
    You should uncheck any optional software such as the Google toolbar, Chrome or Dropbox.
     
    Then tonight while you sleep (it can take 6 hours or more) run a boot-time scan.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

    • 0

    #5
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

     

    Does it really say Windows Shell Commor or should the last word be Common?

     

    In the future just post your logs in a new reply.  If you go back and edit an old post I do not get notified.  I see several problems.  IE is causing a big slowdown.  I'm going to use FRST to clean it up and see if that will help.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    I see problems with your install of Microsoft Visual Studio Express 2013.  You should  uninstall it, run the System Update Readiness Tool 
     
    and then reinstall it.   Once you have done that:
     
     
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    In either case continue below:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
    Then use the 'Number of events' as follows:
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Run the built-in memory test:
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
    Run Process Explorer again as before and post a new log.
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    I do not see an anti-virus.  Please install the free Avast:
     
     
    Download, Save, and right click and Run As Administrator.
     
    You should uncheck any optional software such as the Google toolbar, Chrome or Dropbox.
     
    Then tonight while you sleep (it can take 6 hours or more) run a boot-time scan.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

     

     

     

    Does it really say Windows Shell Commor or should the last word be Common?

     

    In the future just post your logs in a new reply.  If you go back and edit an old post I do not get notified.  I see several problems.  IE is causing a big slowdown.  I'm going to use FRST to clean it up and see if that will help.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    I see problems with your install of Microsoft Visual Studio Express 2013.  You should  uninstall it, run the System Update Readiness Tool 
     
    and then reinstall it.   Once you have done that:
     
     
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    In either case continue below:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
    Then use the 'Number of events' as follows:
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Run the built-in memory test:
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
    Run Process Explorer again as before and post a new log.
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    I do not see an anti-virus.  Please install the free Avast:
     
     
    Download, Save, and right click and Run As Administrator.
     
    You should uncheck any optional software such as the Google toolbar, Chrome or Dropbox.
     
    Then tonight while you sleep (it can take 6 hours or more) run a boot-time scan.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

     

    Hi. Yes, it actually said Windows Shell Commor, which is probably the cause of a lot of the problems on this computer. When I started looking into it, that's when I noticed that a lot of the applications and app extensions had the little blue bolt icon by them. I started following your instructions and got as far as downloading the System Update Readiness Tool. It's trying to download, but it says I have 9% downloaded so far and 1 hr. and 36 minutes left. Another thing I noticed was that when I tried to do something, and at this point I can't remember what it was, I got an error 1068. It said either my PNRPsvc or the Peer Networking Identity Manager wasn't started. I ran the Fixit for that, but can't restart my computer because I don't want to shut it down with this download running. Every time I leave my computer for a few hours, or for the night, something changes the file and folder permissions. It's exhausting! Lol. I really hope you can help me. I just checked and the download is still going at a very slow rate. Its been stuck at 24% (1 hr 26 min remaining) for quite a while now. Not sure if it will ever finish...


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Doesn't sound good.  Let's go back to basics.  Close the download.  Then let's see if we can pass the disk check:

     

     
    1. Double-click  Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.

     

     

    In Either case:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Also let's check the memory with the builtin test:
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     

    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    In addition to the previous post:

     

    I just figured out where the Windows Shell Commor comes from.  It's actually Windows Shell Common DLL which is used if it has no idea what program to use to open a file with that extension.  Part of it is covered up with the Change button.  If you click on Commor you can slide to the right and see the rest of it.

     

     

     

    so what is happening is you are losing your file associations.  Either the hard drive has a problem, the memory is going bad or you have some stupid program going insane and overwriting the registry.The steps above will look for a bad hard drive, bad RAM and overheating.  Hopefully you are not running a registry cleaner.


    • 0

    #8
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

    In addition to the previous post:

     

    I just figured out where the Windows Shell Commor comes from.  It's actually Windows Shell Common DLL which is used if it has no idea what program to use to open a file with that extension.  Part of it is covered up with the Change button.  If you click on Commor you can slide to the right and see the rest of it.

     

    attachicon.gifcommor.jpg

     

    attachicon.gifcommon.jpg

     

    so what is happening is you are losing your file associations.  Either the hard drive has a problem, the memory is going bad or you have some stupid program going insane and overwriting the registry.The steps above will look for a bad hard drive, bad RAM and overheating.  Hopefully you are not running a registry cleaner.

     

     

    Does it really say Windows Shell Commor or should the last word be Common?

     

    In the future just post your logs in a new reply.  If you go back and edit an old post I do not get notified.  I see several problems.  IE is causing a big slowdown.  I'm going to use FRST to clean it up and see if that will help.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    I see problems with your install of Microsoft Visual Studio Express 2013.  You should  uninstall it, run the System Update Readiness Tool 
     
    and then reinstall it.   Once you have done that:
     
     
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    In either case continue below:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
    Then use the 'Number of events' as follows:
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Run the built-in memory test:
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
    Run Process Explorer again as before and post a new log.
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    I do not see an anti-virus.  Please install the free Avast:
     
     
    Download, Save, and right click and Run As Administrator.
     
    You should uncheck any optional software such as the Google toolbar, Chrome or Dropbox.
     
    Then tonight while you sleep (it can take 6 hours or more) run a boot-time scan.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

     

    I did the check disk and it ran for almost 4 hours. This has been a hellish day, and I've been in and out, so I apologize for the delay. I did the sfc /scannow and it couldn't fix everything. Here is what was copied to Notebook:

    2014-12-28 20:38:16, Info                  CSI    00000009 [SR] Verifying 1 components
    2014-12-28 20:38:16, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2014-12-28 20:38:16, Info                  CSI    0000000c [SR] Verify complete
    2014-12-28 20:43:15, Info                  CSI    0000000d [SR] Verifying 1 components
    2014-12-28 20:43:15, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:15, Info                  CSI    00000010 [SR] Verify complete
    2014-12-28 20:43:48, Info                  CSI    00000011 [SR] Verifying 1 components
    2014-12-28 20:43:48, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:48, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:13:57, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:13:57, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:02, Info                  CSI    0000000c [SR] Verify complete
    2015-01-19 13:14:02, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:02, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:07, Info                  CSI    00000010 [SR] Verify complete
    2015-01-19 13:14:07, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:07, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:11, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:14:11, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:11, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:15, Info                  CSI    00000018 [SR] Verify complete
    2015-01-19 13:14:15, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:15, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:19, Info                  CSI    0000001c [SR] Verify complete
    2015-01-19 13:14:19, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:19, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:24, Info                  CSI    00000020 [SR] Verify complete
    2015-01-19 13:14:24, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:24, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:28, Info                  CSI    00000024 [SR] Verify complete
    2015-01-19 13:14:28, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:28, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:32, Info                  CSI    00000028 [SR] Verify complete
    2015-01-19 13:14:32, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:32, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:36, Info                  CSI    0000002c [SR] Verify complete
    2015-01-19 13:14:37, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:37, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:40, Info                  CSI    00000030 [SR] Verify complete
    2015-01-19 13:14:40, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:40, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:46, Info                  CSI    00000033 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000034 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000035 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000036 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000037 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000038 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000039 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    0000003a [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003b [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003c [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003d [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003e [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003f [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000040 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000041 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000042 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000043 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000044 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000045 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000046 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000047 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000048 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000049 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000004a [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    0000004c [SR] Verify complete
    2015-01-19 13:14:48, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:48, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:52, Info                  CSI    0000004f [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000050 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000051 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000052 [SR] This component was referenced by [l:182{91}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmf"
    2015-01-19 13:14:52, Info                  CSI    00000053 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000054 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmdm"
    2015-01-19 13:14:52, Info                  CSI    00000056 [SR] Verify complete
    2015-01-19 13:14:53, Info                  CSI    00000057 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:53, Info                  CSI    00000058 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:54, Info                  CSI    00000059 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:54, Info                  CSI    0000005a [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005b [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005c [SR] This component was referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1.2.0.2732487-2_neutral_GDR"
    2015-01-19 13:14:58, Info                  CSI    0000005d [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005e [SR] This component was referenced by [l:184{92}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcwia"
    2015-01-19 13:14:58, Info                  CSI    00000060 [SR] Verify complete
    2015-01-19 13:14:58, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:58, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:03, Info                  CSI    00000064 [SR] Verify complete
    2015-01-19 13:15:03, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:03, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:09, Info                  CSI    00000068 [SR] Verify complete
    2015-01-19 13:15:09, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:09, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:13, Info                  CSI    0000006c [SR] Verify complete
    2015-01-19 13:15:13, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:13, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:19, Info                  CSI    00000070 [SR] Verify complete
    2015-01-19 13:15:19, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:19, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:28, Info                  CSI    00000074 [SR] Verify complete
    2015-01-19 13:15:28, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:28, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:29, Info                  CSI    00000077 [SR] Cannot repair member file [l:22{11}]"BrSerIb.sys" of mdmbr005.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing

     

    I'll go on to the rest of your instructions now.


    • 0

    #9
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

     

    In addition to the previous post:

     

    I just figured out where the Windows Shell Commor comes from.  It's actually Windows Shell Common DLL which is used if it has no idea what program to use to open a file with that extension.  Part of it is covered up with the Change button.  If you click on Commor you can slide to the right and see the rest of it.

     

    attachicon.gifcommor.jpg

     

    attachicon.gifcommon.jpg

     

    so what is happening is you are losing your file associations.  Either the hard drive has a problem, the memory is going bad or you have some stupid program going insane and overwriting the registry.The steps above will look for a bad hard drive, bad RAM and overheating.  Hopefully you are not running a registry cleaner.

     

     

    Does it really say Windows Shell Commor or should the last word be Common?

     

    In the future just post your logs in a new reply.  If you go back and edit an old post I do not get notified.  I see several problems.  IE is causing a big slowdown.  I'm going to use FRST to clean it up and see if that will help.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    I see problems with your install of Microsoft Visual Studio Express 2013.  You should  uninstall it, run the System Update Readiness Tool 
     
    and then reinstall it.   Once you have done that:
     
     
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    In either case continue below:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
    Then use the 'Number of events' as follows:
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Run the built-in memory test:
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
    Run Process Explorer again as before and post a new log.
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    I do not see an anti-virus.  Please install the free Avast:
     
     
    Download, Save, and right click and Run As Administrator.
     
    You should uncheck any optional software such as the Google toolbar, Chrome or Dropbox.
     
    Then tonight while you sleep (it can take 6 hours or more) run a boot-time scan.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

     

    I did the check disk and it ran for almost 4 hours. This has been a hellish day, and I've been in and out, so I apologize for the delay. I did the sfc /scannow and it couldn't fix everything. Here is what was copied to Notebook:

    2014-12-28 20:38:16, Info                  CSI    00000009 [SR] Verifying 1 components
    2014-12-28 20:38:16, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2014-12-28 20:38:16, Info                  CSI    0000000c [SR] Verify complete
    2014-12-28 20:43:15, Info                  CSI    0000000d [SR] Verifying 1 components
    2014-12-28 20:43:15, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:15, Info                  CSI    00000010 [SR] Verify complete
    2014-12-28 20:43:48, Info                  CSI    00000011 [SR] Verifying 1 components
    2014-12-28 20:43:48, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:48, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:13:57, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:13:57, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:02, Info                  CSI    0000000c [SR] Verify complete
    2015-01-19 13:14:02, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:02, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:07, Info                  CSI    00000010 [SR] Verify complete
    2015-01-19 13:14:07, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:07, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:11, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:14:11, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:11, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:15, Info                  CSI    00000018 [SR] Verify complete
    2015-01-19 13:14:15, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:15, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:19, Info                  CSI    0000001c [SR] Verify complete
    2015-01-19 13:14:19, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:19, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:24, Info                  CSI    00000020 [SR] Verify complete
    2015-01-19 13:14:24, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:24, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:28, Info                  CSI    00000024 [SR] Verify complete
    2015-01-19 13:14:28, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:28, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:32, Info                  CSI    00000028 [SR] Verify complete
    2015-01-19 13:14:32, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:32, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:36, Info                  CSI    0000002c [SR] Verify complete
    2015-01-19 13:14:37, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:37, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:40, Info                  CSI    00000030 [SR] Verify complete
    2015-01-19 13:14:40, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:40, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:46, Info                  CSI    00000033 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000034 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000035 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000036 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000037 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000038 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000039 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    0000003a [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003b [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003c [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003d [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003e [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003f [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000040 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000041 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000042 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000043 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000044 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000045 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000046 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000047 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000048 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000049 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000004a [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    0000004c [SR] Verify complete
    2015-01-19 13:14:48, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:48, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:52, Info                  CSI    0000004f [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000050 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000051 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000052 [SR] This component was referenced by [l:182{91}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmf"
    2015-01-19 13:14:52, Info                  CSI    00000053 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000054 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmdm"
    2015-01-19 13:14:52, Info                  CSI    00000056 [SR] Verify complete
    2015-01-19 13:14:53, Info                  CSI    00000057 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:53, Info                  CSI    00000058 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:54, Info                  CSI    00000059 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:54, Info                  CSI    0000005a [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005b [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005c [SR] This component was referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1.2.0.2732487-2_neutral_GDR"
    2015-01-19 13:14:58, Info                  CSI    0000005d [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005e [SR] This component was referenced by [l:184{92}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcwia"
    2015-01-19 13:14:58, Info                  CSI    00000060 [SR] Verify complete
    2015-01-19 13:14:58, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:58, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:03, Info                  CSI    00000064 [SR] Verify complete
    2015-01-19 13:15:03, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:03, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:09, Info                  CSI    00000068 [SR] Verify complete
    2015-01-19 13:15:09, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:09, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:13, Info                  CSI    0000006c [SR] Verify complete
    2015-01-19 13:15:13, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:13, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:19, Info                  CSI    00000070 [SR] Verify complete
    2015-01-19 13:15:19, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:19, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:28, Info                  CSI    00000074 [SR] Verify complete
    2015-01-19 13:15:28, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:28, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:29, Info                  CSI    00000077 [SR] Cannot repair member file [l:22{11}]"BrSerIb.sys" of mdmbr005.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing

     

    I'll go on to the rest of your instructions now.

     

    Here is the VEW.exe results:

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2015 9:34:52 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2015 8:46:39 PM
    Type: Error Category: 0
    Event: 36888 Source: Schannel
    The following fatal alert was generated: 40. The internal error state is 252.

    Log: 'System' Date/Time: 27/01/2015 8:46:39 PM
    Type: Error Category: 0
    Event: 36888 Source: Schannel
    The following fatal alert was generated: 40. The internal error state is 252.

    Log: 'System' Date/Time: 27/01/2015 8:45:00 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:45:00 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:39 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:39 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:30:13 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The PNRP Machine Name Publication Service service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:30:13 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2015 8:45:09 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 8:45:04 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 8:45:03 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 5:30:20 PM
    Type: Warning Category: 0
    Event: 2511 Source: Server
    The server service was unable to recreate the share Java because the directory C:\Program Files (x86)\Java no longer exists.  Please run "net share Java /delete" to delete the share, or recreate the directory C:\Program Files (x86)\Java.

    Log: 'System' Date/Time: 27/01/2015 5:29:34 PM
    Type: Warning Category: 0
    Event: 4 Source: k57nd60a
    Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 27/01/2015 5:29:21 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 5:29:20 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 5:29:20 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume Gateway encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 2:55:15 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

     

    Here is the 2nd one:

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2015 9:38:22 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 27/01/2015 12:29:51 AM
    Type: Error Category: 0
    Event: 10005 Source: MsiInstaller
    Product: Microsoft Fix it 50562 -- This Microsoft Fix it does not apply to your operating system or application version.

    Log: 'Application' Date/Time: 26/01/2015 11:04:08 PM
    Type: Error Category: 1
    Event: 1003 Source: HlpCtntMgr
    Help Content Manager exited with error: NoBooksToUninstall

    Log: 'Application' Date/Time: 26/01/2015 8:15:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 8:15:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 26/01/2015 2:07:21 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 2:07:21 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 26/01/2015 1:03:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 1:03:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 25/01/2015 5:49:32 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:49:32 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:19:13 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:19:11 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 11:20:36 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 11:20:34 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 2:31:15 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 2:31:14 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 7:09:44 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 7:09:43 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 4:12:16 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 4:12:15 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 26/01/2015 11:02:14 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 1684) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 11:02:14 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Windows\System32\dwm.exe' (pid 1864) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 11:02:10 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files (x86)\Internet Explorer\iexplore.exe' (pid 3636) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 1:04:49 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <C:\ProgramData\Microsoft\Windows\Start Menu\> cannot be accessed.

    Context:  Application, SystemIndex Catalog

    Details:
     The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add.  (HRESULT : 0x80040d0d) (0x80040d0d)

    Log: 'Application' Date/Time: 25/01/2015 8:06:47 PM
    Type: Warning Category: 7
    Event: 508 Source: ESENT
    taskhost (2612) WebCacheLocal: A request to write to the file "C:\Users\Kelly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 45809664 (0x0000000002bb0000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (7891 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

    Log: 'Application' Date/Time: 19/01/2015 7:08:38 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-1519497777-177528772-3543348537-1001:
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\My
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\CA
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\Root
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\trust
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates

    Log: 'Application' Date/Time: 15/01/2015 1:52:43 PM
    Type: Warning Category: 7
    Event: 508 Source: ESENT
    taskhost (2140) WebCacheLocal: A request to write to the file "C:\Users\Kelly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 46923776 (0x0000000002cc0000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (38967 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

     

     


    • 0

    #10
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

     

     

    In addition to the previous post:

     

    I just figured out where the Windows Shell Commor comes from.  It's actually Windows Shell Common DLL which is used if it has no idea what program to use to open a file with that extension.  Part of it is covered up with the Change button.  If you click on Commor you can slide to the right and see the rest of it.

     

    attachicon.gifcommor.jpg

     

    attachicon.gifcommon.jpg

     

    so what is happening is you are losing your file associations.  Either the hard drive has a problem, the memory is going bad or you have some stupid program going insane and overwriting the registry.The steps above will look for a bad hard drive, bad RAM and overheating.  Hopefully you are not running a registry cleaner.

     

     

    Does it really say Windows Shell Commor or should the last word be Common?

     

    In the future just post your logs in a new reply.  If you go back and edit an old post I do not get notified.  I see several problems.  IE is causing a big slowdown.  I'm going to use FRST to clean it up and see if that will help.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    I see problems with your install of Microsoft Visual Studio Express 2013.  You should  uninstall it, run the System Update Readiness Tool 
     
    and then reinstall it.   Once you have done that:
     
     
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    In either case continue below:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
    Then use the 'Number of events' as follows:
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Run the built-in memory test:
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
    Run Process Explorer again as before and post a new log.
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    I do not see an anti-virus.  Please install the free Avast:
     
     
    Download, Save, and right click and Run As Administrator.
     
    You should uncheck any optional software such as the Google toolbar, Chrome or Dropbox.
     
    Then tonight while you sleep (it can take 6 hours or more) run a boot-time scan.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

     

    I did the check disk and it ran for almost 4 hours. This has been a hellish day, and I've been in and out, so I apologize for the delay. I did the sfc /scannow and it couldn't fix everything. Here is what was copied to Notebook:

    2014-12-28 20:38:16, Info                  CSI    00000009 [SR] Verifying 1 components
    2014-12-28 20:38:16, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2014-12-28 20:38:16, Info                  CSI    0000000c [SR] Verify complete
    2014-12-28 20:43:15, Info                  CSI    0000000d [SR] Verifying 1 components
    2014-12-28 20:43:15, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:15, Info                  CSI    00000010 [SR] Verify complete
    2014-12-28 20:43:48, Info                  CSI    00000011 [SR] Verifying 1 components
    2014-12-28 20:43:48, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:48, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:13:57, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:13:57, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:02, Info                  CSI    0000000c [SR] Verify complete
    2015-01-19 13:14:02, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:02, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:07, Info                  CSI    00000010 [SR] Verify complete
    2015-01-19 13:14:07, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:07, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:11, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:14:11, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:11, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:15, Info                  CSI    00000018 [SR] Verify complete
    2015-01-19 13:14:15, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:15, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:19, Info                  CSI    0000001c [SR] Verify complete
    2015-01-19 13:14:19, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:19, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:24, Info                  CSI    00000020 [SR] Verify complete
    2015-01-19 13:14:24, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:24, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:28, Info                  CSI    00000024 [SR] Verify complete
    2015-01-19 13:14:28, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:28, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:32, Info                  CSI    00000028 [SR] Verify complete
    2015-01-19 13:14:32, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:32, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:36, Info                  CSI    0000002c [SR] Verify complete
    2015-01-19 13:14:37, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:37, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:40, Info                  CSI    00000030 [SR] Verify complete
    2015-01-19 13:14:40, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:40, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:46, Info                  CSI    00000033 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000034 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000035 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000036 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000037 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000038 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000039 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    0000003a [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003b [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003c [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003d [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003e [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003f [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000040 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000041 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000042 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000043 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000044 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000045 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000046 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000047 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000048 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000049 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000004a [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    0000004c [SR] Verify complete
    2015-01-19 13:14:48, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:48, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:52, Info                  CSI    0000004f [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000050 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000051 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000052 [SR] This component was referenced by [l:182{91}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmf"
    2015-01-19 13:14:52, Info                  CSI    00000053 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000054 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmdm"
    2015-01-19 13:14:52, Info                  CSI    00000056 [SR] Verify complete
    2015-01-19 13:14:53, Info                  CSI    00000057 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:53, Info                  CSI    00000058 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:54, Info                  CSI    00000059 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:54, Info                  CSI    0000005a [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005b [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005c [SR] This component was referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1.2.0.2732487-2_neutral_GDR"
    2015-01-19 13:14:58, Info                  CSI    0000005d [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005e [SR] This component was referenced by [l:184{92}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcwia"
    2015-01-19 13:14:58, Info                  CSI    00000060 [SR] Verify complete
    2015-01-19 13:14:58, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:58, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:03, Info                  CSI    00000064 [SR] Verify complete
    2015-01-19 13:15:03, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:03, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:09, Info                  CSI    00000068 [SR] Verify complete
    2015-01-19 13:15:09, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:09, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:13, Info                  CSI    0000006c [SR] Verify complete
    2015-01-19 13:15:13, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:13, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:19, Info                  CSI    00000070 [SR] Verify complete
    2015-01-19 13:15:19, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:19, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:28, Info                  CSI    00000074 [SR] Verify complete
    2015-01-19 13:15:28, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:28, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:29, Info                  CSI    00000077 [SR] Cannot repair member file [l:22{11}]"BrSerIb.sys" of mdmbr005.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing

     

    I'll go on to the rest of your instructions now.

     

    Here is the VEW.exe results:

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2015 9:34:52 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2015 8:46:39 PM
    Type: Error Category: 0
    Event: 36888 Source: Schannel
    The following fatal alert was generated: 40. The internal error state is 252.

    Log: 'System' Date/Time: 27/01/2015 8:46:39 PM
    Type: Error Category: 0
    Event: 36888 Source: Schannel
    The following fatal alert was generated: 40. The internal error state is 252.

    Log: 'System' Date/Time: 27/01/2015 8:45:00 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:45:00 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:39 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:39 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:30:13 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The PNRP Machine Name Publication Service service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:30:13 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2015 8:45:09 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 8:45:04 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 8:45:03 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 5:30:20 PM
    Type: Warning Category: 0
    Event: 2511 Source: Server
    The server service was unable to recreate the share Java because the directory C:\Program Files (x86)\Java no longer exists.  Please run "net share Java /delete" to delete the share, or recreate the directory C:\Program Files (x86)\Java.

    Log: 'System' Date/Time: 27/01/2015 5:29:34 PM
    Type: Warning Category: 0
    Event: 4 Source: k57nd60a
    Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 27/01/2015 5:29:21 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 5:29:20 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 5:29:20 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume Gateway encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 2:55:15 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

     

    Here is the 2nd one:

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2015 9:38:22 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 27/01/2015 12:29:51 AM
    Type: Error Category: 0
    Event: 10005 Source: MsiInstaller
    Product: Microsoft Fix it 50562 -- This Microsoft Fix it does not apply to your operating system or application version.

    Log: 'Application' Date/Time: 26/01/2015 11:04:08 PM
    Type: Error Category: 1
    Event: 1003 Source: HlpCtntMgr
    Help Content Manager exited with error: NoBooksToUninstall

    Log: 'Application' Date/Time: 26/01/2015 8:15:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 8:15:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 26/01/2015 2:07:21 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 2:07:21 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 26/01/2015 1:03:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 1:03:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 25/01/2015 5:49:32 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:49:32 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:19:13 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:19:11 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 11:20:36 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 11:20:34 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 2:31:15 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 2:31:14 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 7:09:44 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 7:09:43 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 4:12:16 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 4:12:15 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 26/01/2015 11:02:14 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 1684) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 11:02:14 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Windows\System32\dwm.exe' (pid 1864) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 11:02:10 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files (x86)\Internet Explorer\iexplore.exe' (pid 3636) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 1:04:49 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <C:\ProgramData\Microsoft\Windows\Start Menu\> cannot be accessed.

    Context:  Application, SystemIndex Catalog

    Details:
     The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add.  (HRESULT : 0x80040d0d) (0x80040d0d)

    Log: 'Application' Date/Time: 25/01/2015 8:06:47 PM
    Type: Warning Category: 7
    Event: 508 Source: ESENT
    taskhost (2612) WebCacheLocal: A request to write to the file "C:\Users\Kelly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 45809664 (0x0000000002bb0000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (7891 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

    Log: 'Application' Date/Time: 19/01/2015 7:08:38 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-1519497777-177528772-3543348537-1001:
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\My
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\CA
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\Root
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\trust
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates

    Log: 'Application' Date/Time: 15/01/2015 1:52:43 PM
    Type: Warning Category: 7
    Event: 508 Source: ESENT
    taskhost (2140) WebCacheLocal: A request to write to the file "C:\Users\Kelly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 46923776 (0x0000000002cc0000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (38967 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

     

    I'm going to run the Windows Memory Diagnostic Tool now, but it says it could take a few hours. If that is the case, I'll have to do the rest in the morning. I have to be back at the hospital at 5:00 a.m. and need a few hours of sleep. Thanks so much for helping me! It's amazing to me that you can decipher all of this information!

     

     

     


    • 0

    Advertisements


    #11
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

    Attached File  KELLY-PC Speccy.txt   66.99KB   392 downloads


    • 0

    #12
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

     

     

     

    In addition to the previous post:

     

    I just figured out where the Windows Shell Commor comes from.  It's actually Windows Shell Common DLL which is used if it has no idea what program to use to open a file with that extension.  Part of it is covered up with the Change button.  If you click on Commor you can slide to the right and see the rest of it.

     

    attachicon.gifcommor.jpg

     

    attachicon.gifcommon.jpg

     

    so what is happening is you are losing your file associations.  Either the hard drive has a problem, the memory is going bad or you have some stupid program going insane and overwriting the registry.The steps above will look for a bad hard drive, bad RAM and overheating.  Hopefully you are not running a registry cleaner.

     

     

    Does it really say Windows Shell Commor or should the last word be Common?

     

    In the future just post your logs in a new reply.  If you go back and edit an old post I do not get notified.  I see several problems.  IE is causing a big slowdown.  I'm going to use FRST to clean it up and see if that will help.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
     
    Java 7 Update 71
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    I see problems with your install of Microsoft Visual Studio Express 2013.  You should  uninstall it, run the System Update Readiness Tool 
     
    and then reinstall it.   Once you have done that:
     
     
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    In either case continue below:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
    Then use the 'Number of events' as follows:
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Run the built-in memory test:
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
    Run Process Explorer again as before and post a new log.
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    I do not see an anti-virus.  Please install the free Avast:
     
     
    Download, Save, and right click and Run As Administrator.
     
    You should uncheck any optional software such as the Google toolbar, Chrome or Dropbox.
     
    Then tonight while you sleep (it can take 6 hours or more) run a boot-time scan.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     

     

    I did the check disk and it ran for almost 4 hours. This has been a hellish day, and I've been in and out, so I apologize for the delay. I did the sfc /scannow and it couldn't fix everything. Here is what was copied to Notebook:

    2014-12-28 20:38:16, Info                  CSI    00000009 [SR] Verifying 1 components
    2014-12-28 20:38:16, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2014-12-28 20:38:16, Info                  CSI    0000000c [SR] Verify complete
    2014-12-28 20:43:15, Info                  CSI    0000000d [SR] Verifying 1 components
    2014-12-28 20:43:15, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:15, Info                  CSI    00000010 [SR] Verify complete
    2014-12-28 20:43:48, Info                  CSI    00000011 [SR] Verifying 1 components
    2014-12-28 20:43:48, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2014-12-28 20:43:48, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:13:57, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:13:57, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:02, Info                  CSI    0000000c [SR] Verify complete
    2015-01-19 13:14:02, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:02, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:07, Info                  CSI    00000010 [SR] Verify complete
    2015-01-19 13:14:07, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:07, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:11, Info                  CSI    00000014 [SR] Verify complete
    2015-01-19 13:14:11, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:11, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:15, Info                  CSI    00000018 [SR] Verify complete
    2015-01-19 13:14:15, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:15, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:19, Info                  CSI    0000001c [SR] Verify complete
    2015-01-19 13:14:19, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:19, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:24, Info                  CSI    00000020 [SR] Verify complete
    2015-01-19 13:14:24, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:24, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:28, Info                  CSI    00000024 [SR] Verify complete
    2015-01-19 13:14:28, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:28, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:32, Info                  CSI    00000028 [SR] Verify complete
    2015-01-19 13:14:32, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:32, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:36, Info                  CSI    0000002c [SR] Verify complete
    2015-01-19 13:14:37, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:37, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:40, Info                  CSI    00000030 [SR] Verify complete
    2015-01-19 13:14:40, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:40, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:46, Info                  CSI    00000033 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000034 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000035 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000036 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000037 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000038 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    00000039 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:46, Info                  CSI    0000003a [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003b [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003c [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003d [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averhbh826_noaverir_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000003e [SR] This component was referenced by [l:212{106}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averhbh826_noaverir_x64"
    2015-01-19 13:14:47, Info                  CSI    0000003f [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000040 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000041 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2hbtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000042 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2hbtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000043 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000044 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000045 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_noavin_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000046 [SR] This component was referenced by [l:210{105}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_noavin_x64"
    2015-01-19 13:14:47, Info                  CSI    00000047 [SR] Cannot repair member file [l:34{17}]"AVerFx2hbtv64.sys" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    00000048 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    00000049 [SR] Cannot repair member file [l:32{16}]"MVDetection64.ax" of averfx2swtv_x64.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:47, Info                  CSI    0000004a [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_averfx2swtv_x64"
    2015-01-19 13:14:47, Info                  CSI    0000004c [SR] Verify complete
    2015-01-19 13:14:48, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:48, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:52, Info                  CSI    0000004f [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000050 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000051 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmf.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000052 [SR] This component was referenced by [l:182{91}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmf"
    2015-01-19 13:14:52, Info                  CSI    00000053 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcmdm.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:52, Info                  CSI    00000054 [SR] This component was referenced by [l:196{98}]"Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcmdm"
    2015-01-19 13:14:52, Info                  CSI    00000056 [SR] Verify complete
    2015-01-19 13:14:53, Info                  CSI    00000057 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:53, Info                  CSI    00000058 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:14:54, Info                  CSI    00000059 [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:54, Info                  CSI    0000005a [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005b [SR] Cannot repair member file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005c [SR] This component was referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1.2.0.2732487-2_neutral_GDR"
    2015-01-19 13:14:58, Info                  CSI    0000005d [SR] Cannot repair member file [l:24{12}]"brcoinst.dll" of brmfcwia.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing
    2015-01-19 13:14:58, Info                  CSI    0000005e [SR] This component was referenced by [l:184{92}]"Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.INF_brmfcwia"
    2015-01-19 13:14:58, Info                  CSI    00000060 [SR] Verify complete
    2015-01-19 13:14:58, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:14:58, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:03, Info                  CSI    00000064 [SR] Verify complete
    2015-01-19 13:15:03, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:03, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:09, Info                  CSI    00000068 [SR] Verify complete
    2015-01-19 13:15:09, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:09, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:13, Info                  CSI    0000006c [SR] Verify complete
    2015-01-19 13:15:13, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:13, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:19, Info                  CSI    00000070 [SR] Verify complete
    2015-01-19 13:15:19, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:19, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:28, Info                  CSI    00000074 [SR] Verify complete
    2015-01-19 13:15:28, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-19 13:15:28, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
    2015-01-19 13:15:29, Info                  CSI    00000077 [SR] Cannot repair member file [l:22{11}]"BrSerIb.sys" of mdmbr005.inf, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, file is missing

     

    I'll go on to the rest of your instructions now.

     

    Here is the VEW.exe results:

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2015 9:34:52 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2015 8:46:39 PM
    Type: Error Category: 0
    Event: 36888 Source: Schannel
    The following fatal alert was generated: 40. The internal error state is 252.

    Log: 'System' Date/Time: 27/01/2015 8:46:39 PM
    Type: Error Category: 0
    Event: 36888 Source: Schannel
    The following fatal alert was generated: 40. The internal error state is 252.

    Log: 'System' Date/Time: 27/01/2015 8:45:00 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:45:00 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 8:44:58 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 6:48:10 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:50 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:39 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:37:39 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Peer Name Resolution Protocol service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:30:13 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The PNRP Machine Name Publication Service service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    Log: 'System' Date/Time: 27/01/2015 5:30:13 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The account specified for this service is different from the account specified for other services running in the same process.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2015 8:45:09 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 8:45:04 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 8:45:03 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.att.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2015 5:30:20 PM
    Type: Warning Category: 0
    Event: 2511 Source: Server
    The server service was unable to recreate the share Java because the directory C:\Program Files (x86)\Java no longer exists.  Please run "net share Java /delete" to delete the share, or recreate the directory C:\Program Files (x86)\Java.

    Log: 'System' Date/Time: 27/01/2015 5:29:34 PM
    Type: Warning Category: 0
    Event: 4 Source: k57nd60a
    Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 27/01/2015 5:29:21 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 5:29:20 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 5:29:20 PM
    Type: Warning Category: 2
    Event: 136 Source: Ntfs
    The default transaction resource manager on volume Gateway encountered an error while starting and its metadata was reset.  The data contains the error code.

    Log: 'System' Date/Time: 27/01/2015 2:55:15 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

     

    Here is the 2nd one:

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2015 9:38:22 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 27/01/2015 12:29:51 AM
    Type: Error Category: 0
    Event: 10005 Source: MsiInstaller
    Product: Microsoft Fix it 50562 -- This Microsoft Fix it does not apply to your operating system or application version.

    Log: 'Application' Date/Time: 26/01/2015 11:04:08 PM
    Type: Error Category: 1
    Event: 1003 Source: HlpCtntMgr
    Help Content Manager exited with error: NoBooksToUninstall

    Log: 'Application' Date/Time: 26/01/2015 8:15:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 8:15:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 26/01/2015 2:07:21 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 2:07:21 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 26/01/2015 1:03:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Unexpected conflict discarding   16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.

    Log: 'Application' Date/Time: 26/01/2015 1:03:26 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   18 68.1.168.192.in-addr.arpa. PTR Kelly-PC-2.local.

    Log: 'Application' Date/Time: 25/01/2015 5:49:32 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:49:32 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:19:13 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 25/01/2015 5:19:11 AM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 11:20:36 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 11:20:34 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 2:31:15 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 24/01/2015 2:31:14 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 7:09:44 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 7:09:43 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 4:12:16 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 23/01/2015 4:12:15 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 26/01/2015 11:02:14 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 1684) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 11:02:14 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Windows\System32\dwm.exe' (pid 1864) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 11:02:10 PM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files (x86)\Internet Explorer\iexplore.exe' (pid 3636) cannot be restarted - Application SID does not match Conductor SID..

    Log: 'Application' Date/Time: 26/01/2015 1:04:49 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <C:\ProgramData\Microsoft\Windows\Start Menu\> cannot be accessed.

    Context:  Application, SystemIndex Catalog

    Details:
     The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add.  (HRESULT : 0x80040d0d) (0x80040d0d)

    Log: 'Application' Date/Time: 25/01/2015 8:06:47 PM
    Type: Warning Category: 7
    Event: 508 Source: ESENT
    taskhost (2612) WebCacheLocal: A request to write to the file "C:\Users\Kelly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 45809664 (0x0000000002bb0000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (7891 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

    Log: 'Application' Date/Time: 19/01/2015 7:08:38 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-1519497777-177528772-3543348537-1001:
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\My
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\CA
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\Root
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\trust
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2172 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Policies\Microsoft\SystemCertificates

    Log: 'Application' Date/Time: 15/01/2015 1:52:43 PM
    Type: Warning Category: 7
    Event: 508 Source: ESENT
    taskhost (2140) WebCacheLocal: A request to write to the file "C:\Users\Kelly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 46923776 (0x0000000002cc0000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (38967 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

     

    I'm going to run the Windows Memory Diagnostic Tool now, but it says it could take a few hours. If that is the case, I'll have to do the rest in the morning. I have to be back at the hospital at 5:00 a.m. and need a few hours of sleep. Thanks so much for helping me! It's amazing to me that you can decipher all of this information!

     

     

     

     

    Here is the Process Explorer results:

     

    Process CPU Private Bytes Working Set PID Verified Signer
    System Idle Process 54.50 0 K 24 K 0 
    iexplore.exe 19.20 329,664 K 317,760 K 1684 (Verified) Microsoft Windows
    audiodg.exe 14.09 22,112 K 21,892 K 304 (Verified) Microsoft Windows
    procexp64.exe 7.12 23,096 K 43,556 K 4960 (Verified) Sysinternals
    dwm.exe 1.82 64,460 K 37,376 K 3800 (Verified) Microsoft Windows
    Interrupts 1.06 0 K 0 K n/a 
    System 0.81 368 K 4,652 K 4 
    iexplore.exe 0.46 50,608 K 61,652 K 5016 (Verified) Microsoft Windows
    csrss.exe 0.36 3,128 K 31,032 K 464 (Verified) Microsoft Windows
    svchost.exe 0.15 20,736 K 36,352 K 1004 (Verified) Microsoft Windows
    explorer.exe 0.10 38,508 K 64,348 K 3860 (Verified) Microsoft Windows
    GregHSRW.exe 0.07 1,500 K 4,784 K 1644 (Verified) Acer Incorporated
    AdAwareService.exe 0.05 222,472 K 231,692 K 1828 (Verified) Lavasoft Limited
    svchost.exe 0.04 14,812 K 15,888 K 848 (Verified) Microsoft Windows
    svchost.exe 0.03 108,124 K 115,732 K 924 (Verified) Microsoft Windows
    taskhost.exe 0.03 69,180 K 44,968 K 3660 (Verified) Microsoft Windows
    AppleMobileDeviceService.exe 0.03 3,156 K 9,568 K 1388 (Verified) Apple Inc.
    EKAiOHostService.exe 0.02 18,244 K 25,636 K 1776 (Verified) Eastman Kodak Company
    iexplore.exe 0.02 25,908 K 53,012 K 3960 (Verified) Microsoft Windows
    WLIDSVC.EXE 0.01 6,908 K 15,512 K 1088 (Verified) Microsoft Corporation
    svchost.exe 0.01 9,416 K 17,372 K 972 (Verified) Microsoft Windows
    SearchIndexer.exe 0.01 47,060 K 31,496 K 1852 (Verified) Microsoft Windows
    IScheduleSvc.exe 0.01 4,928 K 9,712 K 1856 (Verified) NewTech Infosystems
    WmiPrvSE.exe < 0.01 18,556 K 23,912 K 4216 (Verified) Microsoft Windows
    spoolsv.exe < 0.01 10,864 K 17,984 K 1200 (Verified) Microsoft Windows
    WLIDSVCM.EXE  1,200 K 3,224 K 2412 (Verified) Microsoft Corporation
    winlogon.exe  2,880 K 7,216 K 520 (Verified) Microsoft Windows
    wininit.exe  1,440 K 4,400 K 472 (Verified) Microsoft Windows
    UpdaterService.exe  1,100 K 3,736 K 1844 (Verified) Acer Incorporated
    svchost.exe  44,884 K 21,508 K 1132 (Verified) Microsoft Windows
    svchost.exe  13,364 K 17,216 K 1232 (Verified) Microsoft Windows
    svchost.exe  21,288 K 22,268 K 880 (Verified) Microsoft Windows
    svchost.exe  4,204 K 8,224 K 772 (Verified) Microsoft Windows
    svchost.exe  4,252 K 9,696 K 692 (Verified) Microsoft Windows
    svchost.exe  4,904 K 9,092 K 1620 (Verified) Microsoft Windows
    svchost.exe  1,848 K 5,508 K 1556 (Verified) Microsoft Windows
    svchost.exe  2,236 K 5,636 K 3108 (Verified) Microsoft Windows
    svchost.exe  1,084 K 2,968 K 1896 (Verified) Microsoft Windows
    svchost.exe  1,352 K 3,552 K 1756 (Verified) Microsoft Windows
    smss.exe  440 K 1,124 K 268 (Verified) Microsoft Windows
    services.exe  6,044 K 10,144 K 568 (Verified) Microsoft Windows
    procexp.exe  2,200 K 7,204 K 3760 (Verified) Microsoft Corporation
    notepad.exe  1,864 K 6,244 K 872 (Verified) Microsoft Windows
    mDNSResponder.exe  2,132 K 5,600 K 1420 (Verified) Apple Inc.
    lsm.exe  2,436 K 4,228 K 588 (Verified) Microsoft Windows
    lsass.exe  4,516 K 11,652 K 576 (Verified) Microsoft Windows
    FlashUtil64_16_0_0_296_ActiveX.exe  3,892 K 9,540 K 3244 (Verified) Adobe Systems Incorporated
    ePowerSvc.exe  1,896 K 4,984 K 1528 (Verified) Acer Incorporated
    EKPrinterSDK.exe  1,728 K 5,112 K 1800 (Verified) Eastman Kodak Company
    EKIJ5000MUI.exe  3,044 K 8,520 K 4012 (No signature was present in the subject) Eastman Kodak Company
    ehmsas.exe  1,736 K 5,536 K 1596 (Verified) Microsoft Windows
    csrss.exe  2,004 K 4,472 K 392 (Verified) Microsoft Windows
    armsvc.exe  1,160 K 3,852 K 1320 (Verified) Adobe Systems

     

    Oh, btw, I'm not running any sort of registry cleaner. I think this is a horrible virus, rootkit, malware, or a possession...possibly all of them! Lol! Ok, on to the next step!


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    OK.  I think it's overheating:

     

    CPU
    Intel Mobile Core 2 Duo T6600 @ 2.20GHz 67 °C

     

     

     
     Expect that's what is at the root of your problem.  Normal for a laptop is under 55.  It looks like a Gateway from the Speccy log.  What model?  If it's like a Dell then you are lucky and it's not major surgery to clean the heatsink.   A dust clogged heatsink is the most common problem with an overheating laptop.  Do not remove the heatsink and heatpipe assembly unless you have new thermal paste.  Just take the bottom cover off so you can get to the heatsink and use a vacuum cleaner hose and a small brush to get as much dust out of the heatsink fins as you can.  I can probably find you a youtube video on the process if you give me the mode number.
     
    Good news is the hard drive is looking good.  
     
    PS.  Try not to have it repeat everything when you post.  I'm not even sure how you are doing that.

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Hold off on the memory test until after you get it cleaned.

     

    After you clean it:  Get speedfan

     
    Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
     
    It will tell you your temps in real time.

    • 0

    #15
    tink03

    tink03

      Member

    • Topic Starter
    • Member
    • PipPip
    • 16 posts

     

    OK.  I think it's overheating:

     

    CPU
    Intel Mobile Core 2 Duo T6600 @ 2.20GHz 67 °C

     

     

     
     Expect that's what is at the root of your problem.  Normal for a laptop is under 55.  It looks like a Gateway from the Speccy log.  What model?  If it's like a Dell then you are lucky and it's not major surgery to clean the heatsink.   A dust clogged heatsink is the most common problem with an overheating laptop.  Do not remove the heatsink and heatpipe assembly unless you have new thermal paste.  Just take the bottom cover off so you can get to the heatsink and use a vacuum cleaner hose and a small brush to get as much dust out of the heatsink fins as you can.  I can probably find you a youtube video on the process if you give me the mode number.
     
    Good news is the hard drive is looking good.  
     
    PS.  Try not to have it repeat everything when you post.  I'm not even sure how you are doing that.

     

    This is from the boot scan:

    01/27/2015 23:22
    Scan of C:

    Scan of *STARTUP

    Number of searched folders: 30222
    Number of tested files: 583373
    Number of infected files: 0

     

    I'm confused...you think something keeps changing all of my folder and file permissions because the computer is overheating? I understand that overheating can cause problems, but it changes the permissions so that I can't use certain programs. For example, I tried to print out your instructions yesterday, but I no longer had permission to use my printer. It changed the owner from me to administrator, checked the inherited permissions, and when I looked at my permissions (which should be full permission), it says Special permissions. A lot of times when something is running really poorly, I'll look and find that Trusted Installer or Creator Owner is the owner. I can't tell you how many times I have had to do a system restore because I no longer have access to any of the program files. I honestly think it's more than overheating, but you're the expert. I hope you're right. I have a Gateway, model NV78.


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: permissions, virus, windows shell commor, icons change, printer problems

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP