Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer runs slow, cannot access task manager


  • Please log in to reply

#1
Chucklebun

Chucklebun

    Member

  • Member
  • PipPip
  • 91 posts

This system has been running a minecraft LAN server I set up for my girlfriend, and I've used it for light browsing as well. Recently it has been running like crap, with the minecraft server crashing and/or locking the entire system up. Attempting to ctrl-alt-delete or otherwise run the task manager has also seemed to lock up the computer - although it will sometimes work after extremely long delays +/- 15 mins. The first time I attempted to run OTL (from safe mode after a forced shutdown) OTL locked up (it hung for several hours) I rebooted normally and it ran OK, however, so I'm not sure what was going on there.

 

The reason for the delay in posting is that I had to get on an airplane and ran out of time before posting. Sorry if that's a factor - let me know if I need to re-run OTL, I figured the log from immediately after I found the problem would be preferable.

 

Thanks in advance for your assistance.

 

OTL logfile created on: 1/20/2015 11:59:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Goblin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 72.88% Memory free
16.05 Gb Paging File | 13.20 Gb Available in Paging File | 82.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 623.54 Gb Free Space | 91.02% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.85 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
 
Computer Name: HPMEDIA-PC | User Name: Goblin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/20 23:02:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
PRC - [2015/01/17 10:01:41 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/21 15:37:11 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
PRC - [2014/09/16 21:11:37 | 002,461,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/09/16 21:11:26 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2008/10/17 19:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 19:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/10/06 12:36:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/06 12:36:14 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/17 10:01:39 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2008/10/17 19:57:20 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/16 21:11:26 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2015/01/17 10:01:39 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/13 18:21:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/16 21:11:26 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/07 18:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/10/06 12:36:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/16 23:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/20 05:49:48 | 000,195,584 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 19:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/09/18 12:39:50 | 001,168,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/09/10 14:02:08 | 001,655,296 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/09/10 11:50:28 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE:64bit: - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE - HKCU\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.18
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/09/23 17:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Extensions
[2015/01/16 21:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions
[2015/01/16 21:12:11 | 000,544,303 | ---- | M] () (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/09/23 19:52:00 | 000,376,092 | ---- | M] () (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2015/01/14 19:30:53 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/17 10:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/17 10:01:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft - Shortcut.lnk = C:\Users\Goblin\Desktop\New Minecraft Server\Minecraft.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA4456F-6A10-427D-A32B-7080522BDBA2}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/20 23:02:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2015/01/17 10:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/10 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Roaming\CyberLink
[2015/01/10 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Documents\Aperture science camera files
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/21 00:01:18 | 000,802,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/21 00:01:18 | 000,672,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/21 00:01:18 | 000,131,812 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/20 23:56:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/20 23:56:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/20 23:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/20 23:02:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2015/01/20 21:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/15 16:22:09 | 000,000,680 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2015/01/10 10:22:31 | 000,006,656 | ---- | M] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2015/01/15 16:22:09 | 000,000,680 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2014/12/20 12:20:35 | 000,638,976 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/12/20 12:20:35 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/12/20 12:17:05 | 000,006,656 | ---- | C] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/09/22 16:33:16 | 000,795,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/22 16:29:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2014/09/22 16:29:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2014/09/22 16:29:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2014/09/21 20:05:15 | 000,000,732 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 11:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/21 20:35:27 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Oracle
[2014/09/21 20:15:16 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\PictureMover
[2015/01/20 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     
    That's my standard remove adware and check for viruses procedure.  IF we find anything we'll run some more scans.
     
    Now we do the why is it slow stuff:
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Ron
     

    • 0

    #3
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Hi. The computeris being very balky... I will post what I have so far for you... SFC should hopefully complete sometime this millenium.

     

     

    # AdwCleaner v4.109 - Report created 27/01/2015 at 18:42:31
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
    # Username : Goblin - HPMEDIA-PC
    # Running from : C:\Users\Goblin\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\Users\Public\Desktop\eBay.lnk

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [1695 octets] - [27/01/2015 18:42:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1755 octets] ##########
     

    # AdwCleaner v4.109 - Report created 27/01/2015 at 18:47:56
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
    # Username : Goblin - HPMEDIA-PC
    # Running from : C:\Users\Goblin\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [1847 octets] - [27/01/2015 18:42:32]
    AdwCleaner[S0].txt - [1583 octets] - [27/01/2015 18:47:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1643 octets] ##########
     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows ™ Vista Home Premium x64
    Ran by Goblin on Tue 01/27/2015 at 19:46:43.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2326032851-1019442383-1985811652-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Goblin\AppData\Roaming\mozilla\firefox\profiles\e2wholh0.default\minidumps [18 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 01/27/2015 at 19:49:02.83
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #4
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by Goblin (administrator) on HPMEDIA-PC on 27-01-2015 19:54:16
    Running from C:\Users\Goblin\Desktop
    Loaded Profiles: Goblin (Available profiles: Goblin)
    Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-10-06] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
    HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
    HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
    HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> DefaultScope {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://search.live.c...ms}&FORM=HPDTDF
    SearchScopes: HKLM -> {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://search.live.c...ms}&FORM=HPDTDF
    SearchScopes: HKLM -> {D7224172-D300-41D8-8655-8905A8DC1F7B} URL = http://www.ask.com/w...}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> DefaultScope {92733719-8085-42C7-AA36-0FA1EF22A58D} URL =
    SearchScopes: HKU\S-1-5-21-2326032851-1019442383-1985811652-1000 -> DefaultScope {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2326032851-1019442383-1985811652-1000 -> {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://www.bing.com/...rc=IE-SearchBox
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKU\S-1-5-21-2326032851-1019442383-1985811652-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Extension: NoScript - C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-13]
    FF Extension: StumbleUpon - C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-09-23]
    FF Extension: Adblock Plus - C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-12]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)
    S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
    S2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
    S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
    S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
    S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-27 19:54 - 2015-01-27 19:54 - 00011644 _____ () C:\Users\Goblin\Desktop\FRST.txt
    2015-01-27 19:52 - 2015-01-27 19:54 - 00000000 ____D () C:\FRST
    2015-01-27 19:49 - 2015-01-27 19:49 - 00002308 _____ () C:\Users\Goblin\Desktop\JRT.txt
    2015-01-27 19:46 - 2015-01-27 19:46 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-27 18:37 - 2015-01-27 18:47 - 00000000 ____D () C:\AdwCleaner
    2015-01-27 18:26 - 2015-01-27 18:26 - 00061440 _____ ( ) C:\Users\Goblin\Desktop\VEW(1).exe
    2015-01-27 18:25 - 2015-01-27 18:25 - 00061440 _____ ( ) C:\Users\Goblin\Downloads\VEW.exe
    2015-01-27 18:14 - 2015-01-27 18:14 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Goblin\Desktop\procexp.exe
    2015-01-27 18:01 - 2015-01-27 18:05 - 05135288 _____ (Piriform Ltd) C:\Users\Goblin\Desktop\spsetup128.exe
    2015-01-27 17:49 - 2015-01-27 17:49 - 02129920 _____ (Farbar) C:\Users\Goblin\Desktop\FRST64.exe
    2015-01-27 17:47 - 2015-01-27 17:47 - 01707939 _____ (Thisisu) C:\Users\Goblin\Desktop\JRT.exe
    2015-01-27 17:44 - 2015-01-27 17:37 - 02194432 _____ () C:\Users\Goblin\Desktop\AdwCleaner.exe
    2015-01-27 17:36 - 2015-01-27 17:37 - 02194432 _____ () C:\Users\Goblin\Downloads\AdwCleaner.exe
    2015-01-27 14:21 - 2015-01-27 14:21 - 04087472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-01-27 14:15 - 2015-01-27 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-21 00:16 - 2015-01-21 00:16 - 00045284 _____ () C:\Users\Goblin\Desktop\Extras.Txt
    2015-01-21 00:15 - 2015-01-21 00:19 - 00046452 _____ () C:\Users\Goblin\Desktop\OTL.Txt
    2015-01-20 23:02 - 2015-01-20 23:02 - 00602112 _____ (OldTimer Tools) C:\Users\Goblin\Downloads\OTL.exe
    2015-01-20 23:02 - 2015-01-20 23:02 - 00602112 _____ (OldTimer Tools) C:\Users\Goblin\Desktop\OTL.exe
    2015-01-15 16:22 - 2015-01-15 16:22 - 00000680 _____ () C:\Users\Goblin\AppData\Local\d3d9caps.dat
    2015-01-13 22:38 - 2014-12-18 19:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 22:38 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 22:38 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 22:38 - 2014-12-05 21:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 22:38 - 2014-12-05 21:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 22:38 - 2014-12-05 21:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-10 17:47 - 2015-01-10 17:47 - 00000000 ____D () C:\Users\Public\CyberLink
    2015-01-10 17:47 - 2015-01-10 17:47 - 00000000 ____D () C:\Users\Goblin\AppData\Roaming\CyberLink
    2015-01-10 17:29 - 2015-01-10 17:29 - 00000000 ____D () C:\Users\Goblin\Downloads\Windows Vista x32 Editions
    2015-01-10 10:43 - 2015-01-10 10:43 - 00000000 ____D () C:\Users\Goblin\Documents\Aperture science camera files
    2014-12-28 23:39 - 2014-12-28 23:55 - 00000000 ____D () C:\Users\Goblin\Downloads\Monty Python - 1980 - Contractual Obligation Album [V0]

