Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Chrome Install Infection

Started by chosen072 , Feb 18 2015 03:33 PM

Page 3 of 5
1
2
3
4
5

Please log in to reply

#31
chosen072

Posted 22 February 2015 - 10:25 AM

Member

Topic Starter
Member
94 posts

I'm not finding the FRST list to download

#32
RKinner

Posted 22 February 2015 - 10:47 AM

Malware Expert

Expert
24,625 posts

Sorry.

#33
chosen072

Posted 22 February 2015 - 11:45 AM

Member

Topic Starter
Member
94 posts

np, tyvm

Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-02-2015
Ran by Chosen072 at 2015-02-22 12:36:40 Run:5
Running from C:\Users\Chosen072\Desktop
Loaded Profiles: Chosen072 (Available profiles: Chosen072 & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
CMD: netsh winsock reset

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => Key deleted successfully.

========= netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog 12:36:43 ====

#34
chosen072

Posted 22 February 2015 - 11:46 AM

Member

Topic Starter
Member
94 posts

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Chosen072 (administrator) on ROBINS-LT on 22-02-2015 12:37:25
Running from C:\Users\Chosen072\Desktop
Loaded Profiles: Chosen072 (Available profiles: Chosen072 & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung) C:\Program Files\SAMSUNG\Kies\Kies.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [349240 2010-01-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2015-01-16] (The Nielsen Company)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Run: [Amazon Cloud Player] => C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah...xplorer/welcome
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-984307550-3928441585-2128114710-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-984307550-3928441585-2128114710-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-984307550-3928441585-2128114710-1000 -> {6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035} URL = http://www.amazon.co...de=ur2&ie=UTF-8
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-984307550-3928441585-2128114710-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-984307550-3928441585-2128114710-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chosen072\AppData\Roaming\Mozilla\Firefox\Profiles\hf9gv40m.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-984307550-3928441585-2128114710-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Chosen072\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-984307550-3928441585-2128114710-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Chosen072\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-984307550-3928441585-2128114710-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-984307550-3928441585-2128114710-1000: @talk.google.com/O1DPlugin -> C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-984307550-3928441585-2128114710-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-984307550-3928441585-2128114710-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chosen072\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Chosen072\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-03-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-03-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected]
FF Extension: Nielsen NetSight - C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] [2015-02-22]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-12-09]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext
FF HKU\S-1-5-20\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext
FF HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Chosen072\Program Files\DNA
FF Extension: DNA - C:\Users\Chosen072\Program Files\DNA [2008-10-26]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKU\S-1-5-21-984307550-3928441585-2128114710-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CHOSEN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-02-15] (Adobe Systems) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-01] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2934496 2015-01-16] (The Nielsen Company)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 atapi; C:\Windows\System32\Drivers\tsk_atapi.sys [19944 2009-12-16] () [File not signed]
S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [67840 2009-07-16] (Option N.V.)
S3 GTUHSNDISIPXP; C:\Windows\System32\DRIVERS\gtuhs51.sys [107776 2009-07-16] (Option N.V.)
S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2009-07-16] (Option N.V.)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKslc55cb098; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{212D2248-193A-46AF-BD0E-037CEB295A6E}\MpKslc55cb098.sys [39464 2015-02-22] (Microsoft Corporation)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter2\nnfwdk.sys [23264 2015-01-16] (The Nielsen Company)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2010-09-28] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CHOSEN~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 12:36 - 2015-02-22 12:36 - 00000000 ____D () C:\Users\Chosen072\Desktop\FRST-OlderVersion
2015-02-22 01:26 - 2015-02-22 01:27 - 00052170 _____ () C:\Users\Chosen072\Desktop\Result.txt
2015-02-22 01:22 - 2015-02-22 01:22 - 00401920 _____ (Farbar) C:\Users\Chosen072\Desktop\MiniToolBox.exe
2015-02-21 16:31 - 2015-02-22 12:38 - 00024577 _____ () C:\Users\Chosen072\Desktop\FRST.txt
2015-02-20 21:13 - 2015-02-20 21:42 - 00000000 ____D () C:\ComboFix
2015-02-20 10:19 - 2015-02-20 22:05 - 00000000 ____D () C:\Users\Chosen072\Desktop\Virus Log
2015-02-20 09:28 - 2015-02-20 09:28 - 00000000 _____ () C:\extensions.sqlite
2015-02-20 04:08 - 2015-02-22 12:37 - 00000000 ____D () C:\FRST
2015-02-20 04:05 - 2015-02-22 12:36 - 01126912 _____ (Farbar) C:\Users\Chosen072\Desktop\FRST.exe
2015-02-19 17:10 - 2015-02-19 17:10 - 01388274 _____ (Thisisu) C:\Users\Chosen072\Desktop\JRT.exe
2015-02-19 16:34 - 2015-02-19 17:04 - 00000000 ____D () C:\AdwCleaner
2015-02-19 16:32 - 2015-02-19 16:32 - 02126848 _____ () C:\Users\Chosen072\Desktop\AdwCleaner.exe
2015-02-18 22:02 - 2015-02-18 22:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Chosen072\Desktop\tdsskiller.exe
2015-02-18 17:20 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-18 17:20 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-18 17:20 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-18 17:20 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-18 17:20 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-18 17:20 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-18 17:20 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-18 17:20 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-18 17:06 - 2015-02-18 17:07 - 05198336 _____ (AVAST Software) C:\Users\Chosen072\Desktop\aswMBR.exe
2015-02-18 17:05 - 2015-02-18 17:05 - 05611903 ____R (Swearware) C:\Users\Chosen072\Desktop\ComboFix.exe
2015-02-18 14:57 - 2015-02-18 14:58 - 00000000 ____D () C:\Users\Chosen072\Desktop\Images
2015-02-17 16:20 - 2015-02-21 16:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 16:19 - 2015-02-17 16:19 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 16:19 - 2015-02-17 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 16:19 - 2015-02-17 16:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-17 16:19 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 16:19 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 16:03 - 2015-02-17 16:03 - 00000000 ____D () C:\ProgramData\Unchecky
2015-02-17 13:54 - 2015-02-17 13:54 - 00000000 ____D () C:\Users\Chosen072\Documents\2015 Tax Return
2015-02-17 10:49 - 2015-01-22 22:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 10:49 - 2015-01-22 21:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-16 17:00 - 2015-02-20 09:36 - 00022177 _____ () C:\Windows\setupact.log
2015-02-16 17:00 - 2015-02-16 17:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-13 12:34 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 12:33 - 2015-01-08 19:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 12:31 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 12:19 - 2015-01-14 23:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-13 12:12 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 09:21 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 09:21 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 09:21 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 09:21 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 09:21 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 09:21 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 09:21 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 09:21 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 09:21 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 09:21 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 09:21 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 09:21 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 09:21 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 09:21 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 09:21 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 09:21 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 09:20 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 09:20 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 09:20 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 09:20 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-09 11:31 - 2015-02-09 11:31 - 02842624 _____ () C:\Users\Chosen072\Downloads\SmartApp.msi
2015-01-27 11:55 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 17:31 - 2015-01-26 17:31 - 00000662 _____ () C:\Users\Chosen072\Desktop\health care info.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 12:12 - 2013-02-08 10:50 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 12:05 - 2014-02-07 23:00 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-02-22 11:49 - 2012-12-29 12:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-22 11:44 - 2014-11-16 13:32 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000UA.job
2015-02-22 11:21 - 2013-02-14 18:09 - 01864651 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 11:21 - 2006-11-02 05:33 - 00762866 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 11:19 - 2013-02-09 07:33 - 00000000 ___RD () C:\Users\Chosen072\Google Drive
2015-02-22 11:18 - 2013-08-09 21:15 - 00000005 _____ () C:\Windows\Twain001.Mtx
2015-02-22 11:17 - 2014-07-12 05:06 - 00000217 _____ () C:\Windows\TWAIN.LOG
2015-02-22 11:17 - 2013-08-09 21:15 - 00000156 _____ () C:\Windows\Twunk001.MTX
2015-02-22 11:17 - 2009-02-16 04:35 - 00178663 _____ () C:\ProgramData\nvModes.001
2015-02-22 11:16 - 2009-02-16 04:35 - 00178663 _____ () C:\ProgramData\nvModes.dat
2015-02-22 11:16 - 2007-08-04 22:04 - 00000000 ____D () C:\Windows\SMINST
2015-02-22 11:15 - 2010-03-06 22:54 - 00000021 _____ () C:\Users\Public\Documents\hpqp.txt
2015-02-22 11:14 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 11:14 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 11:13 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 23:05 - 2014-02-07 23:00 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-02-21 22:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-21 17:28 - 2010-08-31 14:06 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-21 17:28 - 2006-11-02 08:01 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-21 16:14 - 2010-06-01 08:20 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-21 05:30 - 2012-07-18 09:18 - 00000000 ____D () C:\Users\Chosen072\AppData\Local\Firestorm
2015-02-21 03:55 - 2014-08-16 03:39 - 00023722 _____ () C:\Windows\PFRO.log
2015-02-20 21:38 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-20 21:12 - 2012-02-20 07:41 - 00002229 _____ () C:\Windows\epplauncher.mif
2015-02-20 15:51 - 2012-04-09 10:22 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000Core.job
2015-02-20 12:36 - 2008-01-30 02:47 - 00000000 ____D () C:\Users\Chosen072
2015-02-20 10:58 - 2014-05-30 18:14 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForChosen072.job
2015-02-19 16:57 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2015-02-19 16:42 - 2010-03-15 06:48 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-19 13:49 - 2008-01-30 22:34 - 00000000 ____D () C:\Users\Chosen072\AppData\Local\Adobe
2015-02-18 21:59 - 2012-05-14 14:26 - 00000512 _____ () C:\Users\Chosen072\Desktop\MBR.dat
2015-02-18 17:20 - 2012-05-15 05:34 - 00000000 ____D () C:\Qoobox
2015-02-17 16:19 - 2009-08-14 11:47 - 00000000 ____D () C:\Users\Chosen072\AppData\Roaming\Malwarebytes
2015-02-17 16:19 - 2009-08-14 11:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 17:30 - 2006-11-02 07:47 - 01822992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 15:43 - 2014-11-19 10:32 - 00000000 ____D () C:\Users\Chosen072\Documents\Mom's Inc
2015-02-13 13:22 - 2013-08-08 22:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 12:35 - 2010-05-17 02:16 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 12:34 - 2007-08-04 21:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 12:19 - 2012-05-15 18:35 - 00001788 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 12:17 - 2012-05-15 18:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-09 11:48 - 2008-03-16 14:05 - 00000680 _____ () C:\Users\Chosen072\AppData\Local\d3d9caps.dat
2015-02-05 03:07 - 2013-02-08 10:50 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 15:49 - 2012-04-12 07:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 15:49 - 2012-02-21 08:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-02 13:11 - 2008-06-13 09:19 - 00000000 ____D () C:\Users\Chosen072\AppData\Roaming\Mozilla
2015-01-29 14:36 - 2013-02-09 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 14:24 - 2013-03-23 08:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2008-08-12 07:11 - 2009-07-07 13:21 - 0870128 _____ () C:\Users\Chosen072\AppData\Roaming\mcs.rma
2008-01-30 11:03 - 2009-02-15 18:04 - 0027715 _____ () C:\Users\Chosen072\AppData\Roaming\nvModes.001
2008-01-30 07:14 - 2008-10-09 16:24 - 0027715 _____ () C:\Users\Chosen072\AppData\Roaming\nvModes.dat
2009-07-26 11:36 - 2009-10-04 18:29 - 0007887 _____ () C:\Users\Chosen072\AppData\Roaming\pcouffin.cat
2009-07-26 11:36 - 2009-10-04 18:29 - 0001144 _____ () C:\Users\Chosen072\AppData\Roaming\pcouffin.inf
2009-07-26 11:38 - 2009-10-04 18:29 - 0000033 _____ () C:\Users\Chosen072\AppData\Roaming\pcouffin.log
2009-07-26 11:36 - 2009-10-04 18:29 - 0047360 _____ (VSO Software) C:\Users\Chosen072\AppData\Roaming\pcouffin.sys
2009-12-10 16:13 - 2009-12-10 16:29 - 0000035 _____ () C:\Users\Chosen072\AppData\Roaming\SetValue.bat
2008-01-30 06:14 - 2008-02-25 13:51 - 0031007 _____ () C:\Users\Chosen072\AppData\Roaming\UserTile.png
2009-10-04 06:28 - 2009-10-04 06:28 - 63073179 _____ (F.A.S ® ) C:\Users\Chosen072\AppData\Roaming\Virtual_DJ_Setup.exe
2008-01-31 05:02 - 2012-04-11 16:06 - 0003770 _____ () C:\Users\Chosen072\AppData\Roaming\wklnhst.dat
2008-01-30 02:58 - 2008-01-30 02:58 - 0000000 _____ () C:\Users\Chosen072\AppData\Local\AtStart.txt
2008-03-16 14:05 - 2015-02-09 11:48 - 0000680 _____ () C:\Users\Chosen072\AppData\Local\d3d9caps.dat
2008-01-30 11:21 - 2015-01-13 17:26 - 0109056 _____ () C:\Users\Chosen072\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-01-30 02:58 - 2008-01-30 02:58 - 0000000 _____ () C:\Users\Chosen072\AppData\Local\DSwitch.txt
2008-01-30 02:58 - 2008-01-30 02:58 - 0000000 _____ () C:\Users\Chosen072\AppData\Local\QSwitch.txt
2008-03-04 11:30 - 2008-03-04 11:30 - 0000000 _____ () C:\Users\Chosen072\AppData\Local\rx_image.Cache
2013-08-28 05:04 - 2013-09-06 18:28 - 0000072 _____ () C:\Users\Chosen072\AppData\Local\slurlproxy.csv
2009-09-09 18:06 - 2009-09-09 18:06 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2007-08-04 21:43 - 2010-08-23 15:29 - 0009322 _____ () C:\ProgramData\hpzinstall.log
2008-04-09 20:37 - 2008-04-09 20:47 - 0014958 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2009-02-16 04:35 - 2015-02-22 11:17 - 0178663 _____ () C:\ProgramData\nvModes.001
2009-02-16 04:35 - 2015-02-22 11:16 - 0178663 _____ () C:\ProgramData\nvModes.dat

Some zero byte size files/folders:
==========================
C:\Windows\System32\tcpmon.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-22 11:26

==================== End Of Log ============================

Addition Log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by Chosen072 at 2015-02-22 12:39:47
Running from C:\Users\Chosen072\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.00.15.58233 - ABBYY) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 8.2.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.5 - Adobe Systems Incorporated)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Amazon Cloud Player (HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Kindle (HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
C4200 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
C4200_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
c4200_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.36 - Piriform)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.61 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DNA (HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Firebird 2.5.0.26074 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
Firestorm-Release (remove only) (HKLM\...\Firestorm-Release) (Version: 4.4.2.34167 - The Phoenix Firestorm Project, Inc.)
FlipShare (HKLM\...\{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}) (Version: 5.10.25.0 - Flip Video)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2278 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2279 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{B09BCBF6-87EE-4403-A336-3A9510856535}) (Version: 9.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 4.0.0011 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 112.200.19110 - Hewlett-Packard)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Total Care Advisor (HKLM\...\{F6B29003-A078-4491-AFBE-62EFB6CFFE19}) (Version: 1.1.19 - Hewlett-Packard)
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HP User Guides 0056 (HKLM\...\{5AB56552-6938-4686-9F87-DB0ED8D1E06B}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H3 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
InstantShareDevicesMFC (Version: 90.0.146.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051F0}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LightScribe 1.6.43.1 (Version: 1.6.43.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0503 - WildTangent)
MyFreeCodec (HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\MyFreeCodec) (Version: - )
Nielsen (HKLM\...\NetSight) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 5.6.4 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8AAB4176-A747-493A-A42C-B63CFADFD8E3}) (Version: 9.09.0010 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Outlook Setup Tool (HKLM\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_ProductContext (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PS_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
SAM Broadcaster v4 (HKLM\...\SAM3) (Version: v4 - Spacial Audio Solutions, LLC)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
Software Updater (HKLM\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UserTesting.com Recorder Plugin (HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\UserTestingPlugin) (Version: - UserTesting.com)
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
VirtualDJ Broadcaster (HKLM\...\{7B5B18A3-9FF8-4387-91D6-D8DE78CFFE12}) (Version: 7.4 - Atomix Productions)
VLC media player 1.0.0 (HKLM\...\VLC media player) (Version: 1.0.0 - VideoLAN Team)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.62.0 - Verizon)
VzDownloadManager (HKU\S-1-5-21-984307550-3928441585-2128114710-1000\...\VzDownloadManager) (Version: 2.0.0.2 - Verizon)
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.5.1.1 - AOL LLC) <==== ATTENTION
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WONswap (HKLM\...\WONswap) (Version: - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Chosen072\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Chosen072\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{9788FDD8-F21B-E1F2-1C9D-2A2380EFCB96}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{a3c6dafc-e193-42fc-adca-5316b5d6d653}\InprocServer32 -> C:\Users\Chosen072\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Chosen072\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{C4987136-80E4-92F6-FBB6-EF5BE1F6A7AC}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{C770960D-95BA-0951-C453-F60C40266C3F}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-984307550-3928441585-2128114710-1000_Classes\CLSID\{FD8C4664-A2D4-97EC-185D-875E454333FE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points =========================

13-02-2015 11:56:32 Windows Update
16-02-2015 08:28:02 Windows Update
18-02-2015 09:09:12 Windows Update
19-02-2015 00:31:38 Scheduled Checkpoint
19-02-2015 03:00:18 Windows Update
20-02-2015 13:50:41 Scheduled Checkpoint
21-02-2015 03:00:16 Windows Update
21-02-2015 16:13:12 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-05-15 06:01 - 2015-02-19 13:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D69FE1A-7FE4-4084-B6C4-8A880FD6DD88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: {0E95231E-B288-4292-B9AF-4C23FD2C36B5} - System32\Tasks\{0F095141-D75E-459B-95EF-83942A1842A7} => pcalua.exe -a "C:\Users\Chosen072\Downloads\Atomix Virtual DJ Pro 6.0\setup.exe" -d "C:\Users\Chosen072\Downloads\Atomix Virtual DJ Pro 6.0"
Task: {103839E0-F72B-40F3-BE9D-F7C1D8C74359} - System32\Tasks\{C1C84823-A1BE-4D7C-ABEF-A2B3DB42B587} => pcalua.exe -a C:\Users\Chosen072\Desktop\nhcMediaPlugin-Installer.exe -d C:\Users\Chosen072\Desktop
Task: {19924BC8-9B82-4DCA-A520-92D34DD1E1EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000Core => C:\Users\Chosen072\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09] (Google Inc.)
Task: {21E9C09A-9845-4BCC-A42A-8AB664FB4B6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000UA => C:\Users\Chosen072\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09] (Google Inc.)
Task: {25EBCBB4-13FF-445F-BB52-9150E8AB4BF7} - System32\Tasks\Orb Startup => C:\Program Files\Winamp Remote\bin\orbtray.exe
Task: {262F7EEB-F90A-46FD-B879-9BEB74B3B240} - System32\Tasks\{4CB04913-6768-4B55-853E-483C56B0C44A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.EXE" -c -runfromtemp -l0x0409 -EPSON -removeonly
Task: {31B09CCC-3C11-45CE-9441-A8C36675378A} - System32\Tasks\HPCeeScheduleForChosen072 => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23] (Hewlett-Packard)
Task: {5407EF90-BAB3-4641-AE1A-D1AE4CE373B5} - System32\Tasks\{D31CDB85-45EA-4195-B85F-24D53EFCF352} => pcalua.exe -a C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSLAE.EXE -c /R /APD /P:"EPSON XP-410 Series"
Task: {64EB0D92-F8E5-4DE8-81AD-02663C7D48FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {6C1B7075-3A3F-453B-A627-4A541EAAF93D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {73FF8D59-71EF-42E8-911C-28ED6D93F4E3} - System32\Tasks\Amazon Music Helper => C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2014-03-07] ()
Task: {76CE62FC-1A5E-491E-B8F4-8A01802D2497} - System32\Tasks\{75091578-6EEE-4D06-80B4-E4A4EA88331A} => pcalua.exe -a "C:\Users\Chosen072\Downloads\Sam Broadcaster 4 3 6 Full [h33t] [JollyRoger]\Setup\Upgrade.exe" -d "C:\Users\Chosen072\Downloads\Sam Broadcaster 4 3 6 Full [h33t] [JollyRoger]\Setup"
Task: {7D039164-45DE-45A8-B647-7C775B204249} - System32\Tasks\{4646508B-6CF3-467B-8A67-668603E8EACE} => pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {892316F1-417C-4415-83D3-4BED2628D477} - System32\Tasks\{08161B7B-10F7-4E5E-9D3D-377428172A7F} => pcalua.exe -a "C:\Program Files\Winamp\UninstWA.exe"
Task: {99B280BC-9BBB-462F-86CB-5277DEAF5011} - System32\Tasks\{C592BDA9-58CF-4BDB-A257-16CF988FE9AC} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {AFB1E514-54AF-48F3-98E4-DDE9BF4C7DB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BEB06856-A3C2-41A9-8983-C5F5ECC2B04F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: {C07E1EE2-4FB3-4EBF-A5D7-B491F8E3A780} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Chosen072 => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {C088B117-39A1-4FE8-99AF-59994133FE43} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {E2F5049F-8B3E-47F1-B202-04A219DD3D09} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {FC5CA52D-3277-4BFC-920D-3C075DC5309A} - System32\Tasks\{5B3EB5CC-A5FD-4FFC-8C96-F6DEAAFB0F89} => Iexplore.exe http://ui.skype.com/...fered-installed

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000Core.job => C:\Users\Chosen072\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000UA.job => C:\Users\Chosen072\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChosen072.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-15 12:31 - 2010-12-15 12:31 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-25 22:06 - 2010-10-25 22:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2010-12-15 12:31 - 2010-12-15 12:31 - 04300800 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2010-12-15 12:26 - 2010-12-15 12:26 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-25 22:23 - 2010-10-25 22:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-25 22:08 - 2010-10-25 22:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 22:23 - 2010-10-25 22:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-25 22:06 - 2010-10-25 22:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 06:34 - 2010-10-26 06:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-25 22:37 - 2010-10-25 22:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 11:49 - 2010-05-20 11:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2010-12-15 12:22 - 2010-12-15 12:22 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-25 22:06 - 2010-10-25 22:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 22:08 - 2010-10-25 22:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 22:23 - 2010-10-25 22:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 11:49 - 2010-05-20 11:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 07:47 - 2010-05-17 07:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2010-03-06 17:10 - 2007-12-19 19:28 - 00271760 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2010-03-06 17:10 - 2007-12-19 19:28 - 00251288 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2010-03-06 17:10 - 2007-12-19 19:28 - 00038184 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2010-03-06 17:10 - 2007-12-19 19:28 - 00112016 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2010-03-06 17:10 - 2007-12-19 19:28 - 00120208 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2010-03-06 17:10 - 2007-12-19 19:28 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2014-02-09 21:25 - 2014-03-07 15:39 - 03168576 _____ () C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2015-02-20 09:36 - 2015-01-16 09:34 - 00505344 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll
2015-01-22 12:28 - 2015-01-16 09:40 - 00504832 _____ () C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
2012-01-08 08:41 - 2012-01-08 08:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-06-20 00:45 - 2008-06-19 23:42 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2009-11-03 19:14 - 2009-11-03 19:14 - 00054272 _____ () C:\Program Files\Notepad++\NppShell_01.dll
2009-09-17 15:57 - 2009-04-11 01:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2015-02-21 17:20 - 2015-02-21 17:20 - 00182784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\d29bf4134c8df4833a65213d4687d6da\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-02-21 17:22 - 2015-02-21 17:22 - 14970880 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\592a6a31e27bffd0adeaff6f255f3892\Kies.Theme.ni.dll
2015-02-21 17:20 - 2015-02-21 17:20 - 01811456 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\5f365d00396e8a2f0442cef2639e01a3\Kies.UI.ni.dll
2015-02-21 17:20 - 2015-02-21 17:20 - 00077824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\845b9379476bb91db2881ebaff45255f\Kies.MVVM.ni.dll
2015-02-21 17:21 - 2015-02-21 17:21 - 00233472 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\de6a15348040911b2e63c8dbe3c77275\ASF_cSharpAPI.ni.dll
2010-03-06 17:09 - 2007-12-19 19:27 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2015-02-20 09:36 - 2015-01-16 09:35 - 00595968 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter2\npchromeinstaller.dll
2015-02-20 09:36 - 2015-01-16 09:35 - 00851968 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll
2015-02-20 09:36 - 2015-01-16 09:37 - 00150528 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsp1.dll
2015-02-20 09:36 - 2015-01-16 09:34 - 00228864 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsurvey.dll
2015-02-20 09:36 - 2015-01-16 09:34 - 00224768 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter2\npwmi.dll
2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2015-02-22 11:17 - 2015-02-22 11:17 - 00098816 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32api.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00110080 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\pywintypes27.dll
2015-02-22 11:17 - 2015-02-22 11:17 - 00364544 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\pythoncom27.dll
2015-02-22 11:17 - 2015-02-22 11:17 - 00045568 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\_socket.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 01160704 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\_ssl.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00320512 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32com.shell.shell.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00713216 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\_hashlib.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 01175040 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._core_.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00805888 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._gdi_.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00811008 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._windows_.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 01062400 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._controls_.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00735232 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._misc_.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00557056 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\pysqlite2._sqlite.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00128512 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\_elementtree.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00127488 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\pyexpat.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00087552 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\_ctypes.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00119808 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32file.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00108544 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32security.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00007168 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\hashobjs_ext.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00167936 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32gui.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00018432 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32event.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00038912 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32inet.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00011264 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32crypt.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00070656 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._html2.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00027136 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\_multiprocessing.pyd
2015-02-22 11:16 - 2015-02-22 11:17 - 00035840 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32process.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00686080 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\unicodedata.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00122368 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._wizard.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00024064 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32pipe.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00025600 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32pdh.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00525640 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\windows._lib_cacheinvalidation.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00010240 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\select.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00017408 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32profile.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00022528 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\win32ts.pyd
2015-02-22 11:17 - 2015-02-22 11:17 - 00078336 _____ () C:\Users\Chosen072\AppData\Local\temp\_MEI35562\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-984307550-3928441585-2128114710-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Chosen072^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Chosen072^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Chosen072\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: Jing => C:\Program Files\TechSmith\Jing\Jing.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Mobile Connectivity Suite => "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-984307550-3928441585-2128114710-500 - Administrator - Disabled)
Chosen072 (S-1-5-21-984307550-3928441585-2128114710-1000 - Administrator - Enabled) => C:\Users\Chosen072
Guest (S-1-5-21-984307550-3928441585-2128114710-501 - Limited - Disabled) => C:\Users\Guest

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #7
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 05:26:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20577

Error: (02/22/2015 05:26:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20577

Error: (02/22/2015 05:17:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2015 09:59:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHOSEN072\APPDATA\LOCAL\GOOGLE\DRIVE\USER_DEFAULT\SYNC_CONFIG.DB-WAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (02/21/2015 04:30:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHOSEN072\APPDATA\LOCAL\GOOGLE\DRIVE\USER_DEFAULT\SYNC_CONFIG.DB-WAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (02/21/2015 04:08:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHOSEN072\APPDATA\LOCAL\GOOGLE\DRIVE\USER_DEFAULT\SYNC_CONFIG.DB-WAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (02/21/2015 04:01:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHOSEN072\APPDATA\LOCAL\GOOGLE\DRIVE\USER_DEFAULT\SYNC_CONFIG.DB-WAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (02/21/2015 03:25:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140789

Error: (02/21/2015 03:25:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140789

Error: (02/21/2015 03:25:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/22/2015 11:16:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom

Error: (02/22/2015 11:16:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/22/2015 11:14:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (02/22/2015 11:13:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:53:02 AM on 2/22/2015 was unexpected.

Error: (02/22/2015 06:53:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000FlipShare Service

Error: (02/21/2015 10:03:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5

Error: (02/21/2015 10:02:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (02/21/2015 09:54:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom

Error: (02/21/2015 09:54:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/21/2015 09:52:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-02-22 12:39:21.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-22 12:39:20.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-22 12:39:19.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-22 12:39:18.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-22 12:39:17.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-22 12:39:16.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-22 12:39:15.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-22 12:39:14.149
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-21 16:59:11.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-21 16:59:10.434
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Turion™ 64 X2 Mobile Technology TL-58
Percentage of memory in use: 40%
Total physical RAM: 1982.18 MB
Available physical RAM: 1172.35 MB
Total Pagefile: 4206.8 MB
Available Pagefile: 3046.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.93 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:103.38 GB) (Free:5.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.79 GB) (Free:11.78 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:8.41 GB) (Free:1.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 1F29DFAF)
Partition 1: (Active) - (Size=103.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: C583B4DC)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#35
RKinner

Posted 22 February 2015 - 12:30 PM

Malware Expert

Expert
24,625 posts

Go back into msconfig and uncheck SpybotSD TeaTimer

Then Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode

* If it is not already set to do this, go to the Mode menu

select

Advanced Mode

* On the left hand side, click on Tools

* Then click on the Resident icon in the list

* Uncheck

Resident TeaTimer

and OK any prompts.

* Restart your computer

Then uninstall Spybot and have it unimmunize your system on its way out. I think it is causing the problems with winsock repair.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#36
chosen072

Posted 22 February 2015 - 02:27 PM

Member

Topic Starter
Member
94 posts

Text from notepad

#37
chosen072

Posted 22 February 2015 - 02:32 PM

Member

Topic Starter
Member
94 posts

VEW Log

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/02/2015 3:31:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/02/2015 7:32:11 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 22/02/2015 7:32:08 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 22/02/2015 7:31:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 22/02/2015 7:31:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 22/02/2015 7:31:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 22/02/2015 7:31:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 22/02/2015 7:28:26 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error: Access is denied.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/02/2015 7:32:15 PM
Type: Warning Category: 0
Event: 19 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error occurred. Error Source: Corrected Machine Check Error Type: Unknown Error Processor ID Valid: Yes Processor ID: 0x1 Bank Number: 3 Transaction Type: N/A Processor Participation: N/A Request Type: N/A Memory/Io: N/A Memory Hierarchy Level: N/A Timeout: N/A

Log: 'System' Date/Time: 22/02/2015 7:32:15 PM
Type: Warning Category: 0
Event: 19 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error occurred. Error Source: Corrected Machine Check Error Type: Unknown Error Processor ID Valid: Yes Processor ID: 0x1 Bank Number: 2 Transaction Type: N/A Processor Participation: N/A Request Type: N/A Memory/Io: N/A Memory Hierarchy Level: N/A Timeout: N/A

Log: 'System' Date/Time: 22/02/2015 7:28:53 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 22/02/2015 7:28:49 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

#38
RKinner

Posted 22 February 2015 - 06:56 PM

Malware Expert

Expert
24,625 posts

OK we have some work to do. First let's see if we can fix the SFC. Let's use OTL to look for another copy of tcpmon.dll. (the other file is normally screwed up since a recent MS update).

Also go back into msconfig and check everything or just tell it to do Normal Startup OK.

Copy the text in the code box by highlighting and Ctrl + c

 
/md5start
tcpmon.dll
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top

Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it to a reply.

#39
chosen072

Posted 22 February 2015 - 11:34 PM

Member

Topic Starter
Member
94 posts

OTL LOg

OTL logfile created on: 2/22/2015 9:12:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chosen072\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 30.33% Memory free
4.11 Gb Paging File | 2.67 Gb Available in Paging File | 64.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 5.19 Gb Free Space | 5.02% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 11.78 Gb Free Space | 10.54% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.35 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

Computer Name: ROBINS-LT | User Name: Chosen072 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/02/22 20:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.com
PRC - [2015/02/05 03:06:41 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2015/01/30 01:59:44 | 000,022,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2015/01/30 01:53:04 | 000,978,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2015/01/16 09:41:38 | 002,934,496 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
PRC - [2015/01/16 09:41:38 | 000,091,872 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
PRC - [2014/03/07 15:39:48 | 003,168,576 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/11/06 10:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 10:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files\SAMSUNG\Kies\Kies.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/31 11:16:30 | 001,057,920 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2012/02/29 16:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/02/29 16:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escsvc.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/09/17 10:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2010/09/17 10:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2015/02/21 22:26:29 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MOD - [2015/02/21 22:23:19 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\b14aecee3554afb0d099f8f5c8d19afc\System.Runtime.Remoting.ni.dll
MOD - [2015/02/21 17:22:13 | 014,970,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\592a6a31e27bffd0adeaff6f255f3892\Kies.Theme.ni.dll
MOD - [2015/02/21 17:21:44 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\de6a15348040911b2e63c8dbe3c77275\ASF_cSharpAPI.ni.dll
MOD - [2015/02/21 17:21:43 | 000,058,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3dfd58b4b22d4d58719f465a3392b0b1\Kies.Common.AllShare.ni.dll
MOD - [2015/02/21 17:20:43 | 002,164,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\38b280dc044bcdc1a034db4d0012296c\Kies.Common.Multimedia.ni.dll
MOD - [2015/02/21 17:20:36 | 000,182,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\d29bf4134c8df4833a65213d4687d6da\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2015/02/21 17:20:15 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\a4777dd3707ff8649c29eff356c45fae\Kies.Common.Util.ni.dll
MOD - [2015/02/21 17:20:12 | 001,715,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7f110177705a8d6c39685e4d5fc6ac51\Kies.Locale.ni.dll
MOD - [2015/02/21 17:20:10 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\845b9379476bb91db2881ebaff45255f\Kies.MVVM.ni.dll
MOD - [2015/02/21 17:20:09 | 001,811,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\5f365d00396e8a2f0442cef2639e01a3\Kies.UI.ni.dll
MOD - [2015/02/21 17:19:56 | 001,239,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\faf445d1a897035db4b8ce8f28d2d751\Kies.Interface.ni.dll
MOD - [2015/02/21 17:19:31 | 002,107,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\51db4489da8f5c8ed057eb5ad2c0441d\Kies.ni.exe
MOD - [2015/02/21 03:36:22 | 018,761,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\9f1f464b854d655c74c8cd4ee5b731bd\PresentationFramework.ni.dll
MOD - [2015/02/21 03:36:00 | 011,013,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\eb3ba0fe2449d7ca96b51f71b2061cf6\PresentationCore.ni.dll
MOD - [2015/02/21 03:35:23 | 001,873,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll
MOD - [2015/02/21 03:35:13 | 000,219,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\9bcbefb742496c55841dfcb21be24c6e\System.ServiceProcess.ni.dll
MOD - [2015/02/21 03:33:13 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll
MOD - [2015/02/21 03:32:59 | 003,945,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\61c8a838d217ea8b4f68bbf38172114f\WindowsBase.ni.dll
MOD - [2015/02/21 03:32:45 | 007,002,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\23d1162d1943c1b1d6c4fd7c6d8512d4\System.Core.ni.dll
MOD - [2015/02/21 03:32:28 | 000,972,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5a977e1f055b4f8f41da5d9142a1913c\System.Configuration.ni.dll
MOD - [2015/02/21 03:31:55 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2015/01/16 09:40:00 | 000,504,832 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2015/01/16 09:37:06 | 000,150,528 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsp1.dll
MOD - [2015/01/16 09:35:50 | 000,851,968 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll
MOD - [2015/01/16 09:35:22 | 000,595,968 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npchromeinstaller.dll
MOD - [2015/01/16 09:34:56 | 000,224,768 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npwmi.dll
MOD - [2015/01/16 09:34:54 | 000,228,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsurvey.dll
MOD - [2015/01/16 09:34:28 | 000,505,344 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll
MOD - [2014/03/07 15:39:48 | 003,168,576 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/11/03 19:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
MOD - [2008/06/19 23:42:56 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Services (SafeList) ==========

SRV - [2015/02/04 15:49:27 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/30 01:59:44 | 000,284,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2015/01/30 01:59:44 | 000,022,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2015/01/27 11:57:02 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/16 09:41:38 | 002,934,496 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\System32\escsvc.exe -- (EpsonScanSvc)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/09/17 10:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 10:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/06/01 08:07:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHOSEN~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2015/01/16 09:33:32 | 000,023,264 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\nnfwdk.sys -- (nnfwdk)
DRV - [2014/11/15 14:46:08 | 000,095,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/08/20 23:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/08/20 23:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/01/18 05:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2010/01/25 15:49:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/12/16 16:48:51 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\tsk_atapi.sys -- (atapi)
DRV - [2009/07/16 07:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 07:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 07:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/06/26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/01/30 08:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/22 09:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 05:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/11 21:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 18:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}: "URL" = http://www.amazon.co...de=ur2&ie=UTF-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: netsight%40nielsen.com:2.3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Chosen072\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Chosen072\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/22 11:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014/03/05 02:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] [2015/02/22 20:44:09 | 000,009,424 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/02 21:10:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/22 11:43:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Chosen072\Program Files\DNA [2010/01/05 15:06:52 | 000,000,000 | ---D | M]

[2013/07/15 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Extensions
[2009/03/28 07:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Extensions\[email protected]
[2015/02/17 16:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Firefox\Profiles\hf9gv40m.default\extensions
[2015/01/27 11:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/01/27 11:57:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/22 20:44:09 | 000,009,424 | ---- | M] () (No name found) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER2\FIREFOXADDONS\[email protected]

O1 HOSTS File: ([2015/02/19 13:50:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe (The Nielsen Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: giantfoodstores.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C77DCEE-1FB5-4633-8DEF-A02C55F1F52B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A84C4504-3EDA-44AC-886B-C316CF2D95A3}: DhcpNameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0717666-99DE-4E14-B322-505B7C9031E4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 21:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/22 20:57:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.com
[2015/02/22 12:36:23 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Desktop\FRST-OlderVersion
[2015/02/22 01:22:30 | 000,401,920 | ---- | C] (Farbar) -- C:\Users\Chosen072\Desktop\MiniToolBox.exe
[2015/02/20 21:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/02/20 21:37:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015/02/20 21:13:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2015/02/20 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Desktop\Virus Log
[2015/02/20 04:08:13 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/20 04:05:27 | 001,126,912 | ---- | C] (Farbar) -- C:\Users\Chosen072\Desktop\FRST.exe
[2015/02/19 17:10:42 | 001,388,274 | ---- | C] (Thisisu) -- C:\Users\Chosen072\Desktop\JRT.exe
[2015/02/19 16:34:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/18 22:02:27 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chosen072\Desktop\tdsskiller.exe
[2015/02/18 17:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015/02/18 17:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015/02/18 17:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015/02/18 17:06:46 | 005,198,336 | ---- | C] (AVAST Software) -- C:\Users\Chosen072\Desktop\aswMBR.exe
[2015/02/18 17:05:06 | 005,611,903 | R--- | C] (Swearware) -- C:\Users\Chosen072\Desktop\ComboFix.exe
[2015/02/18 14:57:15 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Desktop\Images
[2015/02/17 16:20:16 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/02/17 16:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/17 16:19:20 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/02/17 16:19:19 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/02/17 16:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/02/17 16:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Unchecky
[2015/02/17 13:54:33 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Documents\2015 Tax Return
[2015/02/17 10:49:38 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/02/13 12:33:08 | 002,063,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/02/12 09:21:33 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/02/12 09:21:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/02/12 09:21:27 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/02/12 09:21:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/02/12 09:21:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/02/12 09:21:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/02/12 09:21:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/02/12 09:21:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/02/12 09:21:02 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/02/12 09:21:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/02/12 09:20:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/02/12 09:20:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/01/27 11:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/04 06:28:24 | 063,073,179 | ---- | C] (F.A.S ®                                                     ) -- C:\Users\Chosen072\AppData\Roaming\Virtual_DJ_Setup.exe
[2009/07/26 11:36:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chosen072\AppData\Roaming\pcouffin.sys
[3 C:\Users\Chosen072\Desktop\*.tmp files -> C:\Users\Chosen072\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/22 22:05:03 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2015/02/22 21:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/22 21:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000UA.job
[2015/02/22 21:12:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/22 20:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.com
[2015/02/22 20:48:33 | 000,645,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/02/22 20:48:33 | 000,120,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/02/22 20:44:07 | 000,000,005 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2015/02/22 20:43:41 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2015/02/22 20:43:17 | 000,178,663 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2015/02/22 20:43:17 | 000,178,663 | ---- | M] () -- C:\ProgramData\nvModes.001
[2015/02/22 20:41:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/22 20:41:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/22 20:40:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/22 17:13:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2015/02/22 15:44:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000Core.job
[2015/02/22 15:27:51 | 000,061,440 | ---- | M] ( ) -- C:\Users\Chosen072\Desktop\VEW.exe
[2015/02/22 12:36:23 | 001,126,912 | ---- | M] (Farbar) -- C:\Users\Chosen072\Desktop\FRST.exe
[2015/02/22 01:22:40 | 000,401,920 | ---- | M] (Farbar) -- C:\Users\Chosen072\Desktop\MiniToolBox.exe
[2015/02/21 23:05:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2015/02/21 16:45:43 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/02/20 21:12:57 | 000,002,229 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/02/20 10:58:09 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChosen072.job
[2015/02/20 09:28:25 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2015/02/19 17:10:48 | 001,388,274 | ---- | M] (Thisisu) -- C:\Users\Chosen072\Desktop\JRT.exe
[2015/02/19 16:32:56 | 002,126,848 | ---- | M] () -- C:\Users\Chosen072\Desktop\AdwCleaner.exe
[2015/02/19 13:50:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015/02/18 22:03:14 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chosen072\Desktop\tdsskiller.exe
[2015/02/18 21:59:35 | 000,000,512 | ---- | M] () -- C:\Users\Chosen072\Desktop\MBR.dat
[2015/02/18 17:07:03 | 005,198,336 | ---- | M] (AVAST Software) -- C:\Users\Chosen072\Desktop\aswMBR.exe
[2015/02/18 17:05:14 | 005,611,903 | R--- | M] (Swearware) -- C:\Users\Chosen072\Desktop\ComboFix.exe
[2015/02/17 16:19:51 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/16 17:30:55 | 001,822,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/02/09 11:48:05 | 000,000,680 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\d3d9caps.dat
[2015/02/05 03:07:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/04 15:49:27 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/02/04 15:49:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Users\Chosen072\Desktop\*.tmp files -> C:\Users\Chosen072\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/22 15:27:46 | 000,061,440 | ---- | C] ( ) -- C:\Users\Chosen072\Desktop\VEW.exe
[2015/02/20 09:28:25 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2015/02/19 16:32:48 | 002,126,848 | ---- | C] () -- C:\Users\Chosen072\Desktop\AdwCleaner.exe
[2015/02/18 17:20:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015/02/18 17:20:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015/02/18 17:20:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015/02/18 17:20:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015/02/18 17:20:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015/02/17 16:19:51 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 23:42:28 | 000,000,081 | ---- | C] () -- C:\Windows\WF-2540.ini
[2014/02/02 03:18:16 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/02/01 09:56:32 | 000,000,058 | ---- | C] () -- C:\Windows\XP-410.ini
[2014/01/11 09:32:56 | 000,001,050 | ---- | C] () -- C:\Users\Chosen072\request.xml
[2014/01/11 09:32:56 | 000,000,490 | ---- | C] () -- C:\Users\Chosen072\response.xml
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/08/28 05:04:59 | 000,000,072 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\slurlproxy.csv
[2010/02/01 08:48:07 | 000,001,504 | ---- | C] () -- C:\Users\Chosen072\.recently-used.xbel
[2009/12/10 16:13:03 | 000,000,035 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\SetValue.bat
[2009/10/13 09:58:36 | 000,000,269 | ---- | C] () -- C:\Users\Chosen072\Adobe - Shortcut.lnk
[2009/09/09 18:06:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/26 11:36:53 | 000,007,887 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\pcouffin.cat
[2009/07/26 11:36:52 | 000,001,144 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\pcouffin.inf
[2009/07/24 09:50:43 | 000,052,525 | ---- | C] () -- C:\Users\Chosen072\naughty girl.swi
[2009/07/24 09:50:43 | 000,048,662 | ---- | C] () -- C:\Users\Chosen072\naughty girl.sbk
[2009/02/16 04:35:26 | 000,178,663 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/16 04:35:19 | 000,178,663 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/12 07:11:29 | 000,870,128 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\mcs.rma
[2008/04/09 20:37:31 | 000,014,958 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/03/16 14:05:06 | 000,000,680 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\d3d9caps.dat
[2008/03/04 11:30:30 | 000,000,000 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\rx_image.Cache
[2008/01/31 05:02:27 | 000,003,770 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\wklnhst.dat
[2008/01/30 11:21:27 | 000,109,056 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/30 11:03:45 | 000,027,715 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\nvModes.001
[2008/01/30 07:14:40 | 000,027,715 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\nvModes.dat
[2008/01/30 06:14:36 | 000,031,007 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: TCPMON.DLL >
[2006/11/02 04:46:13 | 000,130,048 | ---- | M] (Microsoft Corporation) MD5=079FDC65148018E64DFCCEA671E8308C -- C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6000.16386_none_d075db5eaa3814ba\tcpmon.dll
[2009/04/11 01:28:24 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\WINDOWS\System32\tcpmon.dll
[2009/04/11 01:28:24 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6002.18005_none_d4981666a444f0da\tcpmon.dll
[2008/01/19 02:36:39 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=F9290D67C4B4B9B31CD3FC8BE73A4C9B -- C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll

< End of report >

#40
RKinner

Posted 23 February 2015 - 07:01 AM

Malware Expert

Expert
24,625 posts

It appears that the 2008 version is the same size as the 2009 so let's try it:

Copy the text between the lines of stars by highlighting and Ctrl + c

***************************************************************************************************

:Files

C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll|C:\WINDOWS\System32\tcpmon.dll /replace

C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll|C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6002.18005_none_d4981666a444f0da\tcpmon.dll /replace

:commands

[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top

Let the program run unhindered, OTL will reboot the PC when it is done.

Run sfc again as before:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

Let's run OTL again to make sure the replace command actually worked.

Copy the text in the code box by highlighting and Ctrl + c

/md5start
tcpmon.dll
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top

Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it to a reply.

#41
chosen072

Posted 23 February 2015 - 10:14 AM

Member

Topic Starter
Member
94 posts

OTL Log

========== FILES ==========
Unable to replace file: C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll with C:\WINDOWS\System32\tcpmon.dll without a reboot.
Unable to replace file: C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll with C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6002.18005_none_d4981666a444f0da\tcpmon.dll without a reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02232015_110543

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2008/01/19 02:36:39 | 000,135,168 | ---- | M] (Microsoft Corporation) C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll : MD5=F9290D67C4B4B9B31CD3FC8BE73A4C9B

Registry entries deleted on Reboot...

#42
chosen072

Posted 23 February 2015 - 10:55 AM

Member

Topic Starter
Member
94 posts

SFC fix log

2015-02-22 14:45:11, Info                  CSI    00000006 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:45:11, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2015-02-22 14:45:38, Info                  CSI    00000009 [SR] Verify complete
2015-02-22 14:45:41, Info                  CSI    0000000a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:45:41, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2015-02-22 14:46:20, Info                  CSI    0000000d [SR] Verify complete
2015-02-22 14:46:24, Info                  CSI    0000000e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:46:24, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2015-02-22 14:46:33, Info                  CSI    00000011 [SR] Verify complete
2015-02-22 14:46:36, Info                  CSI    00000012 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:46:36, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2015-02-22 14:46:43, Info                  CSI    00000015 [SR] Verify complete
2015-02-22 14:46:47, Info                  CSI    00000016 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:46:47, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2015-02-22 14:46:52, Info                  CSI    00000019 [SR] Verify complete
2015-02-22 14:46:58, Info                  CSI    0000001a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:46:58, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2015-02-22 14:47:03, Info                  CSI    0000001d [SR] Verify complete
2015-02-22 14:47:07, Info                  CSI    0000001e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:47:07, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2015-02-22 14:47:11, Info                  CSI    00000021 [SR] Verify complete
2015-02-22 14:47:17, Info                  CSI    00000022 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:47:17, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2015-02-22 14:47:21, Info                  CSI    00000025 [SR] Verify complete
2015-02-22 14:47:24, Info                  CSI    00000026 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:47:24, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2015-02-22 14:47:32, Info                  CSI    00000029 [SR] Verify complete
2015-02-22 14:47:35, Info                  CSI    0000002a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:47:35, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2015-02-22 14:47:39, Info                  CSI    0000002d [SR] Verify complete
2015-02-22 14:47:43, Info                  CSI    0000002e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:47:43, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2015-02-22 14:47:47, Info                  CSI    00000031 [SR] Verify complete
2015-02-22 14:47:51, Info                  CSI    00000032 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:47:51, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2015-02-22 14:47:56, Info                  CSI    00000035 [SR] Verify complete
2015-02-22 14:47:59, Info                  CSI    00000036 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:47:59, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2015-02-22 14:48:04, Info                  CSI    00000039 [SR] Verify complete
2015-02-22 14:48:07, Info                  CSI    0000003a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:48:07, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2015-02-22 14:48:12, Info                  CSI    0000003d [SR] Verify complete
2015-02-22 14:48:15, Info                  CSI    0000003e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:48:15, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2015-02-22 14:48:22, Info                  CSI    00000041 [SR] Verify complete
2015-02-22 14:48:30, Info                  CSI    00000042 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:48:30, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2015-02-22 14:48:35, Info                  CSI    00000045 [SR] Verify complete
2015-02-22 14:48:38, Info                  CSI    00000046 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:48:38, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2015-02-22 14:48:43, Info                  CSI    00000049 [SR] Verify complete
2015-02-22 14:48:46, Info                  CSI    0000004a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:48:46, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2015-02-22 14:48:51, Info                  CSI    0000004d [SR] Verify complete
2015-02-22 14:48:54, Info                  CSI    0000004e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:48:54, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2015-02-22 14:48:59, Info                  CSI    00000051 [SR] Verify complete
2015-02-22 14:49:04, Info                  CSI    00000052 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:04, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:09, Info                  CSI    00000055 [SR] Verify complete
2015-02-22 14:49:11, Info                  CSI    00000056 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:11, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:15, Info                  CSI    00000059 [SR] Verify complete
2015-02-22 14:49:17, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:17, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:21, Info                  CSI    0000005d [SR] Verify complete
2015-02-22 14:49:24, Info                  CSI    0000005e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:24, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:28, Info                  CSI    00000061 [SR] Verify complete
2015-02-22 14:49:31, Info                  CSI    00000062 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:31, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:37, Info                  CSI    00000065 [SR] Verify complete
2015-02-22 14:49:42, Info                  CSI    00000066 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:42, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:47, Info                  CSI    00000069 [SR] Verify complete
2015-02-22 14:49:50, Info                  CSI    0000006a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:50, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:53, Info                  CSI    0000006d [SR] Verify complete
2015-02-22 14:49:55, Info                  CSI    0000006e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:55, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2015-02-22 14:49:57, Info                  CSI    00000071 [SR] Verify complete
2015-02-22 14:49:58, Info                  CSI    00000072 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:49:58, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:00, Info                  CSI    00000075 [SR] Verify complete
2015-02-22 14:50:02, Info                  CSI    00000076 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:02, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:04, Info                  CSI    00000079 [SR] Verify complete
2015-02-22 14:50:05, Info                  CSI    0000007a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:05, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:07, Info                  CSI    0000007d [SR] Verify complete
2015-02-22 14:50:09, Info                  CSI    0000007e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:09, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:13, Info                  CSI    00000081 [SR] Verify complete
2015-02-22 14:50:15, Info                  CSI    00000082 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:15, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:19, Info                  CSI    00000085 [SR] Verify complete
2015-02-22 14:50:21, Info                  CSI    00000086 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:21, Info                  CSI    00000087 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:25, Info                  CSI    00000089 [SR] Verify complete
2015-02-22 14:50:27, Info                  CSI    0000008a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:27, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:29, Info                  CSI    0000008d [SR] Verify complete
2015-02-22 14:50:31, Info                  CSI    0000008e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:31, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:34, Info                  CSI    00000091 [SR] Verify complete
2015-02-22 14:50:36, Info                  CSI    00000092 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:36, Info                  CSI    00000093 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:38, Info                  CSI    00000095 [SR] Verify complete
2015-02-22 14:50:39, Info                  CSI    00000096 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:39, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:42, Info                  CSI    00000099 [SR] Verify complete
2015-02-22 14:50:43, Info                  CSI    0000009a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:43, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:46, Info                  CSI    0000009d [SR] Verify complete
2015-02-22 14:50:48, Info                  CSI    0000009e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:48, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:50, Info                  CSI    000000a1 [SR] Verify complete
2015-02-22 14:50:51, Info                  CSI    000000a2 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:51, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:54, Info                  CSI    000000a5 [SR] Verify complete
2015-02-22 14:50:55, Info                  CSI    000000a6 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:50:55, Info                  CSI    000000a7 [SR] Beginning Verify and Repair transaction
2015-02-22 14:50:59, Info                  CSI    000000a9 [SR] Verify complete
2015-02-22 14:51:01, Info                  CSI    000000aa [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:01, Info                  CSI    000000ab [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:03, Info                  CSI    000000ad [SR] Verify complete
2015-02-22 14:51:04, Info                  CSI    000000ae [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:04, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:07, Info                  CSI    000000b1 [SR] Verify complete
2015-02-22 14:51:09, Info                  CSI    000000b2 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:09, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:10, Info                  CSI    000000b5 [SR] Verify complete
2015-02-22 14:51:12, Info                  CSI    000000b6 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:12, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:14, Info                  CSI    000000b9 [SR] Verify complete
2015-02-22 14:51:16, Info                  CSI    000000ba [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:16, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:23, Info                  CSI    000000bd [SR] Verify complete
2015-02-22 14:51:24, Info                  CSI    000000be [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:24, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:36, Info                  CSI    000000c1 [SR] Verify complete
2015-02-22 14:51:38, Info                  CSI    000000c2 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:38, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:46, Info                  CSI    000000c5 [SR] Verify complete
2015-02-22 14:51:48, Info                  CSI    000000c6 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:48, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2015-02-22 14:51:57, Info                  CSI    000000ca [SR] Verify complete
2015-02-22 14:51:59, Info                  CSI    000000cb [SR] Verifying 100 (0x00000064) components
2015-02-22 14:51:59, Info                  CSI    000000cc [SR] Beginning Verify and Repair transaction
2015-02-22 14:52:08, Info                  CSI    000000cf [SR] Verify complete
2015-02-22 14:52:10, Info                  CSI    000000d0 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:52:10, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2015-02-22 14:52:18, Info                  CSI    000000d3 [SR] Verify complete
2015-02-22 14:52:19, Info                  CSI    000000d4 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:52:19, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2015-02-22 14:52:36, Info                  CSI    000000df [SR] Verify complete
2015-02-22 14:52:37, Info                  CSI    000000e0 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:52:37, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
2015-02-22 14:52:50, Info                  CSI    000000e3 [SR] Verify complete
2015-02-22 14:52:51, Info                  CSI    000000e4 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:52:51, Info                  CSI    000000e5 [SR] Beginning Verify and Repair transaction
2015-02-22 14:53:01, Info                  CSI    000000e7 [SR] Verify complete
2015-02-22 14:53:02, Info                  CSI    000000e8 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:53:02, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
2015-02-22 14:53:11, Info                  CSI    000000eb [SR] Verify complete
2015-02-22 14:53:12, Info                  CSI    000000ec [SR] Verifying 100 (0x00000064) components
2015-02-22 14:53:12, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2015-02-22 14:53:22, Info                  CSI    000000ef [SR] Verify complete
2015-02-22 14:53:24, Info                  CSI    000000f0 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:53:24, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2015-02-22 14:53:39, Info                  CSI    000000f3 [SR] Verify complete
2015-02-22 14:53:40, Info                  CSI    000000f4 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:53:40, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2015-02-22 14:53:57, Info                  CSI    000000f9 [SR] Verify complete
2015-02-22 14:53:58, Info                  CSI    000000fa [SR] Verifying 100 (0x00000064) components
2015-02-22 14:53:58, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2015-02-22 14:54:21, Info                  CSI    000000fd [SR] Verify complete
2015-02-22 14:54:23, Info                  CSI    000000fe [SR] Verifying 100 (0x00000064) components
2015-02-22 14:54:23, Info                  CSI    000000ff [SR] Beginning Verify and Repair transaction
2015-02-22 14:54:50, Info                  CSI    00000101 [SR] Verify complete
2015-02-22 14:54:51, Info                  CSI    00000102 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:54:51, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2015-02-22 14:54:58, Info                  CSI    00000105 [SR] Verify complete
2015-02-22 14:54:58, Info                  CSI    00000106 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:54:58, Info                  CSI    00000107 [SR] Beginning Verify and Repair transaction
2015-02-22 14:55:02, Info                  CSI    00000109 [SR] Verify complete
2015-02-22 14:55:03, Info                  CSI    0000010a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:55:03, Info                  CSI    0000010b [SR] Beginning Verify and Repair transaction
2015-02-22 14:55:08, Info                  CSI    0000010d [SR] Verify complete
2015-02-22 14:55:09, Info                  CSI    0000010e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:55:09, Info                  CSI    0000010f [SR] Beginning Verify and Repair transaction
2015-02-22 14:55:26, Info                  CSI    0000012d [SR] Verify complete
2015-02-22 14:55:27, Info                  CSI    0000012e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:55:27, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2015-02-22 14:55:33, Info                  CSI    00000131 [SR] Verify complete
2015-02-22 14:55:33, Info                  CSI    00000132 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:55:33, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2015-02-22 14:55:38, Info                  CSI    00000135 [SR] Verify complete
2015-02-22 14:55:39, Info                  CSI    00000136 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:55:39, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2015-02-22 14:55:44, Info                  CSI    00000139 [SR] Verify complete
2015-02-22 14:55:45, Info                  CSI    0000013a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:55:45, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
2015-02-22 14:55:55, Info                  CSI    0000013d [SR] Verify complete
2015-02-22 14:55:56, Info                  CSI    0000013e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:55:56, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2015-02-22 14:56:13, Info                  CSI    00000142 [SR] Verify complete
2015-02-22 14:56:14, Info                  CSI    00000143 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:56:14, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2015-02-22 14:56:20, Info                  CSI    00000146 [SR] Verify complete
2015-02-22 14:56:20, Info                  CSI    00000147 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:56:20, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
2015-02-22 14:56:33, Info                  CSI    0000014a [SR] Verify complete
2015-02-22 14:56:33, Info                  CSI    0000014b [SR] Verifying 100 (0x00000064) components
2015-02-22 14:56:33, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
2015-02-22 14:56:40, Info                  CSI    0000014e [SR] Verify complete
2015-02-22 14:56:41, Info                  CSI    0000014f [SR] Verifying 100 (0x00000064) components
2015-02-22 14:56:41, Info                  CSI    00000150 [SR] Beginning Verify and Repair transaction
2015-02-22 14:56:50, Info                  CSI    00000152 [SR] Verify complete
2015-02-22 14:56:51, Info                  CSI    00000153 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:56:51, Info                  CSI    00000154 [SR] Beginning Verify and Repair transaction
2015-02-22 14:57:05, Info                  CSI    00000156 [SR] Verify complete
2015-02-22 14:57:06, Info                  CSI    00000157 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:57:06, Info                  CSI    00000158 [SR] Beginning Verify and Repair transaction
2015-02-22 14:57:27, Info                  CSI    0000017d [SR] Verify complete
2015-02-22 14:57:28, Info                  CSI    0000017e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:57:28, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2015-02-22 14:57:43, Info                  CSI    00000181 [SR] Verify complete
2015-02-22 14:57:44, Info                  CSI    00000182 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:57:44, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2015-02-22 14:58:20, Info                  CSI    00000185 [SR] Verify complete
2015-02-22 14:58:21, Info                  CSI    00000186 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:58:21, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2015-02-22 14:58:48, Info                  CSI    00000189 [SR] Verify complete
2015-02-22 14:58:48, Info                  CSI    0000018a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:58:48, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
2015-02-22 14:59:06, Info                  CSI    0000018d [SR] Verify complete
2015-02-22 14:59:07, Info                  CSI    0000018e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:59:07, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2015-02-22 14:59:08, Info                  CSI    00000191 [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-22 14:59:18, Info                  CSI    00000193 [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-22 14:59:18, Info                  CSI    00000194 [SR] This component was referenced by [l:160{80}]"Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-113_neutral_GDR"
2015-02-22 14:59:18, Info                  CSI    00000197 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.dll"; source file in store is also corrupted
2015-02-22 14:59:18, Info                  CSI    00000199 [SR] Verify complete
2015-02-22 14:59:20, Info                  CSI    0000019a [SR] Verifying 100 (0x00000064) components
2015-02-22 14:59:20, Info                  CSI    0000019b [SR] Beginning Verify and Repair transaction
2015-02-22 14:59:27, Info                  CSI    0000019d [SR] Verify complete
2015-02-22 14:59:28, Info                  CSI    0000019e [SR] Verifying 100 (0x00000064) components
2015-02-22 14:59:28, Info                  CSI    0000019f [SR] Beginning Verify and Repair transaction
2015-02-22 14:59:39, Info                  CSI    000001a2 [SR] Verify complete
2015-02-22 14:59:40, Info                  CSI    000001a3 [SR] Verifying 100 (0x00000064) components
2015-02-22 14:59:40, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2015-02-22 15:00:01, Info                  CSI    000001a6 [SR] Verify complete
2015-02-22 15:00:02, Info                  CSI    000001a7 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:00:02, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2015-02-22 15:00:15, Info                  CSI    000001aa [SR] Verify complete
2015-02-22 15:00:16, Info                  CSI    000001ab [SR] Verifying 100 (0x00000064) components
2015-02-22 15:00:16, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
2015-02-22 15:00:29, Info                  CSI    000001ae [SR] Verify complete
2015-02-22 15:00:30, Info                  CSI    000001af [SR] Verifying 100 (0x00000064) components
2015-02-22 15:00:30, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2015-02-22 15:00:49, Info                  CSI    000001b2 [SR] Verify complete
2015-02-22 15:00:50, Info                  CSI    000001b3 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:00:50, Info                  CSI    000001b4 [SR] Beginning Verify and Repair transaction
2015-02-22 15:01:01, Info                  CSI    000001b6 [SR] Verify complete
2015-02-22 15:01:02, Info                  CSI    000001b7 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:01:02, Info                  CSI    000001b8 [SR] Beginning Verify and Repair transaction
2015-02-22 15:01:17, Info                  CSI    000001ba [SR] Verify complete
2015-02-22 15:01:18, Info                  CSI    000001bb [SR] Verifying 100 (0x00000064) components
2015-02-22 15:01:18, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2015-02-22 15:01:34, Info                  CSI    000001bf [SR] Verify complete
2015-02-22 15:01:35, Info                  CSI    000001c0 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:01:35, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2015-02-22 15:01:48, Info                  CSI    000001c3 [SR] Verify complete
2015-02-22 15:01:49, Info                  CSI    000001c4 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:01:49, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2015-02-22 15:01:57, Info                  CSI    000001c7 [SR] Verify complete
2015-02-22 15:01:58, Info                  CSI    000001c8 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:01:58, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2015-02-22 15:02:09, Info                  CSI    000001cb [SR] Verify complete
2015-02-22 15:02:11, Info                  CSI    000001cc [SR] Verifying 100 (0x00000064) components
2015-02-22 15:02:11, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2015-02-22 15:02:24, Info                  CSI    000001d2 [SR] Verify complete
2015-02-22 15:02:25, Info                  CSI    000001d3 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:02:25, Info                  CSI    000001d4 [SR] Beginning Verify and Repair transaction
2015-02-22 15:02:36, Info                  CSI    000001d5 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2015-02-22 15:02:36, Info                  CSI    000001d6 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2015-02-22 15:02:38, Info                  CSI    000001d8 [SR] Verify complete
2015-02-22 15:02:39, Info                  CSI    000001d9 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:02:39, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2015-02-22 15:02:54, Info                  CSI    000001dc [SR] Verify complete
2015-02-22 15:02:55, Info                  CSI    000001dd [SR] Verifying 100 (0x00000064) components
2015-02-22 15:02:55, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2015-02-22 15:03:04, Info                  CSI    000001e0 [SR] Verify complete
2015-02-22 15:03:05, Info                  CSI    000001e1 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:03:05, Info                  CSI    000001e2 [SR] Beginning Verify and Repair transaction
2015-02-22 15:03:09, Info                  CSI    000001e4 [SR] Verify complete
2015-02-22 15:03:10, Info                  CSI    000001e5 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:03:10, Info                  CSI    000001e6 [SR] Beginning Verify and Repair transaction
2015-02-22 15:03:23, Info                  CSI    000001e8 [SR] Verify complete
2015-02-22 15:03:24, Info                  CSI    000001e9 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:03:24, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2015-02-22 15:03:35, Info                  CSI    000001ec [SR] Verify complete
2015-02-22 15:03:36, Info                  CSI    000001ed [SR] Verifying 100 (0x00000064) components
2015-02-22 15:03:36, Info                  CSI    000001ee [SR] Beginning Verify and Repair transaction
2015-02-22 15:03:45, Info                  CSI    000001f0 [SR] Verify complete
2015-02-22 15:03:46, Info                  CSI    000001f1 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:03:46, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2015-02-22 15:04:09, Info                  CSI    000001f4 [SR] Verify complete
2015-02-22 15:04:10, Info                  CSI    000001f5 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:04:10, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2015-02-22 15:04:16, Info                  CSI    000001f8 [SR] Verify complete
2015-02-22 15:04:17, Info                  CSI    000001f9 [SR] Verifying 100 (0x00000064) components
2015-02-22 15:04:17, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2015-02-22 15:04:26, Info                  CSI    000001fc [SR] Verify complete
2015-02-22 15:04:27, Info                  CSI    000001fd [SR] Verifying 99 (0x00000063) components
2015-02-22 15:04:27, Info                  CSI    000001fe [SR] Beginning Verify and Repair transaction
2015-02-22 15:04:38, Info                  CSI    00000209 [SR] Verify complete
2015-02-22 15:04:38, Info                  CSI    0000020a [SR] Repairing 2 components
2015-02-22 15:04:38, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2015-02-22 15:04:38, Info                  CSI    0000020d [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-22 15:04:38, Info                  CSI    0000020e [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2015-02-22 15:04:38, Info                  CSI    0000020f [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2015-02-22 15:04:38, Info                  CSI    00000211 [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-22 15:04:38, Info                  CSI    00000212 [SR] This component was referenced by [l:160{80}]"Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-113_neutral_GDR"
2015-02-22 15:04:38, Info                  CSI    00000215 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.dll"; source file in store is also corrupted
2015-02-22 15:04:38, Info                  CSI    00000217 [SR] Repair complete
2015-02-22 15:04:38, Info                  CSI    00000218 [SR] Committing transaction
2015-02-22 15:04:40, Info                  CSI    0000021c [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
2015-02-23 11:19:13, Info                  CSI    00000006 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:19:13, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2015-02-23 11:19:33, Info                  CSI    00000009 [SR] Verify complete
2015-02-23 11:19:35, Info                  CSI    0000000a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:19:35, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2015-02-23 11:20:04, Info                  CSI    0000000d [SR] Verify complete
2015-02-23 11:20:08, Info                  CSI    0000000e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:20:08, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2015-02-23 11:20:18, Info                  CSI    00000011 [SR] Verify complete
2015-02-23 11:20:21, Info                  CSI    00000012 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:20:21, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2015-02-23 11:20:25, Info                  CSI    00000015 [SR] Verify complete
2015-02-23 11:20:28, Info                  CSI    00000016 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:20:28, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2015-02-23 11:20:35, Info                  CSI    00000019 [SR] Verify complete
2015-02-23 11:20:38, Info                  CSI    0000001a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:20:38, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2015-02-23 11:20:42, Info                  CSI    0000001d [SR] Verify complete
2015-02-23 11:20:47, Info                  CSI    0000001e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:20:47, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2015-02-23 11:20:50, Info                  CSI    00000021 [SR] Verify complete
2015-02-23 11:20:53, Info                  CSI    00000022 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:20:53, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2015-02-23 11:20:58, Info                  CSI    00000025 [SR] Verify complete
2015-02-23 11:21:01, Info                  CSI    00000026 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:21:01, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2015-02-23 11:21:06, Info                  CSI    00000029 [SR] Verify complete
2015-02-23 11:21:08, Info                  CSI    0000002a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:21:08, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2015-02-23 11:21:13, Info                  CSI    0000002d [SR] Verify complete
2015-02-23 11:21:17, Info                  CSI    0000002e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:21:17, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2015-02-23 11:21:22, Info                  CSI    00000031 [SR] Verify complete
2015-02-23 11:21:26, Info                  CSI    00000032 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:21:26, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2015-02-23 11:21:30, Info                  CSI    00000035 [SR] Verify complete
2015-02-23 11:21:33, Info                  CSI    00000036 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:21:33, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2015-02-23 11:21:38, Info                  CSI    00000039 [SR] Verify complete
2015-02-23 11:21:42, Info                  CSI    0000003a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:21:42, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2015-02-23 11:21:48, Info                  CSI    0000003d [SR] Verify complete
2015-02-23 11:21:51, Info                  CSI    0000003e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:21:51, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2015-02-23 11:21:57, Info                  CSI    00000041 [SR] Verify complete
2015-02-23 11:22:00, Info                  CSI    00000042 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:00, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:06, Info                  CSI    00000045 [SR] Verify complete
2015-02-23 11:22:09, Info                  CSI    00000046 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:09, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:16, Info                  CSI    00000049 [SR] Verify complete
2015-02-23 11:22:19, Info                  CSI    0000004a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:19, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:25, Info                  CSI    0000004d [SR] Verify complete
2015-02-23 11:22:28, Info                  CSI    0000004e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:28, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:34, Info                  CSI    00000051 [SR] Verify complete
2015-02-23 11:22:37, Info                  CSI    00000052 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:37, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:41, Info                  CSI    00000055 [SR] Verify complete
2015-02-23 11:22:43, Info                  CSI    00000056 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:43, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:45, Info                  CSI    00000059 [SR] Verify complete
2015-02-23 11:22:47, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:47, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:50, Info                  CSI    0000005d [SR] Verify complete
2015-02-23 11:22:52, Info                  CSI    0000005e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:52, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2015-02-23 11:22:54, Info                  CSI    00000061 [SR] Verify complete
2015-02-23 11:22:56, Info                  CSI    00000062 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:22:56, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:00, Info                  CSI    00000065 [SR] Verify complete
2015-02-23 11:23:02, Info                  CSI    00000066 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:02, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:04, Info                  CSI    00000069 [SR] Verify complete
2015-02-23 11:23:05, Info                  CSI    0000006a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:05, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:08, Info                  CSI    0000006d [SR] Verify complete
2015-02-23 11:23:10, Info                  CSI    0000006e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:10, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:15, Info                  CSI    00000071 [SR] Verify complete
2015-02-23 11:23:18, Info                  CSI    00000072 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:18, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:23, Info                  CSI    00000075 [SR] Verify complete
2015-02-23 11:23:25, Info                  CSI    00000076 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:25, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:29, Info                  CSI    00000079 [SR] Verify complete
2015-02-23 11:23:31, Info                  CSI    0000007a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:31, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:36, Info                  CSI    0000007d [SR] Verify complete
2015-02-23 11:23:39, Info                  CSI    0000007e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:39, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:46, Info                  CSI    00000081 [SR] Verify complete
2015-02-23 11:23:49, Info                  CSI    00000082 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:23:49, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2015-02-23 11:23:57, Info                  CSI    00000085 [SR] Verify complete
2015-02-23 11:24:00, Info                  CSI    00000086 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:24:00, Info                  CSI    00000087 [SR] Beginning Verify and Repair transaction
2015-02-23 11:24:05, Info                  CSI    00000089 [SR] Verify complete
2015-02-23 11:24:07, Info                  CSI    0000008a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:24:07, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
2015-02-23 11:24:14, Info                  CSI    0000008d [SR] Verify complete
2015-02-23 11:24:16, Info                  CSI    0000008e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:24:16, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
2015-02-23 11:24:24, Info                  CSI    00000091 [SR] Verify complete
2015-02-23 11:24:27, Info                  CSI    00000092 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:24:27, Info                  CSI    00000093 [SR] Beginning Verify and Repair transaction
2015-02-23 11:24:32, Info                  CSI    00000095 [SR] Verify complete
2015-02-23 11:24:34, Info                  CSI    00000096 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:24:34, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
2015-02-23 11:24:38, Info                  CSI    00000099 [SR] Verify complete
2015-02-23 11:24:41, Info                  CSI    0000009a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:24:41, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
2015-02-23 11:24:57, Info                  CSI    0000009d [SR] Verify complete
2015-02-23 11:25:00, Info                  CSI    0000009e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:25:00, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
2015-02-23 11:25:04, Info                  CSI    000000a1 [SR] Verify complete
2015-02-23 11:25:06, Info                  CSI    000000a2 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:25:06, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2015-02-23 11:25:13, Info                  CSI    000000a5 [SR] Verify complete
2015-02-23 11:25:15, Info                  CSI    000000a6 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:25:15, Info                  CSI    000000a7 [SR] Beginning Verify and Repair transaction
2015-02-23 11:25:28, Info                  CSI    000000a9 [SR] Verify complete
2015-02-23 11:25:31, Info                  CSI    000000aa [SR] Verifying 100 (0x00000064) components
2015-02-23 11:25:31, Info                  CSI    000000ab [SR] Beginning Verify and Repair transaction
2015-02-23 11:25:36, Info                  CSI    000000ad [SR] Verify complete
2015-02-23 11:25:39, Info                  CSI    000000ae [SR] Verifying 100 (0x00000064) components
2015-02-23 11:25:39, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2015-02-23 11:25:45, Info                  CSI    000000b1 [SR] Verify complete
2015-02-23 11:25:47, Info                  CSI    000000b2 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:25:47, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2015-02-23 11:25:52, Info                  CSI    000000b5 [SR] Verify complete
2015-02-23 11:25:54, Info                  CSI    000000b6 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:25:54, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2015-02-23 11:25:59, Info                  CSI    000000b9 [SR] Verify complete
2015-02-23 11:26:02, Info                  CSI    000000ba [SR] Verifying 100 (0x00000064) components
2015-02-23 11:26:02, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2015-02-23 11:26:21, Info                  CSI    000000bd [SR] Verify complete
2015-02-23 11:26:24, Info                  CSI    000000be [SR] Verifying 100 (0x00000064) components
2015-02-23 11:26:24, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2015-02-23 11:26:57, Info                  CSI    000000c1 [SR] Verify complete
2015-02-23 11:27:01, Info                  CSI    000000c2 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:27:01, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2015-02-23 11:27:27, Info                  CSI    000000c5 [SR] Verify complete
2015-02-23 11:27:33, Info                  CSI    000000c6 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:27:33, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2015-02-23 11:28:18, Info                  CSI    000000ca [SR] Verify complete
2015-02-23 11:28:21, Info                  CSI    000000cb [SR] Verifying 100 (0x00000064) components
2015-02-23 11:28:21, Info                  CSI    000000cc [SR] Beginning Verify and Repair transaction
2015-02-23 11:28:44, Info                  CSI    000000cf [SR] Verify complete
2015-02-23 11:28:47, Info                  CSI    000000d0 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:28:47, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2015-02-23 11:29:10, Info                  CSI    000000d3 [SR] Verify complete
2015-02-23 11:29:11, Info                  CSI    000000d4 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:29:11, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2015-02-23 11:29:28, Info                  CSI    000000df [SR] Verify complete
2015-02-23 11:29:29, Info                  CSI    000000e0 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:29:29, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
2015-02-23 11:29:43, Info                  CSI    000000e3 [SR] Verify complete
2015-02-23 11:29:44, Info                  CSI    000000e4 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:29:44, Info                  CSI    000000e5 [SR] Beginning Verify and Repair transaction
2015-02-23 11:29:55, Info                  CSI    000000e7 [SR] Verify complete
2015-02-23 11:29:56, Info                  CSI    000000e8 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:29:56, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
2015-02-23 11:30:17, Info                  CSI    000000eb [SR] Verify complete
2015-02-23 11:30:18, Info                  CSI    000000ec [SR] Verifying 100 (0x00000064) components
2015-02-23 11:30:18, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2015-02-23 11:30:29, Info                  CSI    000000ef [SR] Verify complete
2015-02-23 11:30:30, Info                  CSI    000000f0 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:30:30, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2015-02-23 11:30:45, Info                  CSI    000000f3 [SR] Verify complete
2015-02-23 11:30:46, Info                  CSI    000000f4 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:30:46, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2015-02-23 11:31:05, Info                  CSI    000000f9 [SR] Verify complete
2015-02-23 11:31:06, Info                  CSI    000000fa [SR] Verifying 100 (0x00000064) components
2015-02-23 11:31:06, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2015-02-23 11:31:30, Info                  CSI    000000fd [SR] Verify complete
2015-02-23 11:31:31, Info                  CSI    000000fe [SR] Verifying 100 (0x00000064) components
2015-02-23 11:31:31, Info                  CSI    000000ff [SR] Beginning Verify and Repair transaction
2015-02-23 11:31:59, Info                  CSI    00000101 [SR] Verify complete
2015-02-23 11:32:00, Info                  CSI    00000102 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:00, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2015-02-23 11:32:07, Info                  CSI    00000105 [SR] Verify complete
2015-02-23 11:32:07, Info                  CSI    00000106 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:07, Info                  CSI    00000107 [SR] Beginning Verify and Repair transaction
2015-02-23 11:32:12, Info                  CSI    00000109 [SR] Verify complete
2015-02-23 11:32:12, Info                  CSI    0000010a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:12, Info                  CSI    0000010b [SR] Beginning Verify and Repair transaction
2015-02-23 11:32:17, Info                  CSI    0000010d [SR] Verify complete
2015-02-23 11:32:18, Info                  CSI    0000010e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:18, Info                  CSI    0000010f [SR] Beginning Verify and Repair transaction
2015-02-23 11:32:35, Info                  CSI    0000012d [SR] Verify complete
2015-02-23 11:32:36, Info                  CSI    0000012e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:36, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2015-02-23 11:32:42, Info                  CSI    00000131 [SR] Verify complete
2015-02-23 11:32:42, Info                  CSI    00000132 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:42, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2015-02-23 11:32:47, Info                  CSI    00000135 [SR] Verify complete
2015-02-23 11:32:48, Info                  CSI    00000136 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:48, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2015-02-23 11:32:53, Info                  CSI    00000139 [SR] Verify complete
2015-02-23 11:32:54, Info                  CSI    0000013a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:32:54, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
2015-02-23 11:33:06, Info                  CSI    0000013d [SR] Verify complete
2015-02-23 11:33:07, Info                  CSI    0000013e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:33:07, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2015-02-23 11:33:27, Info                  CSI    00000142 [SR] Verify complete
2015-02-23 11:33:28, Info                  CSI    00000143 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:33:28, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2015-02-23 11:33:33, Info                  CSI    00000146 [SR] Verify complete
2015-02-23 11:33:34, Info                  CSI    00000147 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:33:34, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
2015-02-23 11:33:47, Info                  CSI    0000014a [SR] Verify complete
2015-02-23 11:33:48, Info                  CSI    0000014b [SR] Verifying 100 (0x00000064) components
2015-02-23 11:33:48, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
2015-02-23 11:33:56, Info                  CSI    0000014e [SR] Verify complete
2015-02-23 11:33:56, Info                  CSI    0000014f [SR] Verifying 100 (0x00000064) components
2015-02-23 11:33:56, Info                  CSI    00000150 [SR] Beginning Verify and Repair transaction
2015-02-23 11:34:06, Info                  CSI    00000152 [SR] Verify complete
2015-02-23 11:34:07, Info                  CSI    00000153 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:34:07, Info                  CSI    00000154 [SR] Beginning Verify and Repair transaction
2015-02-23 11:34:20, Info                  CSI    00000156 [SR] Verify complete
2015-02-23 11:34:21, Info                  CSI    00000157 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:34:21, Info                  CSI    00000158 [SR] Beginning Verify and Repair transaction
2015-02-23 11:34:42, Info                  CSI    0000017d [SR] Verify complete
2015-02-23 11:34:43, Info                  CSI    0000017e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:34:43, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2015-02-23 11:35:00, Info                  CSI    00000181 [SR] Verify complete
2015-02-23 11:35:01, Info                  CSI    00000182 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:35:01, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2015-02-23 11:35:29, Info                  CSI    00000185 [SR] Verify complete
2015-02-23 11:35:30, Info                  CSI    00000186 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:35:30, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2015-02-23 11:35:56, Info                  CSI    00000189 [SR] Verify complete
2015-02-23 11:35:57, Info                  CSI    0000018a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:35:57, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
2015-02-23 11:36:13, Info                  CSI    0000018d [SR] Verify complete
2015-02-23 11:36:14, Info                  CSI    0000018e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:36:14, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2015-02-23 11:36:15, Info                  CSI    00000191 [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-23 11:36:25, Info                  CSI    00000193 [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-23 11:36:25, Info                  CSI    00000194 [SR] This component was referenced by [l:160{80}]"Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-113_neutral_GDR"
2015-02-23 11:36:25, Info                  CSI    00000197 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.dll"; source file in store is also corrupted
2015-02-23 11:36:26, Info                  CSI    00000199 [SR] Verify complete
2015-02-23 11:36:27, Info                  CSI    0000019a [SR] Verifying 100 (0x00000064) components
2015-02-23 11:36:27, Info                  CSI    0000019b [SR] Beginning Verify and Repair transaction
2015-02-23 11:36:34, Info                  CSI    0000019d [SR] Verify complete
2015-02-23 11:36:35, Info                  CSI    0000019e [SR] Verifying 100 (0x00000064) components
2015-02-23 11:36:35, Info                  CSI    0000019f [SR] Beginning Verify and Repair transaction
2015-02-23 11:36:47, Info                  CSI    000001a2 [SR] Verify complete
2015-02-23 11:36:51, Info                  CSI    000001a3 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:36:51, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2015-02-23 11:37:15, Info                  CSI    000001a6 [SR] Verify complete
2015-02-23 11:37:16, Info                  CSI    000001a7 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:37:16, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2015-02-23 11:37:29, Info                  CSI    000001aa [SR] Verify complete
2015-02-23 11:37:30, Info                  CSI    000001ab [SR] Verifying 100 (0x00000064) components
2015-02-23 11:37:30, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
2015-02-23 11:37:45, Info                  CSI    000001ae [SR] Verify complete
2015-02-23 11:37:46, Info                  CSI    000001af [SR] Verifying 100 (0x00000064) components
2015-02-23 11:37:46, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2015-02-23 11:38:06, Info                  CSI    000001b2 [SR] Verify complete
2015-02-23 11:38:06, Info                  CSI    000001b3 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:38:06, Info                  CSI    000001b4 [SR] Beginning Verify and Repair transaction
2015-02-23 11:38:17, Info                  CSI    000001b6 [SR] Verify complete
2015-02-23 11:38:18, Info                  CSI    000001b7 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:38:18, Info                  CSI    000001b8 [SR] Beginning Verify and Repair transaction
2015-02-23 11:38:33, Info                  CSI    000001ba [SR] Verify complete
2015-02-23 11:38:34, Info                  CSI    000001bb [SR] Verifying 100 (0x00000064) components
2015-02-23 11:38:34, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2015-02-23 11:38:51, Info                  CSI    000001bf [SR] Verify complete
2015-02-23 11:38:52, Info                  CSI    000001c0 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:38:52, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2015-02-23 11:39:06, Info                  CSI    000001c3 [SR] Verify complete
2015-02-23 11:39:07, Info                  CSI    000001c4 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:39:07, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2015-02-23 11:39:15, Info                  CSI    000001c7 [SR] Verify complete
2015-02-23 11:39:16, Info                  CSI    000001c8 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:39:16, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2015-02-23 11:39:28, Info                  CSI    000001cb [SR] Verify complete
2015-02-23 11:39:29, Info                  CSI    000001cc [SR] Verifying 100 (0x00000064) components
2015-02-23 11:39:29, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2015-02-23 11:39:42, Info                  CSI    000001d2 [SR] Verify complete
2015-02-23 11:39:43, Info                  CSI    000001d3 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:39:43, Info                  CSI    000001d4 [SR] Beginning Verify and Repair transaction
2015-02-23 11:39:53, Info                  CSI    000001d6 [SR] Verify complete
2015-02-23 11:39:54, Info                  CSI    000001d7 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:39:54, Info                  CSI    000001d8 [SR] Beginning Verify and Repair transaction
2015-02-23 11:40:09, Info                  CSI    000001da [SR] Verify complete
2015-02-23 11:40:10, Info                  CSI    000001db [SR] Verifying 100 (0x00000064) components
2015-02-23 11:40:10, Info                  CSI    000001dc [SR] Beginning Verify and Repair transaction
2015-02-23 11:40:22, Info                  CSI    000001de [SR] Verify complete
2015-02-23 11:40:22, Info                  CSI    000001df [SR] Verifying 100 (0x00000064) components
2015-02-23 11:40:22, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2015-02-23 11:40:26, Info                  CSI    000001e2 [SR] Verify complete
2015-02-23 11:40:27, Info                  CSI    000001e3 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:40:27, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2015-02-23 11:40:41, Info                  CSI    000001e6 [SR] Verify complete
2015-02-23 11:40:44, Info                  CSI    000001e7 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:40:44, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2015-02-23 11:40:59, Info                  CSI    000001ea [SR] Verify complete
2015-02-23 11:41:00, Info                  CSI    000001eb [SR] Verifying 100 (0x00000064) components
2015-02-23 11:41:00, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
2015-02-23 11:41:09, Info                  CSI    000001ee [SR] Verify complete
2015-02-23 11:41:10, Info                  CSI    000001ef [SR] Verifying 100 (0x00000064) components
2015-02-23 11:41:10, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
2015-02-23 11:41:32, Info                  CSI    000001f2 [SR] Verify complete
2015-02-23 11:41:33, Info                  CSI    000001f3 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:41:33, Info                  CSI    000001f4 [SR] Beginning Verify and Repair transaction
2015-02-23 11:41:39, Info                  CSI    000001f6 [SR] Verify complete
2015-02-23 11:41:40, Info                  CSI    000001f7 [SR] Verifying 100 (0x00000064) components
2015-02-23 11:41:40, Info                  CSI    000001f8 [SR] Beginning Verify and Repair transaction
2015-02-23 11:41:49, Info                  CSI    000001fa [SR] Verify complete
2015-02-23 11:41:50, Info                  CSI    000001fb [SR] Verifying 99 (0x00000063) components
2015-02-23 11:41:50, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2015-02-23 11:42:06, Info                  CSI    00000207 [SR] Verify complete
2015-02-23 11:42:06, Info                  CSI    00000208 [SR] Repairing 1 components
2015-02-23 11:42:06, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2015-02-23 11:42:06, Info                  CSI    0000020b [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-23 11:42:06, Info                  CSI    0000020d [SR] Cannot repair member file [l:20{10}]"tcpmon.dll" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonDLL, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-23 11:42:06, Info                  CSI    0000020e [SR] This component was referenced by [l:160{80}]"Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-113_neutral_GDR"
2015-02-23 11:42:06, Info                  CSI    00000211 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.dll"; source file in store is also corrupted
2015-02-23 11:42:06, Info                  CSI    00000213 [SR] Repair complete
2015-02-23 11:42:07, Info                  CSI    00000214 [SR] Committing transaction
2015-02-23 11:42:07, Info                  CSI    00000218 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

#43
chosen072

Posted 23 February 2015 - 12:26 PM

Member

Topic Starter
Member
94 posts

OTL Log

OTL logfile created on: 2/23/2015 12:05:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chosen072\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.51% Memory free
4.11 Gb Paging File | 2.95 Gb Available in Paging File | 71.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 9.38 Gb Free Space | 9.08% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 11.78 Gb Free Space | 10.54% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.35 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

Computer Name: ROBINS-LT | User Name: Chosen072 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/02/22 20:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.com
PRC - [2015/02/05 03:06:41 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2015/01/30 01:59:44 | 000,284,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2015/01/30 01:59:44 | 000,022,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2015/01/30 01:53:04 | 000,978,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2015/01/16 09:41:38 | 002,934,496 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
PRC - [2015/01/16 09:41:38 | 000,091,872 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
PRC - [2015/01/15 16:59:32 | 023,308,256 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/03/07 15:39:48 | 003,168,576 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/11/06 10:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 10:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files\SAMSUNG\Kies\Kies.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/31 11:16:30 | 001,057,920 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2012/02/29 16:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/02/29 16:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escsvc.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/09/17 10:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2010/09/17 10:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2015/02/23 11:09:48 | 001,160,704 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\_ssl.pyd
MOD - [2015/02/23 11:09:48 | 000,811,008 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._windows_.pyd
MOD - [2015/02/23 11:09:48 | 000,805,888 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._gdi_.pyd
MOD - [2015/02/23 11:09:48 | 000,713,216 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\_hashlib.pyd
MOD - [2015/02/23 11:09:48 | 000,110,080 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\PyWinTypes27.dll
MOD - [2015/02/23 11:09:48 | 000,027,136 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\_multiprocessing.pyd
MOD - [2015/02/23 11:09:48 | 000,025,600 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32pdh.pyd
MOD - [2015/02/23 11:09:48 | 000,024,064 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32pipe.pyd
MOD - [2015/02/23 11:09:48 | 000,007,168 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\hashobjs_ext.pyd
MOD - [2015/02/23 11:09:47 | 001,062,400 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._controls_.pyd
MOD - [2015/02/23 11:09:46 | 000,686,080 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\unicodedata.pyd
MOD - [2015/02/23 11:09:46 | 000,525,640 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\windows._lib_cacheinvalidation.pyd
MOD - [2015/02/23 11:09:46 | 000,127,488 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\pyexpat.pyd
MOD - [2015/02/23 11:09:46 | 000,119,808 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32file.pyd
MOD - [2015/02/23 11:09:46 | 000,108,544 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32security.pyd
MOD - [2015/02/23 11:09:46 | 000,038,912 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32inet.pyd
MOD - [2015/02/23 11:09:46 | 000,018,432 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32event.pyd
MOD - [2015/02/23 11:09:46 | 000,017,408 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32profile.pyd
MOD - [2015/02/23 11:09:46 | 000,010,240 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\select.pyd
MOD - [2015/02/23 11:09:45 | 001,175,040 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._core_.pyd
MOD - [2015/02/23 11:09:45 | 000,735,232 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._misc_.pyd
MOD - [2015/02/23 11:09:45 | 000,557,056 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\pysqlite2._sqlite.pyd
MOD - [2015/02/23 11:09:45 | 000,364,544 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\pythoncom27.dll
MOD - [2015/02/23 11:09:45 | 000,320,512 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32com.shell.shell.pyd
MOD - [2015/02/23 11:09:45 | 000,167,936 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32gui.pyd
MOD - [2015/02/23 11:09:45 | 000,128,512 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\_elementtree.pyd
MOD - [2015/02/23 11:09:45 | 000,122,368 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._wizard.pyd
MOD - [2015/02/23 11:09:45 | 000,098,816 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32api.pyd
MOD - [2015/02/23 11:09:45 | 000,087,552 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\_ctypes.pyd
MOD - [2015/02/23 11:09:45 | 000,078,336 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._animate.pyd
MOD - [2015/02/23 11:09:45 | 000,070,656 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\wx._html2.pyd
MOD - [2015/02/23 11:09:45 | 000,045,568 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\_socket.pyd
MOD - [2015/02/23 11:09:45 | 000,022,528 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32ts.pyd
MOD - [2015/02/23 11:09:45 | 000,011,264 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32crypt.pyd
MOD - [2015/02/23 11:09:43 | 000,035,840 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\temp\_MEI26602\win32process.pyd
MOD - [2015/02/21 22:26:29 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MOD - [2015/02/21 22:23:19 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\b14aecee3554afb0d099f8f5c8d19afc\System.Runtime.Remoting.ni.dll
MOD - [2015/02/21 17:22:13 | 014,970,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\592a6a31e27bffd0adeaff6f255f3892\Kies.Theme.ni.dll
MOD - [2015/02/21 17:21:44 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\de6a15348040911b2e63c8dbe3c77275\ASF_cSharpAPI.ni.dll
MOD - [2015/02/21 17:21:43 | 000,058,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3dfd58b4b22d4d58719f465a3392b0b1\Kies.Common.AllShare.ni.dll
MOD - [2015/02/21 17:20:43 | 002,164,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\38b280dc044bcdc1a034db4d0012296c\Kies.Common.Multimedia.ni.dll
MOD - [2015/02/21 17:20:36 | 000,182,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\d29bf4134c8df4833a65213d4687d6da\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2015/02/21 17:20:15 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\a4777dd3707ff8649c29eff356c45fae\Kies.Common.Util.ni.dll
MOD - [2015/02/21 17:20:12 | 001,715,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7f110177705a8d6c39685e4d5fc6ac51\Kies.Locale.ni.dll
MOD - [2015/02/21 17:20:10 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\845b9379476bb91db2881ebaff45255f\Kies.MVVM.ni.dll
MOD - [2015/02/21 17:20:09 | 001,811,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\5f365d00396e8a2f0442cef2639e01a3\Kies.UI.ni.dll
MOD - [2015/02/21 17:19:56 | 001,239,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\faf445d1a897035db4b8ce8f28d2d751\Kies.Interface.ni.dll
MOD - [2015/02/21 17:19:31 | 002,107,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\51db4489da8f5c8ed057eb5ad2c0441d\Kies.ni.exe
MOD - [2015/02/21 03:36:22 | 018,761,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\9f1f464b854d655c74c8cd4ee5b731bd\PresentationFramework.ni.dll
MOD - [2015/02/21 03:36:00 | 011,013,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\eb3ba0fe2449d7ca96b51f71b2061cf6\PresentationCore.ni.dll
MOD - [2015/02/21 03:35:23 | 001,873,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll
MOD - [2015/02/21 03:35:13 | 000,219,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\9bcbefb742496c55841dfcb21be24c6e\System.ServiceProcess.ni.dll
MOD - [2015/02/21 03:33:13 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll
MOD - [2015/02/21 03:32:59 | 003,945,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\61c8a838d217ea8b4f68bbf38172114f\WindowsBase.ni.dll
MOD - [2015/02/21 03:32:45 | 007,002,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\23d1162d1943c1b1d6c4fd7c6d8512d4\System.Core.ni.dll
MOD - [2015/02/21 03:32:28 | 000,972,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5a977e1f055b4f8f41da5d9142a1913c\System.Configuration.ni.dll
MOD - [2015/02/21 03:31:55 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2015/01/16 09:40:00 | 000,504,832 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2015/01/16 09:37:06 | 000,150,528 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsp1.dll
MOD - [2015/01/16 09:35:50 | 000,851,968 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll
MOD - [2015/01/16 09:35:22 | 000,595,968 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npchromeinstaller.dll
MOD - [2015/01/16 09:34:56 | 000,224,768 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npwmi.dll
MOD - [2015/01/16 09:34:54 | 000,228,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsurvey.dll
MOD - [2015/01/16 09:34:28 | 000,505,344 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll
MOD - [2014/03/07 15:39:48 | 003,168,576 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/11/03 19:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
MOD - [2008/06/19 23:42:56 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Services (SafeList) ==========

SRV - [2015/02/04 15:49:27 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/30 01:59:44 | 000,284,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2015/01/30 01:59:44 | 000,022,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2015/01/27 11:57:02 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/16 09:41:38 | 002,934,496 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\System32\escsvc.exe -- (EpsonScanSvc)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/09/17 10:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 10:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/06/01 08:07:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHOSEN~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2015/01/16 09:33:32 | 000,023,264 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\nnfwdk.sys -- (nnfwdk)
DRV - [2014/11/15 14:46:08 | 000,095,408 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/08/20 23:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/08/20 23:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/01/18 05:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2010/01/25 15:49:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/12/16 16:48:51 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\tsk_atapi.sys -- (atapi)
DRV - [2009/07/16 07:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 07:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 07:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/06/26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/01/30 08:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/22 09:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 05:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/11 21:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 18:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}: "URL" = http://www.amazon.co...de=ur2&ie=UTF-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: netsight%40nielsen.com:2.3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Chosen072\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Chosen072\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chosen072\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/22 11:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014/03/05 02:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] [2015/02/23 11:10:56 | 000,009,424 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/02 21:10:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/22 11:43:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Chosen072\Program Files\DNA [2010/01/05 15:06:52 | 000,000,000 | ---D | M]

[2013/07/15 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Extensions
[2009/03/28 07:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Extensions\[email protected]
[2015/02/17 16:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Firefox\Profiles\hf9gv40m.default\extensions
[2015/01/27 11:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/01/27 11:57:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/02/23 11:10:56 | 000,009,424 | ---- | M] () (No name found) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER2\FIREFOXADDONS\[email protected]

O1 HOSTS File: ([2015/02/19 13:50:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe (The Nielsen Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Chosen072\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: giantfoodstores.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C77DCEE-1FB5-4633-8DEF-A02C55F1F52B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A84C4504-3EDA-44AC-886B-C316CF2D95A3}: DhcpNameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0717666-99DE-4E14-B322-505B7C9031E4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 21:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/23 11:05:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/02/22 20:57:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.com
[2015/02/22 12:36:23 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Desktop\FRST-OlderVersion
[2015/02/22 01:22:30 | 000,401,920 | ---- | C] (Farbar) -- C:\Users\Chosen072\Desktop\MiniToolBox.exe
[2015/02/20 21:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/02/20 21:37:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015/02/20 21:13:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2015/02/20 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Desktop\Virus Log
[2015/02/20 04:08:13 | 000,000,000 | ---D | C] -- C:\FRST
[2015/02/20 04:05:27 | 001,126,912 | ---- | C] (Farbar) -- C:\Users\Chosen072\Desktop\FRST.exe
[2015/02/19 17:10:42 | 001,388,274 | ---- | C] (Thisisu) -- C:\Users\Chosen072\Desktop\JRT.exe
[2015/02/19 16:34:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/18 22:02:27 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chosen072\Desktop\tdsskiller.exe
[2015/02/18 17:20:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015/02/18 17:20:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015/02/18 17:20:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015/02/18 17:06:46 | 005,198,336 | ---- | C] (AVAST Software) -- C:\Users\Chosen072\Desktop\aswMBR.exe
[2015/02/18 17:05:06 | 005,611,903 | R--- | C] (Swearware) -- C:\Users\Chosen072\Desktop\ComboFix.exe
[2015/02/18 14:57:15 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Desktop\Images
[2015/02/17 16:20:16 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/02/17 16:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/17 16:19:20 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/02/17 16:19:19 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/02/17 16:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/02/17 16:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Unchecky
[2015/02/17 13:54:33 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Documents\2015 Tax Return
[2015/02/17 10:49:38 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/02/13 12:33:08 | 002,063,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/02/12 09:21:33 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/02/12 09:21:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/02/12 09:21:27 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/02/12 09:21:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/02/12 09:21:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/02/12 09:21:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/02/12 09:21:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/02/12 09:21:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/02/12 09:21:02 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/02/12 09:21:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/02/12 09:20:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/02/12 09:20:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/01/27 11:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/04 06:28:24 | 063,073,179 | ---- | C] (F.A.S ®                                                     ) -- C:\Users\Chosen072\AppData\Roaming\Virtual_DJ_Setup.exe
[2009/07/26 11:36:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chosen072\AppData\Roaming\pcouffin.sys
[3 C:\Users\Chosen072\Desktop\*.tmp files -> C:\Users\Chosen072\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/23 12:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/23 12:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000UA.job
[2015/02/23 12:15:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/23 12:05:01 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2015/02/23 11:15:12 | 000,645,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/02/23 11:15:12 | 000,120,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/02/23 11:10:20 | 000,000,005 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2015/02/23 11:10:02 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2015/02/23 11:09:37 | 000,178,663 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2015/02/23 11:09:37 | 000,178,663 | ---- | M] () -- C:\ProgramData\nvModes.001
[2015/02/23 11:07:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/23 11:07:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/23 11:07:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/23 11:06:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2015/02/22 23:05:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2015/02/22 20:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.com
[2015/02/22 15:44:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000Core.job
[2015/02/22 15:27:51 | 000,061,440 | ---- | M] ( ) -- C:\Users\Chosen072\Desktop\VEW.exe
[2015/02/22 12:36:23 | 001,126,912 | ---- | M] (Farbar) -- C:\Users\Chosen072\Desktop\FRST.exe
[2015/02/22 01:22:40 | 000,401,920 | ---- | M] (Farbar) -- C:\Users\Chosen072\Desktop\MiniToolBox.exe
[2015/02/21 16:45:43 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/02/20 21:12:57 | 000,002,229 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/02/20 10:58:09 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChosen072.job
[2015/02/20 09:28:25 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2015/02/19 17:10:48 | 001,388,274 | ---- | M] (Thisisu) -- C:\Users\Chosen072\Desktop\JRT.exe
[2015/02/19 16:32:56 | 002,126,848 | ---- | M] () -- C:\Users\Chosen072\Desktop\AdwCleaner.exe
[2015/02/19 13:50:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015/02/18 22:03:14 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chosen072\Desktop\tdsskiller.exe
[2015/02/18 21:59:35 | 000,000,512 | ---- | M] () -- C:\Users\Chosen072\Desktop\MBR.dat
[2015/02/18 17:07:03 | 005,198,336 | ---- | M] (AVAST Software) -- C:\Users\Chosen072\Desktop\aswMBR.exe
[2015/02/18 17:05:14 | 005,611,903 | R--- | M] (Swearware) -- C:\Users\Chosen072\Desktop\ComboFix.exe
[2015/02/17 16:19:51 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/16 17:30:55 | 001,822,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/02/09 11:48:05 | 000,000,680 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\d3d9caps.dat
[2015/02/05 03:07:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/04 15:49:27 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/02/04 15:49:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Users\Chosen072\Desktop\*.tmp files -> C:\Users\Chosen072\Desktop\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/22 15:27:46 | 000,061,440 | ---- | C] ( ) -- C:\Users\Chosen072\Desktop\VEW.exe
[2015/02/20 09:28:25 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2015/02/19 16:32:48 | 002,126,848 | ---- | C] () -- C:\Users\Chosen072\Desktop\AdwCleaner.exe
[2015/02/18 17:20:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015/02/18 17:20:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015/02/18 17:20:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015/02/18 17:20:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015/02/18 17:20:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015/02/17 16:19:51 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 23:42:28 | 000,000,081 | ---- | C] () -- C:\Windows\WF-2540.ini
[2014/02/02 03:18:16 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/02/01 09:56:32 | 000,000,058 | ---- | C] () -- C:\Windows\XP-410.ini
[2014/01/11 09:32:56 | 000,001,050 | ---- | C] () -- C:\Users\Chosen072\request.xml
[2014/01/11 09:32:56 | 000,000,490 | ---- | C] () -- C:\Users\Chosen072\response.xml
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/08/28 05:04:59 | 000,000,072 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\slurlproxy.csv
[2010/02/01 08:48:07 | 000,001,504 | ---- | C] () -- C:\Users\Chosen072\.recently-used.xbel
[2009/12/10 16:13:03 | 000,000,035 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\SetValue.bat
[2009/10/13 09:58:36 | 000,000,269 | ---- | C] () -- C:\Users\Chosen072\Adobe - Shortcut.lnk
[2009/09/09 18:06:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/26 11:36:53 | 000,007,887 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\pcouffin.cat
[2009/07/26 11:36:52 | 000,001,144 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\pcouffin.inf
[2009/07/24 09:50:43 | 000,052,525 | ---- | C] () -- C:\Users\Chosen072\naughty girl.swi
[2009/07/24 09:50:43 | 000,048,662 | ---- | C] () -- C:\Users\Chosen072\naughty girl.sbk
[2009/02/16 04:35:26 | 000,178,663 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/16 04:35:19 | 000,178,663 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/12 07:11:29 | 000,870,128 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\mcs.rma
[2008/04/09 20:37:31 | 000,014,958 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/03/16 14:05:06 | 000,000,680 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\d3d9caps.dat
[2008/03/04 11:30:30 | 000,000,000 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\rx_image.Cache
[2008/01/31 05:02:27 | 000,003,770 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\wklnhst.dat
[2008/01/30 11:21:27 | 000,109,056 | ---- | C] () -- C:\Users\Chosen072\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/30 11:03:45 | 000,027,715 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\nvModes.001
[2008/01/30 07:14:40 | 000,027,715 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\nvModes.dat
[2008/01/30 06:14:36 | 000,031,007 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: TCPMON.DLL >
[2006/11/02 04:46:13 | 000,130,048 | ---- | M] (Microsoft Corporation) MD5=079FDC65148018E64DFCCEA671E8308C -- C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6000.16386_none_d075db5eaa3814ba\tcpmon.dll
[2009/04/11 01:28:24 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\WINDOWS\System32\tcpmon.dll
[2009/04/11 01:28:24 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6002.18005_none_d4981666a444f0da\tcpmon.dll
[2008/01/19 02:36:39 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=F9290D67C4B4B9B31CD3FC8BE73A4C9B -- C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll

< End of report >

#44
RKinner

Posted 23 February 2015 - 02:16 PM

Malware Expert

Expert
24,625 posts

Doesn't seem to have taken. Still shows the file as 0 size. You still have Combofix on your desktop so let's let it try:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

FCopy::

C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll | C:\WINDOWS\System32\tcpmon.dll

C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll | C:\WINDOWS\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6002.18005_none_d4981666a444f0da\tcpmon.dll

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Then run otl as before.

Let's run OTL again to make sure the replace command actually worked.

Copy the text in the code box by highlighting and Ctrl + c

/md5start
tcpmon.dll
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top

Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it to a reply.

I no longer have a Vista PC. Let me ask on our internal forum if someone can post tcpmon.dll for me just in case this doesn't work.

#45
RKinner

Posted 23 February 2015 - 03:14 PM

Malware Expert

Expert
24,625 posts

Attaching a copy of a tcpmon.dll file off another Vista SP2. It should make SFC happy.

save the file then Right Click and Extract ALL. We want it in C:\windows\system32\

The existing file is 0 bytes so it shouldn't be too attached to the current file. Maybe you can just extract it straight to where it goes. IF it won't take it then put the file on the desktop and we will let Combofix move it.