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-27 19:28 - 2006-11-02 07:46 - 00802368 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-27 18:47 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-27 18:47 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-27 18:35 - 2014-09-21 23:43 - 01435409 _____ () C:\Windows\WindowsUpdate.log
    2015-01-27 18:35 - 2008-11-25 02:11 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
    2015-01-27 18:30 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-27 17:43 - 2014-09-23 17:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-27 14:21 - 2014-09-24 16:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-27 13:58 - 2014-11-04 21:08 - 00000000 ____D () C:\Users\Goblin\AppData\Roaming\HpUpdate
    2015-01-21 15:50 - 2006-11-02 10:42 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-20 23:10 - 2014-11-28 12:18 - 00000000 ____D () C:\Users\Goblin\AppData\Roaming\uTorrent
    2015-01-19 11:12 - 2014-12-22 13:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-13 22:38 - 2014-09-21 22:23 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-13 22:34 - 2006-11-02 07:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-01-13 18:21 - 2014-09-24 16:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-13 18:21 - 2014-09-24 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-13 18:21 - 2014-09-24 16:42 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-10 17:47 - 2008-11-25 01:42 - 00000000 ____D () C:\ProgramData\CyberLink
    2015-01-10 10:22 - 2014-12-20 12:17 - 00006656 _____ () C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-10 10:21 - 2006-11-02 10:27 - 00141442 _____ () C:\Windows\setupact.log
    2014-12-31 06:14 - 2014-09-21 20:33 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-29 10:03 - 2014-09-24 16:42 - 00000000 ____D () C:\Users\Goblin\AppData\Local\Adobe

    ==================== Files in the root of some directories =======

    2015-01-15 16:22 - 2015-01-15 16:22 - 0000680 _____ () C:\Users\Goblin\AppData\Local\d3d9caps.dat
    2014-09-21 20:05 - 2014-09-21 20:16 - 0000732 _____ () C:\Users\Goblin\AppData\Local\d3d9caps64.dat
    2014-12-20 12:17 - 2015-01-10 10:22 - 0006656 _____ () C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-23 16:24 - 2014-09-23 16:24 - 0467548 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistMSI3363.txt
    2014-09-23 16:24 - 2014-09-23 16:24 - 0471872 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistMSI33AF.txt
    2014-09-23 16:24 - 2014-09-23 16:24 - 0014266 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistUI3363.txt
    2014-09-23 16:24 - 2014-09-23 16:24 - 0014314 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistUI33AF.txt

    Files to move or delete:
    ====================
    C:\Users\Public\AMIDST-3.7.exe


    Some content of TEMP:
    ====================
    C:\Users\Goblin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Goblin\AppData\Local\Temp\Quarantine.exe
    C:\Users\Goblin\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-27 19:39

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by Goblin at 2015-01-27 19:55:06
    Running from C:\Users\Goblin\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
    Hauppauge MCE XP/Vista Software Encoder (2.0.26268) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.26268 - Hauppauge Computer Works, Inc.)
    HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM-x32\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
    HP Demo (HKLM-x32\...\{F827B95C-1BF5-43B4-9E26-CDC596ECE3AE}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.7.0 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2213 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
    HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
    HP Total Care Setup (HKLM-x32\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.0904 - CyberLink Corp.) Hidden
    LightScribe System Software  1.14.25.1 (HKLM-x32\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
    LightScribe Template Labeler (HKLM-x32\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM-x32\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    muvee Reveal (HKLM-x32\...\{5DBCC860-02F1-182F-7528-42B8ED9E4C5C}) (Version: 7.0.35.7315 - muvee Technologies Pte Ltd)
    My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
    NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
    PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.2202 - CyberLink Corp.) Hidden
    Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
    SoftMCE Encoder (x32 Version: 2.0.26268 - Hauppauge Computer Works) Hidden
    SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    21-01-2015 02:47:08 Scheduled Checkpoint
    27-01-2015 13:58:14 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1             localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {65B46FB9-8AEA-419B-A421-D5CE19DD4730} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
    Task: {B81D6D70-1303-4648-89E7-A6B0708D5FF7} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
    Task: {C09450A7-B062-4984-BB69-136A2E7314EF} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
    Task: {E2A0F342-C3EC-4002-AAF6-9224405554D3} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-27 14:15 - 2015-01-27 14:16 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2326032851-1019442383-1985811652-500 - Administrator - Disabled)
    Goblin (S-1-5-21-2326032851-1019442383-1985811652-1000 - Administrator - Enabled) => C:\Users\Goblin
    Guest (S-1-5-21-2326032851-1019442383-1985811652-501 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Consumer IR Devices
    Description: Consumer IR Devices
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: circlass
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2014-09-22 17:47:26.975
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.910
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.842
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.775
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.678
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.291
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.272
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.250
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.226
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
    Percentage of memory in use: 13%
    Total physical RAM: 8190.33 MB
    Available physical RAM: 7066.98 MB
    Total Pagefile: 16431.7 MB
    Available Pagefile: 15574.69 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:685.08 GB) (Free:624.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.56 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=685.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #5
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    OTL logfile created on: 1/27/2015 9:02:55 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Goblin\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    8.00 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.28% Memory free
    16.05 Gb Paging File | 14.25 Gb Available in Paging File | 88.79% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.08 Gb Total Space | 624.58 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
    Drive D: | 13.56 Gb Total Space | 1.85 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
     
    Computer Name: HPMEDIA-PC | User Name: Goblin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2015/01/27 14:17:02 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2015/01/20 23:02:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
    PRC - [2014/09/16 21:11:37 | 002,461,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2014/09/16 21:11:26 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    PRC - [2008/10/17 19:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2008/10/17 19:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2008/10/06 12:36:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/10/06 12:36:14 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2015/01/27 14:16:19 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2008/10/17 19:57:20 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2014/09/16 21:11:26 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
    SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2015/01/27 14:16:26 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2015/01/13 18:21:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/09/16 21:11:26 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
    SRV - [2014/05/07 18:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2008/10/06 12:36:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2014/09/16 23:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/01/20 05:49:48 | 000,195,584 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/12/04 19:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/09/18 12:39:50 | 001,168,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
    DRV:64bit: - [2008/09/10 14:02:08 | 001,655,296 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
    DRV:64bit: - [2008/09/10 11:50:28 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
    IE:64bit: - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
    IE - HKCU\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.highlightCount: 0
    FF - prefs.js..browser.search.isUS: true
    FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.18
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.11
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2014/09/23 17:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Extensions
    [2015/01/27 14:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions
    [2015/01/16 21:12:11 | 000,544,303 | ---- | M] () (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2014/09/23 19:52:00 | 000,376,092 | ---- | M] () (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
    [2015/01/14 19:30:53 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2015/01/27 14:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2015/01/27 14:17:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA4456F-6A10-427D-A32B-7080522BDBA2}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
     
     
    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    SafeBootNet:64bit: AppMgmt - Service
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
     
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
    Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2015/01/27 19:52:57 | 000,000,000 | ---D | C] -- C:\FRST
    [2015/01/27 19:46:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2015/01/27 18:37:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2015/01/27 18:14:08 | 002,480,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Goblin\Desktop\procexp.exe
    [2015/01/27 18:01:07 | 005,135,288 | ---- | C] (Piriform Ltd) -- C:\Users\Goblin\Desktop\spsetup128.exe
    [2015/01/27 17:49:10 | 002,129,920 | ---- | C] (Farbar) -- C:\Users\Goblin\Desktop\FRST64.exe
    [2015/01/27 17:47:49 | 001,707,939 | ---- | C] (Thisisu) -- C:\Users\Goblin\Desktop\JRT.exe
    [2015/01/27 14:21:11 | 004,087,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2015/01/27 14:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2015/01/20 23:02:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
    [2015/01/13 22:38:18 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2015/01/10 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Roaming\CyberLink
    [2015/01/10 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Documents\Aperture science camera files
     
    ========== Files - Modified Within 30 Days ==========
     
    [2015/01/27 20:42:58 | 000,802,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2015/01/27 20:42:58 | 000,672,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2015/01/27 20:42:58 | 000,131,812 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2015/01/27 20:36:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/01/27 20:36:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/01/27 20:36:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015/01/27 18:26:15 | 000,061,440 | ---- | M] ( ) -- C:\Users\Goblin\Desktop\VEW(1).exe
    [2015/01/27 18:14:10 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Goblin\Desktop\procexp.exe
    [2015/01/27 18:05:49 | 005,135,288 | ---- | M] (Piriform Ltd) -- C:\Users\Goblin\Desktop\spsetup128.exe
    [2015/01/27 17:49:12 | 002,129,920 | ---- | M] (Farbar) -- C:\Users\Goblin\Desktop\FRST64.exe
    [2015/01/27 17:47:56 | 001,707,939 | ---- | M] (Thisisu) -- C:\Users\Goblin\Desktop\JRT.exe
    [2015/01/27 17:37:12 | 002,194,432 | ---- | M] () -- C:\Users\Goblin\Desktop\AdwCleaner.exe
    [2015/01/27 14:21:41 | 004,087,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2015/01/27 14:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2015/01/20 23:02:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
    [2015/01/15 16:22:09 | 000,000,680 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
    [2015/01/13 18:21:23 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2015/01/13 18:21:23 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2015/01/10 10:22:31 | 000,006,656 | ---- | M] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== Files Created - No Company Name ==========
     
    [2015/01/27 18:26:12 | 000,061,440 | ---- | C] ( ) -- C:\Users\Goblin\Desktop\VEW(1).exe
    [2015/01/27 17:44:30 | 002,194,432 | ---- | C] () -- C:\Users\Goblin\Desktop\AdwCleaner.exe
    [2015/01/15 16:22:09 | 000,000,680 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
    [2014/12/20 12:20:35 | 000,638,976 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2014/12/20 12:20:35 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2014/12/20 12:17:05 | 000,006,656 | ---- | C] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/09/22 16:33:16 | 000,795,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/09/22 16:29:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2014/09/22 16:29:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2014/09/22 16:29:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2014/09/21 20:05:15 | 000,000,732 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
     
    ========== ZeroAccess Check ==========
     
    [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 11:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: SCSI
    Media Type: Fixed hard disk media
    Model: ST3750630AS
    Partitions: 2
    Status: OK
    Status Info: 0
     
    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: USB
    Media Type:
    Model: Generic- Compact Flash USB Device
    Partitions: 0
    Status: OK
    Status Info: 0
     
    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: USB
    Media Type:
    Model: Generic- SM/xD-Picture USB Device
    Partitions: 0
    Status: OK
    Status Info: 0
     
    Drive: \\\\.\\PHYSICALDRIVE3 -
    Interface type: USB
    Media Type:
    Model: Generic- SD/MMC USB Device
    Partitions: 0
    Status: OK
    Status Info: 0
     
    Drive: \\\\.\\PHYSICALDRIVE4 -
    Interface type: USB
    Media Type:
    Model: Generic- MS/MS-Pro USB Device
    Partitions: 0
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 685.00GB
    Starting Offset: 32256
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 14.00GB
    Starting Offset: 735595015680
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2014/09/21 20:57:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Adobe
    [2015/01/10 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\CyberLink
    [2014/09/21 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Hewlett-Packard
    [2014/09/21 20:09:57 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\HP TCS
    [2015/01/27 13:58:16 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\HpUpdate
    [2014/09/21 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Identities
    [2014/09/21 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\InstallShield
    [2014/09/21 20:57:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Macromedia
    [2006/11/02 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Media Center Programs
    [2014/12/21 13:33:38 | 000,000,000 | --SD | M] -- C:\Users\Goblin\AppData\Roaming\Microsoft
    [2014/09/23 17:36:58 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mozilla
    [2014/09/21 20:35:27 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Oracle
    [2014/09/21 20:15:16 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\PictureMover
    [2015/01/20 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\uTorrent
     
    < MD5 for: ATAPI.SYS  >
    [2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
    [2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
     
    < MD5 for: CSRSS.EXE  >
    [2008/01/20 21:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
    [2008/01/20 21:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
    [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
    [2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
    [2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
    [2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
    [2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
    [2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
    [2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
    [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
    [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
    [2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
    [2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
    [2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
    [2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2008/01/20 21:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
    [2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
    [2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
    [2008/01/20 21:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
    [2009/04/11 02:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
    [2009/04/11 02:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll
     
    < MD5 for: NAPINSP.DLL  >
    [2008/01/20 21:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
    [2008/01/20 21:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
    [2008/01/20 21:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
    [2008/01/20 21:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
     
    < MD5 for: NLAAPI.DLL  >
    [2014/12/05 22:14:36 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=16D4D2D721E6DB8518225A37674163F8 -- C:\Windows\SysWOW64\nlaapi.dll
    [2014/12/05 22:14:36 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=16D4D2D721E6DB8518225A37674163F8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6002.19250_none_cfa9909ef4f764d3\nlaapi.dll
    [2014/12/05 21:36:01 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=25D61294A279C3F5C7064EF4240A1076 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6002.23557_none_c5e588e9d9adee51\nlaapi.dll
    [2014/12/05 21:51:13 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=53EADC48A171BA97E0543D54C6760000 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6002.23557_none_d03a333c0e0eb04c\nlaapi.dll
    [2008/01/20 21:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
    [2008/01/20 21:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll
    [2014/12/05 21:54:19 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=F0BD3A3E8E56866BFC9E5754C8401686 -- C:\Windows\SysNative\nlaapi.dll
    [2014/12/05 21:54:19 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=F0BD3A3E8E56866BFC9E5754C8401686 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6002.19250_none_c554e64cc096a2d8\nlaapi.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2008/01/20 21:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
    [2008/01/20 21:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
    [2008/01/20 21:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
    [2008/01/20 21:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll
     
    < MD5 for: SERVICES.EXE  >
    [2008/01/20 21:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2009/04/11 02:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
    [2009/04/11 02:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
    [2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2008/01/20 21:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
    [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
    [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2008/01/20 21:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
    [2008/01/20 21:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
    [2009/04/11 01:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
    [2009/04/11 01:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
    [2009/04/11 02:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
    [2009/04/11 02:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
    [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
    [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
    [2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
    [2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
    [2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
    [2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2008/01/20 21:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
    [2008/01/20 21:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
    [2008/01/20 21:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
    [2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
    [2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
    [2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll
     
    < MD5 for: WSHELPER.DLL  >
    [2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
    [2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
    [2006/11/02 06:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
    [2006/11/02 06:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/01/27 14:15:47 | 000,922,168 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/01/27 14:15:47 | 000,922,168 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/01/27 14:15:47 | 000,922,168 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2015/01/27 14:17:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2015/01/27 14:17:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2015/01/27 14:17:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2014/09/22 18:53:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2014/09/22 18:53:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2014/09/22 18:53:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2014/11/24 15:51:01 | 000,757,968 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2014/11/24 15:51:01 | 000,757,968 | ---- | M] (Microsoft Corporation)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/09/22 18:53:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/09/22 18:53:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/09/22 18:53:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/11/24 15:51:01 | 000,757,968 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2014/11/24 15:51:01 | 000,757,968 | ---- | M] (Microsoft Corporation)
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2010/06/28 09:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
    [2006/11/02 10:14:04 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
    [2009/04/11 01:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
    [2006/09/19 06:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
    [2009/02/18 13:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
    [2009/02/18 13:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
    [2009/02/18 13:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
    [2009/02/18 13:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
    [2009/02/18 13:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
    [2006/09/19 06:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
    [2009/04/11 01:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < End of report >
     


    • 0

    #6
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    System Idle Process    95.37    0 K    24 K    0            
    procexp64.exe    1.93    30,268 K    42,140 K    3720    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Sysinternals
    sidebar.exe    0.77    44,700 K    44,880 K    2800    Windows Sidebar    Microsoft Corporation    (Verified) Microsoft Windows
    MsMpEng.exe    0.77    102,284 K    93,604 K    132    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
    Interrupts    0.77    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    System    0.39    0 K    31,996 K    4            
    svchost.exe    < 0.01    121,096 K    126,304 K    548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    csrss.exe    < 0.01    14,328 K    15,224 K    636    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    < 0.01    33,872 K    46,700 K    640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    explorer.exe    < 0.01    28,076 K    41,308 K    2100    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
    CLMLSvc.exe    < 0.01    27,860 K    13,660 K    2516    CyberLink MediaLibray Service    CyberLink    (Verified) CyberLink
    csrss.exe    < 0.01    2,948 K    7,576 K    560    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    wmpnetwk.exe    < 0.01    6,028 K    11,648 K    3596    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
    SearchIndexer.exe    < 0.01    108,120 K    17,864 K    500    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
    NvBackend.exe    < 0.01    22,168 K    28,864 K    2744    NVIDIA GeForce Experience Backend    NVIDIA Corporation    (Verified) NVIDIA Corporation
    lsass.exe    < 0.01    4,624 K    1,056 K    684    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
    HPHC_Service.exe    < 0.01    27,976 K    19,328 K    3896    HP Health Check Service    Hewlett-Packard    (No signature was present in the subject) Hewlett-Packard
    NvNetworkService.exe    < 0.01    3,204 K    6,776 K    2704    NVIDIA Network Service    NVIDIA Corporation    (Verified) NVIDIA Corporation
    nvvsvc.exe    < 0.01    7,248 K    14,496 K    2024    NVIDIA Driver Helper Service, Version 344.75    NVIDIA Corporation    (Verified) NVIDIA Corporation
    spoolsv.exe    < 0.01    7,992 K    13,020 K    1548    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
    WUDFHost.exe        3,548 K    6,316 K    2168    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
    wmpnscfg.exe        2,636 K    7,052 K    3396    Windows Media Player Network Sharing Service Configuration Application    Microsoft Corporation    (Verified) Microsoft Windows
    WmiPrvSE.exe        3,888 K    7,600 K    1080    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    WLIDSVCM.EXE        1,832 K    4,008 K    3048    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
    WLIDSVC.EXE        9,116 K    15,796 K    2160    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
    winlogon.exe        3,088 K    7,740 K    796    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
    wininit.exe        1,924 K    5,284 K    624    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
    TSMAgent.exe        6,640 K    10,708 K    1868    CyberLink PowerCinema Resident Program    CyberLink Corp.    (Verified) CyberLink
    taskeng.exe        12,060 K    14,100 K    1944    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
    taskeng.exe        3,052 K    7,644 K    2196    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        11,668 K    18,944 K    1112    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        19,896 K    21,408 K    1212    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        3,952 K    7,924 K    884    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        5,560 K    9,288 K    956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        16,516 K    16,356 K    524    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        3,088 K    6,624 K    1044    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        19,952 K    25,936 K    1584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        3,176 K    7,100 K    2732    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        5,976 K    9,520 K    2176    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        1,444 K    3,248 K    856    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,376 K    37,316 K    1592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    smss.exe        576 K    1,092 K    492    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
    SmartMenu.exe        78,096 K    66,480 K    2548    HP MediaSmart SmartMenu    Hewlett-Packard    (Verified) Hewlett-Packard Company
    SLsvc.exe        9,260 K    14,288 K    1060    Microsoft Software Licensing Service    Microsoft Corporation    (Verified) Microsoft Windows
    services.exe        3,780 K    8,588 K    672    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
    procexp.exe        4,184 K    8,300 K    4356    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    PresentationFontCache.exe        27,384 K    18,764 K    3204    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Windows
    nvxdsync.exe        9,648 K    19,596 K    2016    NVIDIA User Experience Driver Component    NVIDIA Corporation    (Verified) NVIDIA Corporation
    nvvsvc.exe        4,408 K    8,292 K    928    NVIDIA Driver Helper Service, Version 344.75    NVIDIA Corporation    (Verified) NVIDIA Corporation
    nvtray.exe        5,768 K    12,404 K    2808    NVIDIA Settings    NVIDIA Corporation    (Verified) NVIDIA Corporation
    NisSrv.exe        13,360 K    2,016 K    360    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Corporation
    msseces.exe        7,452 K    13,944 K    2752    Microsoft Security Client User Interface    Microsoft Corporation    (Verified) Microsoft Corporation
    mobsync.exe        5,484 K    10,352 K    3388    Microsoft Sync Center    Microsoft Corporation    (Verified) Microsoft Windows
    LSSrvc.exe        1,548 K    5,128 K    2976    LightScribe Service    Hewlett-Packard Company    (No signature was present in the subject) Hewlett-Packard Company
    lsm.exe        3,376 K    5,632 K    692    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
    kbd.exe        10,220 K    9,956 K    3164    KBD EXE    Hewlett-Packard Company    (No signature was present in the subject) Hewlett-Packard Company
    jusched.exe        4,708 K    11,500 K    2968    Java™ Update Scheduler    Oracle Corporation    (Verified) Oracle America
    IAANTmon.exe        3,572 K    7,304 K    1820    RAID Monitor    Intel Corporation    (Verified) Intel Corporation
    IAAnotif.exe        3,716 K    7,988 K    2632    Event Monitor User Notification Tool    Intel Corporation    (Verified) Intel Corporation
    hpwuschd2.exe        1,352 K    4,504 K    1692    hpwuSchd Application    Hewlett-Packard    (Verified) Hewlett-Packard Company
    hpsysdrv.exe        1,144 K    4,048 K    2000    hpsysdrv    Hewlett-Packard Company    (No signature was present in the subject) Hewlett-Packard Company
    HPBtnSrv.exe        3,952 K    7,200 K    2616            (No signature was present in the subject)
    GfExperienceService.exe        2,224 K    5,448 K    2564    NVIDIA GeForce Experience Service    NVIDIA Corporation    (Verified) NVIDIA Corporation
    dwm.exe        2,144 K    5,488 K    1352    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
    DVDAgent.exe        5,624 K    10,736 K    2680    HP DVDSmart Resident Program    CyberLink Corp.    (Verified) CyberLink
    audiodg.exe        16,532 K    19,744 K    324    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
     


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP
    When you get a chance: Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix. It may reboot. 

    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

    You have some remnants of a Norton/Symantec Anti-virus which didn't completely uninstall.  The above will remove them.

     

    Process Explorer is looking really good so it doesn't look like software is the problem.  Probably going to be hardware.  May be overheating.

     

     

     

     


    • 0

    #8
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Ok SFC finished.

     

    2015-01-28 18:59:06, Info                  CSI    00000006 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:06, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:09, Info                  CSI    00000009 [SR] Verify complete
    2015-01-28 18:59:10, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:10, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:12, Info                  CSI    0000000d [SR] Verify complete
    2015-01-28 18:59:13, Info                  CSI    0000000e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:13, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:16, Info                  CSI    00000011 [SR] Verify complete
    2015-01-28 18:59:17, Info                  CSI    00000012 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:17, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:19, Info                  CSI    00000015 [SR] Verify complete
    2015-01-28 18:59:20, Info                  CSI    00000016 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:20, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:23, Info                  CSI    00000019 [SR] Verify complete
    2015-01-28 18:59:26, Info                  CSI    0000001a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:26, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:28, Info                  CSI    0000001d [SR] Verify complete
    2015-01-28 18:59:29, Info                  CSI    0000001e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:29, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:32, Info                  CSI    00000021 [SR] Verify complete
    2015-01-28 18:59:32, Info                  CSI    00000022 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:32, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:35, Info                  CSI    00000025 [SR] Verify complete
    2015-01-28 18:59:35, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:35, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:37, Info                  CSI    00000029 [SR] Verify complete
    2015-01-28 18:59:38, Info                  CSI    0000002a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:38, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:40, Info                  CSI    0000002d [SR] Verify complete
    2015-01-28 18:59:41, Info                  CSI    0000002e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:41, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:44, Info                  CSI    00000031 [SR] Verify complete
    2015-01-28 18:59:44, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:44, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:46, Info                  CSI    00000035 [SR] Verify complete
    2015-01-28 18:59:47, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:47, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:49, Info                  CSI    00000039 [SR] Verify complete
    2015-01-28 18:59:50, Info                  CSI    0000003a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:50, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:52, Info                  CSI    0000003d [SR] Verify complete
    2015-01-28 18:59:53, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:53, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:55, Info                  CSI    00000041 [SR] Verify complete
    2015-01-28 18:59:55, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:55, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
    2015-01-28 18:59:58, Info                  CSI    00000045 [SR] Verify complete
    2015-01-28 18:59:58, Info                  CSI    00000046 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 18:59:58, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:00, Info                  CSI    00000049 [SR] Verify complete
    2015-01-28 19:00:01, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:01, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:03, Info                  CSI    0000004d [SR] Verify complete
    2015-01-28 19:00:04, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:04, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:06, Info                  CSI    00000051 [SR] Verify complete
    2015-01-28 19:00:06, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:06, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:10, Info                  CSI    00000055 [SR] Verify complete
    2015-01-28 19:00:11, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:11, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:13, Info                  CSI    00000059 [SR] Verify complete
    2015-01-28 19:00:14, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:14, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:17, Info                  CSI    0000005d [SR] Verify complete
    2015-01-28 19:00:18, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:18, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:19, Info                  CSI    00000061 [SR] Verify complete
    2015-01-28 19:00:20, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:20, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:23, Info                  CSI    00000065 [SR] Verify complete
    2015-01-28 19:00:24, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:24, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:25, Info                  CSI    00000069 [SR] Verify complete
    2015-01-28 19:00:26, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:26, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:30, Info                  CSI    0000006d [SR] Verify complete
    2015-01-28 19:00:30, Info                  CSI    0000006e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:30, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:32, Info                  CSI    00000071 [SR] Verify complete
    2015-01-28 19:00:33, Info                  CSI    00000072 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:33, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:35, Info                  CSI    00000075 [SR] Verify complete
    2015-01-28 19:00:35, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:35, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:37, Info                  CSI    00000079 [SR] Verify complete
    2015-01-28 19:00:37, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:37, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:40, Info                  CSI    0000007d [SR] Verify complete
    2015-01-28 19:00:40, Info                  CSI    0000007e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:40, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:46, Info                  CSI    00000081 [SR] Verify complete
    2015-01-28 19:00:46, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:46, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:51, Info                  CSI    00000086 [SR] Verify complete
    2015-01-28 19:00:51, Info                  CSI    00000087 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:51, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:00:58, Info                  CSI    0000008c [SR] Verify complete
    2015-01-28 19:00:59, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:00:59, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:04, Info                  CSI    00000090 [SR] Verify complete
    2015-01-28 19:01:04, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:04, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:09, Info                  CSI    00000096 [SR] Verify complete
    2015-01-28 19:01:10, Info                  CSI    00000097 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:10, Info                  CSI    00000098 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:16, Info                  CSI    0000009d [SR] Verify complete
    2015-01-28 19:01:16, Info                  CSI    0000009e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:16, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:26, Info                  CSI    000000be [SR] Verify complete
    2015-01-28 19:01:26, Info                  CSI    000000bf [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:26, Info                  CSI    000000c0 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:32, Info                  CSI    000000c5 [SR] Verify complete
    2015-01-28 19:01:32, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:32, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:39, Info                  CSI    000000c9 [SR] Verify complete
    2015-01-28 19:01:40, Info                  CSI    000000ca [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:40, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:47, Info                  CSI    000000cd [SR] Verify complete
    2015-01-28 19:01:47, Info                  CSI    000000ce [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:47, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:52, Info                  CSI    000000d3 [SR] Verify complete
    2015-01-28 19:01:52, Info                  CSI    000000d4 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:52, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:55, Info                  CSI    000000d7 [SR] Verify complete
    2015-01-28 19:01:55, Info                  CSI    000000d8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:55, Info                  CSI    000000d9 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:01:56, Info                  CSI    000000db [SR] Verify complete
    2015-01-28 19:01:57, Info                  CSI    000000dc [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:01:57, Info                  CSI    000000dd [SR] Beginning Verify and Repair transaction
    2015-01-28 19:02:00, Info                  CSI    000000df [SR] Verify complete
    2015-01-28 19:02:01, Info                  CSI    000000e0 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:02:01, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:02:03, Info                  CSI    000000e3 [SR] Verify complete
    2015-01-28 19:02:03, Info                  CSI    000000e4 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:02:03, Info                  CSI    000000e5 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:02:07, Info                  CSI    000000e7 [SR] Verify complete
    2015-01-28 19:02:07, Info                  CSI    000000e8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 19:02:07, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
    2015-01-28 19:02:10, Info                  CSI    000000eb [SR] Verify complete
    2015-01-28 21:48:34, Info                  CSI    00000006 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:34, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:37, Info                  CSI    00000009 [SR] Verify complete
    2015-01-28 21:48:38, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:38, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:40, Info                  CSI    0000000d [SR] Verify complete
    2015-01-28 21:48:40, Info                  CSI    0000000e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:40, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:43, Info                  CSI    00000011 [SR] Verify complete
    2015-01-28 21:48:44, Info                  CSI    00000012 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:44, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:46, Info                  CSI    00000015 [SR] Verify complete
    2015-01-28 21:48:47, Info                  CSI    00000016 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:47, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:49, Info                  CSI    00000019 [SR] Verify complete
    2015-01-28 21:48:50, Info                  CSI    0000001a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:50, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:52, Info                  CSI    0000001d [SR] Verify complete
    2015-01-28 21:48:53, Info                  CSI    0000001e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:53, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:55, Info                  CSI    00000021 [SR] Verify complete
    2015-01-28 21:48:56, Info                  CSI    00000022 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:56, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:48:58, Info                  CSI    00000025 [SR] Verify complete
    2015-01-28 21:48:58, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:48:58, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:01, Info                  CSI    00000029 [SR] Verify complete
    2015-01-28 21:49:01, Info                  CSI    0000002a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:01, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:03, Info                  CSI    0000002d [SR] Verify complete
    2015-01-28 21:49:04, Info                  CSI    0000002e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:04, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:06, Info                  CSI    00000031 [SR] Verify complete
    2015-01-28 21:49:07, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:07, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:09, Info                  CSI    00000035 [SR] Verify complete
    2015-01-28 21:49:09, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:09, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:11, Info                  CSI    00000039 [SR] Verify complete
    2015-01-28 21:49:12, Info                  CSI    0000003a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:12, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:14, Info                  CSI    0000003d [SR] Verify complete
    2015-01-28 21:49:15, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:15, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:17, Info                  CSI    00000041 [SR] Verify complete
    2015-01-28 21:49:17, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:17, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:19, Info                  CSI    00000045 [SR] Verify complete
    2015-01-28 21:49:20, Info                  CSI    00000046 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:20, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:22, Info                  CSI    00000049 [SR] Verify complete
    2015-01-28 21:49:23, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:23, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:25, Info                  CSI    0000004d [SR] Verify complete
    2015-01-28 21:49:25, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:25, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:27, Info                  CSI    00000051 [SR] Verify complete
    2015-01-28 21:49:28, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:28, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:30, Info                  CSI    00000055 [SR] Verify complete
    2015-01-28 21:49:31, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:31, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:33, Info                  CSI    00000059 [SR] Verify complete
    2015-01-28 21:49:34, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:34, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:37, Info                  CSI    0000005d [SR] Verify complete
    2015-01-28 21:49:37, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:37, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:39, Info                  CSI    00000061 [SR] Verify complete
    2015-01-28 21:49:40, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:40, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:42, Info                  CSI    00000065 [SR] Verify complete
    2015-01-28 21:49:43, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:43, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:45, Info                  CSI    00000069 [SR] Verify complete
    2015-01-28 21:49:45, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:45, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:48, Info                  CSI    0000006d [SR] Verify complete
    2015-01-28 21:49:49, Info                  CSI    0000006e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:49, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:51, Info                  CSI    00000071 [SR] Verify complete
    2015-01-28 21:49:51, Info                  CSI    00000072 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:51, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:53, Info                  CSI    00000075 [SR] Verify complete
    2015-01-28 21:49:53, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:53, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:55, Info                  CSI    00000079 [SR] Verify complete
    2015-01-28 21:49:55, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:55, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:49:58, Info                  CSI    0000007d [SR] Verify complete
    2015-01-28 21:49:58, Info                  CSI    0000007e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:49:58, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:04, Info                  CSI    00000081 [SR] Verify complete
    2015-01-28 21:50:04, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:04, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:08, Info                  CSI    00000086 [SR] Verify complete
    2015-01-28 21:50:09, Info                  CSI    00000087 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:09, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:16, Info                  CSI    0000008c [SR] Verify complete
    2015-01-28 21:50:16, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:16, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:22, Info                  CSI    00000090 [SR] Verify complete
    2015-01-28 21:50:22, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:22, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:27, Info                  CSI    00000096 [SR] Verify complete
    2015-01-28 21:50:28, Info                  CSI    00000097 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:28, Info                  CSI    00000098 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:35, Info                  CSI    0000009d [SR] Verify complete
    2015-01-28 21:50:36, Info                  CSI    0000009e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:36, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:43, Info                  CSI    000000be [SR] Verify complete
    2015-01-28 21:50:43, Info                  CSI    000000bf [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:43, Info                  CSI    000000c0 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:49, Info                  CSI    000000c5 [SR] Verify complete
    2015-01-28 21:50:49, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:49, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:50:55, Info                  CSI    000000c9 [SR] Verify complete
    2015-01-28 21:50:55, Info                  CSI    000000ca [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:50:55, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:01, Info                  CSI    000000cd [SR] Verify complete
    2015-01-28 21:51:01, Info                  CSI    000000ce [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:01, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:06, Info                  CSI    000000d3 [SR] Verify complete
    2015-01-28 21:51:06, Info                  CSI    000000d4 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:06, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:08, Info                  CSI    000000d7 [SR] Verify complete
    2015-01-28 21:51:08, Info                  CSI    000000d8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:08, Info                  CSI    000000d9 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:10, Info                  CSI    000000db [SR] Verify complete
    2015-01-28 21:51:10, Info                  CSI    000000dc [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:10, Info                  CSI    000000dd [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:14, Info                  CSI    000000df [SR] Verify complete
    2015-01-28 21:51:14, Info                  CSI    000000e0 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:14, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:16, Info                  CSI    000000e3 [SR] Verify complete
    2015-01-28 21:51:16, Info                  CSI    000000e4 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:16, Info                  CSI    000000e5 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:20, Info                  CSI    000000e7 [SR] Verify complete
    2015-01-28 21:51:20, Info                  CSI    000000e8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:20, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:23, Info                  CSI    000000eb [SR] Verify complete
    2015-01-28 21:51:23, Info                  CSI    000000ec [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:23, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:25, Info                  CSI    000000ef [SR] Verify complete
    2015-01-28 21:51:26, Info                  CSI    000000f0 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:26, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:35, Info                  CSI    0000010d [SR] Verify complete
    2015-01-28 21:51:35, Info                  CSI    0000010e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:35, Info                  CSI    0000010f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:45, Info                  CSI    00000111 [SR] Verify complete
    2015-01-28 21:51:45, Info                  CSI    00000112 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:45, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:51:59, Info                  CSI    00000115 [SR] Verify complete
    2015-01-28 21:51:59, Info                  CSI    00000116 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:51:59, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:03, Info                  CSI    00000119 [SR] Verify complete
    2015-01-28 21:52:03, Info                  CSI    0000011a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:03, Info                  CSI    0000011b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:04, Info                  CSI    0000011d [SR] Verify complete
    2015-01-28 21:52:04, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:04, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:05, Info                  CSI    00000121 [SR] Verify complete
    2015-01-28 21:52:05, Info                  CSI    00000122 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:05, Info                  CSI    00000123 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:13, Info                  CSI    00000134 [SR] Verify complete
    2015-01-28 21:52:13, Info                  CSI    00000135 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:13, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:17, Info                  CSI    0000013a [SR] Verify complete
    2015-01-28 21:52:17, Info                  CSI    0000013b [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:17, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:18, Info                  CSI    0000013e [SR] Verify complete
    2015-01-28 21:52:18, Info                  CSI    0000013f [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:18, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:21, Info                  CSI    00000142 [SR] Verify complete
    2015-01-28 21:52:21, Info                  CSI    00000143 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:21, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:26, Info                  CSI    00000146 [SR] Verify complete
    2015-01-28 21:52:26, Info                  CSI    00000147 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:26, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:36, Info                  CSI    0000014b [SR] Verify complete
    2015-01-28 21:52:36, Info                  CSI    0000014c [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:36, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:41, Info                  CSI    0000014f [SR] Verify complete
    2015-01-28 21:52:41, Info                  CSI    00000150 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:41, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:44, Info                  CSI    00000153 [SR] Verify complete
    2015-01-28 21:52:44, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:44, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:52, Info                  CSI    00000157 [SR] Verify complete
    2015-01-28 21:52:52, Info                  CSI    00000158 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:52, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:52:56, Info                  CSI    0000015b [SR] Verify complete
    2015-01-28 21:52:56, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:52:56, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
    2015-01-28 21:53:00, Info                  CSI    0000015f [SR] Verify complete
    2015-01-28 21:53:01, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:53:01, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:53:11, Info                  CSI    00000179 [SR] Verify complete
    2015-01-28 21:53:11, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:53:11, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:53:20, Info                  CSI    0000017d [SR] Verify complete
    2015-01-28 21:53:21, Info                  CSI    0000017e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:53:21, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:53:36, Info                  CSI    00000181 [SR] Verify complete
    2015-01-28 21:53:36, Info                  CSI    00000182 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:53:36, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:53:49, Info                  CSI    00000185 [SR] Verify complete
    2015-01-28 21:53:49, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:53:49, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:00, Info                  CSI    00000189 [SR] Verify complete
    2015-01-28 21:54:00, Info                  CSI    0000018a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:00, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:07, Info                  CSI    0000018d [SR] Verify complete
    2015-01-28 21:54:07, Info                  CSI    0000018e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:07, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:14, Info                  CSI    00000191 [SR] Verify complete
    2015-01-28 21:54:14, Info                  CSI    00000192 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:14, Info                  CSI    00000193 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:19, Info                  CSI    00000197 [SR] Verify complete
    2015-01-28 21:54:19, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:19, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:29, Info                  CSI    0000019c [SR] Verify complete
    2015-01-28 21:54:29, Info                  CSI    0000019d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:29, Info                  CSI    0000019e [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:35, Info                  CSI    000001a0 [SR] Verify complete
    2015-01-28 21:54:35, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:35, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:41, Info                  CSI    000001a4 [SR] Verify complete
    2015-01-28 21:54:41, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:41, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:49, Info                  CSI    000001a8 [SR] Verify complete
    2015-01-28 21:54:49, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:49, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
    2015-01-28 21:54:53, Info                  CSI    000001ac [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 21:54:56, Info                  CSI    000001ae [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 21:54:56, Info                  CSI    000001af [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
    2015-01-28 21:54:57, Info                  CSI    000001b1 [SR] Verify complete
    2015-01-28 21:54:57, Info                  CSI    000001b2 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:54:57, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:04, Info                  CSI    000001b5 [SR] Verify complete
    2015-01-28 21:55:04, Info                  CSI    000001b6 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:04, Info                  CSI    000001b7 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:11, Info                  CSI    000001b9 [SR] Verify complete
    2015-01-28 21:55:11, Info                  CSI    000001ba [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:11, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:21, Info                  CSI    000001be [SR] Verify complete
    2015-01-28 21:55:21, Info                  CSI    000001bf [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:21, Info                  CSI    000001c0 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:27, Info                  CSI    000001c2 [SR] Verify complete
    2015-01-28 21:55:27, Info                  CSI    000001c3 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:27, Info                  CSI    000001c4 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:32, Info                  CSI    000001c6 [SR] Verify complete
    2015-01-28 21:55:32, Info                  CSI    000001c7 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:32, Info                  CSI    000001c8 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:40, Info                  CSI    000001cb [SR] Verify complete
    2015-01-28 21:55:40, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:40, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:47, Info                  CSI    000001d3 [SR] Verify complete
    2015-01-28 21:55:47, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:47, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:55:55, Info                  CSI    000001d7 [SR] Verify complete
    2015-01-28 21:55:55, Info                  CSI    000001d8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:55:55, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:56:04, Info                  CSI    000001db [SR] Verify complete
    2015-01-28 21:56:04, Info                  CSI    000001dc [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:56:04, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
    2015-01-28 21:56:08, Info                  CSI    000001df [SR] Verify complete
    2015-01-28 21:56:08, Info                  CSI    000001e0 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:56:08, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:56:13, Info                  CSI    000001e3 [SR] Verify complete
    2015-01-28 21:56:14, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:56:14, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:56:22, Info                  CSI    000001e7 [SR] Verify complete
    2015-01-28 21:56:23, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:56:23, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:56:35, Info                  CSI    000001eb [SR] Verify complete
    2015-01-28 21:56:35, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:56:35, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
    2015-01-28 21:56:41, Info                  CSI    000001ef [SR] Verify complete
    2015-01-28 21:56:41, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:56:41, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:57:01, Info                  CSI    000001f3 [SR] Verify complete
    2015-01-28 21:57:02, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:57:02, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:57:09, Info                  CSI    000001f7 [SR] Verify complete
    2015-01-28 21:57:10, Info                  CSI    000001f8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:57:10, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:57:25, Info                  CSI    00000204 [SR] Verify complete
    2015-01-28 21:57:25, Info                  CSI    00000205 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:57:25, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:57:32, Info                  CSI    00000208 [SR] Verify complete
    2015-01-28 21:57:33, Info                  CSI    00000209 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:57:33, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
    2015-01-28 21:57:42, Info                  CSI    0000020d [SR] Verify complete
    2015-01-28 21:57:42, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:57:42, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:57:51, Info                  CSI    00000211 [SR] Verify complete
    2015-01-28 21:57:52, Info                  CSI    00000212 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:57:52, Info                  CSI    00000213 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:01, Info                  CSI    00000215 [SR] Verify complete
    2015-01-28 21:58:01, Info                  CSI    00000216 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:01, Info                  CSI    00000217 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:06, Info                  CSI    00000219 [SR] Verify complete
    2015-01-28 21:58:06, Info                  CSI    0000021a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:06, Info                  CSI    0000021b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:07, Info                  CSI    0000021d [SR] Verify complete
    2015-01-28 21:58:07, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:07, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:17, Info                  CSI    00000223 [SR] Verify complete
    2015-01-28 21:58:18, Info                  CSI    00000224 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:18, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:26, Info                  CSI    00000227 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 21:58:27, Info                  CSI    0000022c [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 21:58:27, Info                  CSI    0000022d [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
    2015-01-28 21:58:28, Info                  CSI    0000022f [SR] Verify complete
    2015-01-28 21:58:28, Info                  CSI    00000230 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:28, Info                  CSI    00000231 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:40, Info                  CSI    0000023b [SR] Verify complete
    2015-01-28 21:58:40, Info                  CSI    0000023c [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:40, Info                  CSI    0000023d [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:49, Info                  CSI    00000249 [SR] Verify complete
    2015-01-28 21:58:49, Info                  CSI    0000024a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:49, Info                  CSI    0000024b [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:54, Info                  CSI    0000024d [SR] Verify complete
    2015-01-28 21:58:54, Info                  CSI    0000024e [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:54, Info                  CSI    0000024f [SR] Beginning Verify and Repair transaction
    2015-01-28 21:58:59, Info                  CSI    00000254 [SR] Verify complete
    2015-01-28 21:58:59, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:58:59, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:03, Info                  CSI    00000258 [SR] Verify complete
    2015-01-28 21:59:04, Info                  CSI    00000259 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:04, Info                  CSI    0000025a [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:10, Info                  CSI    0000027f [SR] Verify complete
    2015-01-28 21:59:10, Info                  CSI    00000280 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:10, Info                  CSI    00000281 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:14, Info                  CSI    00000283 [SR] Verify complete
    2015-01-28 21:59:14, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:14, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:19, Info                  CSI    00000287 [SR] Verify complete
    2015-01-28 21:59:19, Info                  CSI    00000288 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:19, Info                  CSI    00000289 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:24, Info                  CSI    0000028b [SR] Verify complete
    2015-01-28 21:59:24, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:24, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:31, Info                  CSI    0000029e [SR] Verify complete
    2015-01-28 21:59:31, Info                  CSI    0000029f [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:31, Info                  CSI    000002a0 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:39, Info                  CSI    000002ab [SR] Verify complete
    2015-01-28 21:59:39, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:39, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:43, Info                  CSI    000002b2 [SR] Verify complete
    2015-01-28 21:59:44, Info                  CSI    000002b3 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:44, Info                  CSI    000002b4 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:46, Info                  CSI    000002b7 [SR] Verify complete
    2015-01-28 21:59:47, Info                  CSI    000002b8 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:47, Info                  CSI    000002b9 [SR] Beginning Verify and Repair transaction
    2015-01-28 21:59:56, Info                  CSI    000002bc [SR] Verify complete
    2015-01-28 21:59:56, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 21:59:56, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:00, Info                  CSI    000002c0 [SR] Verify complete
    2015-01-28 22:00:00, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:00, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:04, Info                  CSI    000002c4 [SR] Verify complete
    2015-01-28 22:00:05, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:05, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:09, Info                  CSI    000002c8 [SR] Verify complete
    2015-01-28 22:00:10, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:10, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:16, Info                  CSI    000002ce [SR] Verify complete
    2015-01-28 22:00:16, Info                  CSI    000002cf [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:16, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:23, Info                  CSI    000002ea [SR] Verify complete
    2015-01-28 22:00:23, Info                  CSI    000002eb [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:23, Info                  CSI    000002ec [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:36, Info                  CSI    000002ee [SR] Verify complete
    2015-01-28 22:00:36, Info                  CSI    000002ef [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:36, Info                  CSI    000002f0 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:42, Info                  CSI    000002f2 [SR] Verify complete
    2015-01-28 22:00:42, Info                  CSI    000002f3 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:42, Info                  CSI    000002f4 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:51, Info                  CSI    000002f6 [SR] Verify complete
    2015-01-28 22:00:51, Info                  CSI    000002f7 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:51, Info                  CSI    000002f8 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:00:55, Info                  CSI    000002fa [SR] Verify complete
    2015-01-28 22:00:55, Info                  CSI    000002fb [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:00:55, Info                  CSI    000002fc [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:04, Info                  CSI    000002ff [SR] Verify complete
    2015-01-28 22:01:04, Info                  CSI    00000300 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:04, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:09, Info                  CSI    00000303 [SR] Verify complete
    2015-01-28 22:01:09, Info                  CSI    00000304 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:09, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:15, Info                  CSI    00000307 [SR] Verify complete
    2015-01-28 22:01:15, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:15, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:19, Info                  CSI    0000030b [SR] Verify complete
    2015-01-28 22:01:19, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:19, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:24, Info                  CSI    00000310 [SR] Verify complete
    2015-01-28 22:01:24, Info                  CSI    00000311 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:24, Info                  CSI    00000312 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:30, Info                  CSI    00000314 [SR] Verify complete
    2015-01-28 22:01:30, Info                  CSI    00000315 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:30, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:36, Info                  CSI    00000319 [SR] Verify complete
    2015-01-28 22:01:36, Info                  CSI    0000031a [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:36, Info                  CSI    0000031b [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:42, Info                  CSI    0000031f [SR] Verify complete
    2015-01-28 22:01:42, Info                  CSI    00000320 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:42, Info                  CSI    00000321 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:49, Info                  CSI    00000324 [SR] Verify complete
    2015-01-28 22:01:50, Info                  CSI    00000325 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:50, Info                  CSI    00000326 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:01:55, Info                  CSI    00000328 [SR] Verify complete
    2015-01-28 22:01:56, Info                  CSI    00000329 [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:01:56, Info                  CSI    0000032a [SR] Beginning Verify and Repair transaction
    2015-01-28 22:02:04, Info                  CSI    0000032c [SR] Verify complete
    2015-01-28 22:02:04, Info                  CSI    0000032d [SR] Verifying 100 (0x0000000000000064) components
    2015-01-28 22:02:04, Info                  CSI    0000032e [SR] Beginning Verify and Repair transaction
    2015-01-28 22:02:11, Info                  CSI    00000330 [SR] Verify complete
    2015-01-28 22:02:11, Info                  CSI    00000331 [SR] Verifying 54 (0x0000000000000036) components
    2015-01-28 22:02:11, Info                  CSI    00000332 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:02:14, Info                  CSI    00000334 [SR] Verify complete
    2015-01-28 22:02:14, Info                  CSI    00000335 [SR] Repairing 2 components
    2015-01-28 22:02:14, Info                  CSI    00000336 [SR] Beginning Verify and Repair transaction
    2015-01-28 22:02:15, Info                  CSI    00000338 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 22:02:15, Info                  CSI    0000033a [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 22:02:15, Info                  CSI    0000033c [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 22:02:15, Info                  CSI    0000033d [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
    2015-01-28 22:02:15, Info                  CSI    0000033f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2015-01-28 22:02:15, Info                  CSI    00000340 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
    2015-01-28 22:02:15, Info                  CSI    00000342 [SR] Repair complete
    2015-01-28 22:02:15, Info                  CSI    00000343 [SR] Committing transaction
    2015-01-28 22:02:15, Info                  CSI    00000347 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
     


    • 0

    #9
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 28/01/2015 10:24:36 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 29/01/2015 2:47:35 AM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load:  MpFilter spldr SRTSP SRTSPX Wanarpv6

    Log: 'System' Date/Time: 29/01/2015 2:47:35 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

    Log: 'System' Date/Time: 29/01/2015 2:47:35 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

    Log: 'System' Date/Time: 29/01/2015 2:46:42 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Log: 'System' Date/Time: 29/01/2015 2:46:42 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

    Log: 'System' Date/Time: 29/01/2015 2:46:39 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

    Log: 'System' Date/Time: 29/01/2015 2:46:38 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Log: 'System' Date/Time: 29/01/2015 2:46:28 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    Log: 'System' Date/Time: 29/01/2015 2:46:14 AM
    Type: Error Category: 0
    Event: 3002 Source: Microsoft Antimalware
    Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.      Feature: On Access      Error Code: 0x8007043c      Error description: This service cannot be started in Safe Mode       Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 29/01/2015 2:46:15 AM
    Type: Warning Category: 0
    Event: 263 Source: PlugPlayManager
    The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

    Log: 'System' Date/Time: 29/01/2015 2:45:07 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.
     


    • 0

    #10
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 28/01/2015 10:27:53 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 29/01/2015 2:53:25 AM
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 29/01/2015 2:53:25 AM
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Log: 'Application' Date/Time: 29/01/2015 2:47:35 AM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Log: 'Application' Date/Time: 29/01/2015 2:46:38 AM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 29/01/2015 2:46:22 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 29/01/2015 2:45:06 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 29/01/2015 2:45:05 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
     


    • 0

    Advertisements


    #11
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Note: I had to run a lot of this in safe mode to even get it to run.


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Did I miss the Speccy log?

     

    It appears that Microsoft Security Essentials is sick.  It's not worth much so download the free Avast:

     

    http://files.avast.c...virus_setup.exe

     

    Save the file.  Uninstall Microsoft Security Essentials and then reboot.  Right click on the saved file and Run As Admin.  (Register when it asks you - they will try to talk you in to buying the full product but the free (basic) version is what we want.)

     

     

     
    Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
     
    The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free.
     
    Ron

    • 0

    #13
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    I'm sorry, I could have sworn I had attached it to the post with process explorer. Apparently there was a pebkac error (type ID10T). Should be attached now. Maybe even twice.

     

    Working on fixes as recommended.

     

    Thanks again for your help.

     

    Attached File  speccy HPMEDIA-PC.txt   218.96KB   126 downloads


    Edited by Chucklebun, 28 January 2015 - 10:39 PM.

    • 0

    #14
    Chucklebun

    Chucklebun

      Member

    • Topic Starter
    • Member
    • PipPip
    • 91 posts

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
    Ran by Goblin at 2015-01-28 23:24:36 Run:1
    Running from C:\Users\Goblin\Desktop
    Loaded Profiles: Goblin (Available profiles: Goblin)
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKLM-x32 -> DefaultScope {92733719-8085-42C7-AA36-0FA1EF22A58D} URL =
    S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
    S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

    *****************

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    Norton Internet Security => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NAVENG => Service deleted successfully.
    NAVEX15 => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    SRTSP => Service deleted successfully.
    SRTSPX => Service deleted successfully.

    ==== End of Fixlog 23:24:36 ====

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
    Ran by Goblin (administrator) on HPMEDIA-PC on 28-01-2015 23:26:51
    Running from C:\Users\Goblin\Desktop
    Loaded Profiles: Goblin (Available profiles: Goblin)
    Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-10-06] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
    HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
    HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
    HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    SearchScopes: HKLM -> DefaultScope {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://search.live.c...ms}&FORM=HPDTDF
    SearchScopes: HKLM -> {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://search.live.c...ms}&FORM=HPDTDF
    SearchScopes: HKLM -> {D7224172-D300-41D8-8655-8905A8DC1F7B} URL = http://www.ask.com/w...}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2326032851-1019442383-1985811652-1000 -> DefaultScope {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2326032851-1019442383-1985811652-1000 -> {92733719-8085-42C7-AA36-0FA1EF22A58D} URL = http://www.bing.com/...rc=IE-SearchBox
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKU\S-1-5-21-2326032851-1019442383-1985811652-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Extension: NoScript - C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-13]
    FF Extension: StumbleUpon - C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-09-23]
    FF Extension: Adblock Plus - C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\e2wholh0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-12]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)
    S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
    S2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
    S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 23:26 - 2015-01-28 23:27 - 00010746 _____ () C:\Users\Goblin\Desktop\FRST.txt
    2015-01-28 23:24 - 2015-01-28 23:24 - 00000000 ____D () C:\Users\Goblin\Desktop\FRST-OlderVersion
    2015-01-28 23:22 - 2015-01-28 23:22 - 00000000 ____D () C:\Users\Goblin\Desktop\geeks2go logs (old)
    2015-01-28 23:20 - 2015-01-28 23:21 - 132469808 _____ (AVAST Software) C:\Users\Goblin\Downloads\avast_free_antivirus_setup.exe
    2015-01-28 22:24 - 2015-01-28 22:27 - 00002607 _____ () C:\VEW.txt
    2015-01-27 19:52 - 2015-01-28 23:27 - 00000000 ____D () C:\FRST
    2015-01-27 19:46 - 2015-01-27 19:46 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-27 18:37 - 2015-01-27 18:47 - 00000000 ____D () C:\AdwCleaner
    2015-01-27 18:26 - 2015-01-27 18:26 - 00061440 _____ ( ) C:\Users\Goblin\Desktop\VEW.exe
    2015-01-27 18:25 - 2015-01-27 18:25 - 00061440 _____ ( ) C:\Users\Goblin\Downloads\VEW.exe
    2015-01-27 18:14 - 2015-01-27 18:14 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Goblin\Desktop\procexp.exe
    2015-01-27 18:01 - 2015-01-27 18:05 - 05135288 _____ (Piriform Ltd) C:\Users\Goblin\Desktop\spsetup128.exe
    2015-01-27 17:49 - 2015-01-28 23:24 - 02130432 _____ (Farbar) C:\Users\Goblin\Desktop\FRST64.exe
    2015-01-27 17:47 - 2015-01-27 17:47 - 01707939 _____ (Thisisu) C:\Users\Goblin\Desktop\JRT.exe
    2015-01-27 17:44 - 2015-01-27 17:37 - 02194432 _____ () C:\Users\Goblin\Desktop\AdwCleaner.exe
    2015-01-27 17:36 - 2015-01-27 17:37 - 02194432 _____ () C:\Users\Goblin\Downloads\AdwCleaner.exe
    2015-01-27 14:15 - 2015-01-27 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-20 23:02 - 2015-01-20 23:02 - 00602112 _____ (OldTimer Tools) C:\Users\Goblin\Downloads\OTL.exe
    2015-01-20 23:02 - 2015-01-20 23:02 - 00602112 _____ (OldTimer Tools) C:\Users\Goblin\Desktop\OTL.exe
    2015-01-15 16:22 - 2015-01-15 16:22 - 00000680 _____ () C:\Users\Goblin\AppData\Local\d3d9caps.dat
    2015-01-13 22:38 - 2014-12-18 19:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 22:38 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-13 22:38 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 22:38 - 2014-12-05 21:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 22:38 - 2014-12-05 21:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 22:38 - 2014-12-05 21:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-10 17:47 - 2015-01-10 17:47 - 00000000 ____D () C:\Users\Public\CyberLink
    2015-01-10 17:47 - 2015-01-10 17:47 - 00000000 ____D () C:\Users\Goblin\AppData\Roaming\CyberLink
    2015-01-10 17:29 - 2015-01-10 17:29 - 00000000 ____D () C:\Users\Goblin\Downloads\Windows Vista x32 Editions
    2015-01-10 10:43 - 2015-01-10 10:43 - 00000000 ____D () C:\Users\Goblin\Documents\Aperture science camera files

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 23:19 - 2006-11-02 07:46 - 00007042 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-28 23:13 - 2006-11-02 10:42 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-28 23:13 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-28 23:13 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 23:13 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 19:01 - 2014-09-21 23:43 - 01524082 _____ () C:\Windows\WindowsUpdate.log
    2015-01-28 19:00 - 2008-11-25 02:11 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
    2015-01-28 18:53 - 2014-09-24 16:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-28 18:21 - 2014-09-24 16:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-28 18:21 - 2014-09-24 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-28 18:21 - 2014-09-24 16:42 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-28 17:45 - 2014-12-20 12:17 - 00007680 _____ () C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-27 17:43 - 2014-09-23 17:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-27 13:58 - 2014-11-04 21:08 - 00000000 ____D () C:\Users\Goblin\AppData\Roaming\HpUpdate
    2015-01-20 23:10 - 2014-11-28 12:18 - 00000000 ____D () C:\Users\Goblin\AppData\Roaming\uTorrent
    2015-01-19 11:12 - 2014-12-22 13:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-13 22:38 - 2014-09-21 22:23 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-13 22:34 - 2006-11-02 07:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-01-10 17:47 - 2008-11-25 01:42 - 00000000 ____D () C:\ProgramData\CyberLink
    2015-01-10 10:21 - 2006-11-02 10:27 - 00141442 _____ () C:\Windows\setupact.log
    2014-12-31 06:14 - 2014-09-21 20:33 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-29 10:03 - 2014-09-24 16:42 - 00000000 ____D () C:\Users\Goblin\AppData\Local\Adobe

    ==================== Files in the root of some directories =======

    2015-01-15 16:22 - 2015-01-15 16:22 - 0000680 _____ () C:\Users\Goblin\AppData\Local\d3d9caps.dat
    2014-09-21 20:05 - 2014-09-21 20:16 - 0000732 _____ () C:\Users\Goblin\AppData\Local\d3d9caps64.dat
    2014-12-20 12:17 - 2015-01-28 17:45 - 0007680 _____ () C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-23 16:24 - 2014-09-23 16:24 - 0467548 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistMSI3363.txt
    2014-09-23 16:24 - 2014-09-23 16:24 - 0471872 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistMSI33AF.txt
    2014-09-23 16:24 - 2014-09-23 16:24 - 0014266 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistUI3363.txt
    2014-09-23 16:24 - 2014-09-23 16:24 - 0014314 _____ () C:\Users\Goblin\AppData\Local\dd_vcredistUI33AF.txt

    Files to move or delete:
    ====================
    C:\Users\Public\AMIDST-3.7.exe


    Some content of TEMP:
    ====================
    C:\Users\Goblin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Goblin\AppData\Local\Temp\Quarantine.exe
    C:\Users\Goblin\AppData\Local\Temp\sqlite3.dll
    C:\Users\Goblin\AppData\Local\Temp\user32.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-28 22:01

    ==================== End Of Log ============================

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
    Ran by Goblin at 2015-01-28 23:27:49
    Running from C:\Users\Goblin\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
    Hauppauge MCE XP/Vista Software Encoder (2.0.26268) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.26268 - Hauppauge Computer Works, Inc.)
    HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM-x32\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
    HP Demo (HKLM-x32\...\{F827B95C-1BF5-43B4-9E26-CDC596ECE3AE}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.7.0 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2213 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
    HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
    HP Total Care Setup (HKLM-x32\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.0904 - CyberLink Corp.) Hidden
    LightScribe System Software  1.14.25.1 (HKLM-x32\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
    LightScribe Template Labeler (HKLM-x32\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM-x32\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    muvee Reveal (HKLM-x32\...\{5DBCC860-02F1-182F-7528-42B8ED9E4C5C}) (Version: 7.0.35.7315 - muvee Technologies Pte Ltd)
    My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
    NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
    PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.2202 - CyberLink Corp.) Hidden
    Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
    SoftMCE Encoder (x32 Version: 2.0.26268 - Hauppauge Computer Works) Hidden
    SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    21-01-2015 02:47:08 Scheduled Checkpoint
    27-01-2015 13:58:14 Windows Update
    27-01-2015 21:05:10 OTL Restore Point - 1/27/2015 9:05:10 PM

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1             localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {65B46FB9-8AEA-419B-A421-D5CE19DD4730} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated)
    Task: {B81D6D70-1303-4648-89E7-A6B0708D5FF7} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
    Task: {C09450A7-B062-4984-BB69-136A2E7314EF} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
    Task: {E2A0F342-C3EC-4002-AAF6-9224405554D3} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-27 14:15 - 2015-01-27 14:16 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2326032851-1019442383-1985811652-500 - Administrator - Disabled)
    Goblin (S-1-5-21-2326032851-1019442383-1985811652-1000 - Administrator - Enabled) => C:\Users\Goblin
    Guest (S-1-5-21-2326032851-1019442383-1985811652-501 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Consumer IR Devices
    Description: Consumer IR Devices
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: circlass
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/28/2015 11:19:47 PM) (Source: LoadPerf) (EventID: 3011) (User: )
    Description: WmiApRplWmiApRpl8

    Error: (01/28/2015 11:19:47 PM) (Source: LoadPerf) (EventID: 3012) (User: )
    Description: Performance16

    Error: (01/28/2015 11:16:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/28/2015 11:15:43 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (01/28/2015 09:53:25 PM) (Source: LoadPerf) (EventID: 3011) (User: )
    Description: WmiApRplWmiApRpl8

    Error: (01/28/2015 09:53:25 PM) (Source: LoadPerf) (EventID: 3012) (User: )
    Description: Performance16

    Error: (01/28/2015 09:47:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/28/2015 09:46:38 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


    System errors:
    =============
    Error: (01/28/2015 11:22:21 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (01/28/2015 11:22:09 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

    Error: (01/28/2015 11:16:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: MpFilter
    spldr
    SRTSP
    SRTSPX
    Wanarpv6

    Error: (01/28/2015 11:16:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31

    Error: (01/28/2015 11:16:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Computer BrowserServer%%1068

    Error: (01/28/2015 11:15:48 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (01/28/2015 11:15:44 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

    Error: (01/28/2015 11:15:43 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (01/28/2015 11:15:35 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (01/28/2015 11:15:21 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: %%860 Real-Time Protection feature has encountered an error and failed.

        Feature: %%834

        Error Code: 0x8007043c

        Error description: This service cannot be started in Safe Mode

        Reason: %%858


    Microsoft Office Sessions:
    =========================
    Error: (01/28/2015 11:19:47 PM) (Source: LoadPerf) (EventID: 3011) (User: )
    Description: WmiApRplWmiApRpl8

    Error: (01/28/2015 11:19:47 PM) (Source: LoadPerf) (EventID: 3012) (User: )
    Description: Performance16

    Error: (01/28/2015 11:16:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/28/2015 11:15:43 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (01/28/2015 09:53:25 PM) (Source: LoadPerf) (EventID: 3011) (User: )
    Description: WmiApRplWmiApRpl8

    Error: (01/28/2015 09:53:25 PM) (Source: LoadPerf) (EventID: 3012) (User: )
    Description: Performance16

    Error: (01/28/2015 09:47:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/28/2015 09:46:38 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


    CodeIntegrity Errors:
    ===================================
      Date: 2014-09-22 17:47:26.975
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.910
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.842
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.775
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-09-22 17:47:26.678
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.291
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.272
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.250
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

      Date: 2008-11-25 02:11:57.226
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
    Percentage of memory in use: 13%
    Total physical RAM: 8190.33 MB
    Available physical RAM: 7062.38 MB
    Total Pagefile: 16431.7 MB
    Available Pagefile: 15565.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:685.08 GB) (Free:623.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.56 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=685.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    What make and model is the PC?

     

    So far no smoking gun.  Some errors on the hard drive:

     

    Attribute name Read Error Rate
    Real value 0
    Current 84
    Worst 82
    Threshold 6
    Raw Value 0007A59980
    Status Good
     
    Attribute name Reallocated Sectors Count
    Real value 64
    Current 100
    Worst 100
    Threshold 36
    Raw Value 0000000040
    Status Good
    07
    Attribute name Seek Error Rate
    Real value 0
    Current 75
    Worst 60
    Threshold 30
    Raw Value 0023935551
    Status Good
     
    Probably would be a good idea to do a disk check if we haven't already done one:
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     

     

     

     

    Hopefully you get Avast installed before you go to bed.  While you sleep it would be a good idea to let it try to do a boot-time scan.  This can take 6 hours or longer and if it's really slow it may still be running when you get up.

     

    How to do a boot-time scan while you sleep:
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
    Bedtime for me.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP