Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD 124, SFC finds errors but cannot repair, cmd box opening/closing


  • Please log in to reply

#1
kristi10

kristi10

    Member

  • Member
  • PipPipPip
  • 111 posts

Hello and thank you in advance for your help.  I am experiencing random computer restarts, which I determined are BSOD 124 although I do not see the BSOD.  In an attempt to determine the problem, I ran SFC and it finds errors but says it can't repair them.  I checked the resulting CBS log and there is a lot in it, but I don't understand most of it.  CHKDSK says things are good.  I don't know if it's related, but the black cmd prompt box randomly opens itself and then lines of text flash too fast to read before it closes again.

 

I've run multiple scans that come up clean, so I don't think the computer is infected, but I know they can be sneaky buggers.

 

If you have any suggestions, I would be very grateful.

 

Kristi


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)  If the file is empty you need to run sfc /scannow again.

 

 

Get BlueScreenView:

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

 

Get the free version of Speccy:

http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  

Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 

 

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


  • 0

#3
kristi10

kristi10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts

Hello RKinner and thank you so much for your help.

 

The CBS and Speccy logs are both attached.

 

Here is the data from the BSOD program:

 

==================================================
Dump File         : 072615-14632-01.dmp
Crash Time        : 7/26/2015 11:16:05 AM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`05e228f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\072615-14632-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/26/2015 11:16:11 AM
==================================================

==================================================
Dump File         : 072515-13260-01.dmp
Crash Time        : 7/25/2015 2:53:59 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`05e108f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\072515-13260-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/25/2015 2:54:02 PM
==================================================

==================================================
Dump File         : 072515-13244-01.dmp
Crash Time        : 7/25/2015 12:17:12 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`0617f8f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\072515-13244-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/25/2015 12:17:14 PM
==================================================

==================================================
Dump File         : 072515-14882-01.dmp
Crash Time        : 7/25/2015 9:30:18 AM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`05e218f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\072515-14882-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/25/2015 9:30:21 AM
==================================================

==================================================
Dump File         : 072415-13416-01.dmp
Crash Time        : 7/24/2015 7:38:31 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`06bc08f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\072415-13416-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/24/2015 7:38:34 PM
==================================================

==================================================
Dump File         : 072415-16816-01.dmp
Crash Time        : 7/24/2015 6:43:28 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`05e1d8f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\072415-16816-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/24/2015 6:43:33 PM
==================================================

==================================================
Dump File         : 071615-14773-01.dmp
Crash Time        : 7/16/2015 5:06:02 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`06c34828
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\071615-14773-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/16/2015 5:06:06 PM
==================================================

==================================================
Dump File         : 071615-14258-01.dmp
Crash Time        : 7/16/2015 1:05:15 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`06c978f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\071615-14258-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/16/2015 1:05:19 PM
==================================================

==================================================
Dump File         : 071415-14430-01.dmp
Crash Time        : 7/14/2015 1:26:03 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`064c48f8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\071415-14430-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/14/2015 1:26:09 PM
==================================================

==================================================
Dump File         : 071415-18220-01.dmp
Crash Time        : 7/14/2015 1:16:53 PM
Bug Check String  :
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`0649e038
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b2efc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18869 (win7sp1_gdr.150525-0603)
Processor         : x64
Crash Address     : ntoskrnl.exe+4b2efc
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\071415-18220-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262,144
Dump File Time    : 7/14/2015 1:17:02 PM
==================================================

 

 

And here is the info from the event viewer:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/07/2015 12:08:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/07/2015 3:16:05 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/07/2015 6:53:59 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/07/2015 4:17:12 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/07/2015 3:49:02 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device F:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 4 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:02 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device I:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 4 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:02 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device G:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 4 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:02 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device J:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 4 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:02 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device H:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 4 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:02 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 25/07/2015 3:49:01 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device J:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:01 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device F:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:01 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device I:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:01 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device H:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:01 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device G:\ (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2015 3:49:01 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 25/07/2015 1:30:18 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/07/2015 11:38:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/07/2015 10:43:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/07/2015 9:06:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/07/2015 5:26:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/07/2015 4:05:35 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user WestFamily-HP\WestFamily SID (S-1-5-21-2394937029-579550273-2574859083-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/07/2015 4:05:35 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user WestFamily-HP\WestFamily SID (S-1-5-21-2394937029-579550273-2574859083-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/07/2015 3:51:08 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user WestFamily-HP\WestFamily SID (S-1-5-21-2394937029-579550273-2574859083-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/07/2015 3:51:07 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user WestFamily-HP\WestFamily SID (S-1-5-21-2394937029-579550273-2574859083-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/07/2015 3:26:32 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 26/07/2015 3:26:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 26/07/2015 3:26:28 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 26/07/2015 3:18:54 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 26/07/2015 3:16:54 PM
Type: Error Category: 0
Event: 20 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Component: AMD Northbridge Error Source: Machine Check Exception Error Type: HyperTransport Watchdog Timeout Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 26/07/2015 3:16:14 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8005e228f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\072615-14632-01.dmp. Report Id: 072615-14632-01.

Log: 'System' Date/Time: 26/07/2015 3:16:13 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 11:14:14 AM on ?7/?26/?2015 was unexpected.

Log: 'System' Date/Time: 25/07/2015 9:25:31 PM
Type: Error Category: 0
Event: 15006 Source: Microsoft-Windows-HttpEvent
Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.

Log: 'System' Date/Time: 25/07/2015 7:03:44 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 25/07/2015 7:03:43 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 25/07/2015 7:03:42 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 25/07/2015 6:56:54 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 25/07/2015 6:54:53 PM
Type: Error Category: 0
Event: 20 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Component: AMD Northbridge Error Source: Machine Check Exception Error Type: HyperTransport Watchdog Timeout Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 25/07/2015 6:54:07 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8005e108f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\072515-13260-01.dmp. Report Id: 072515-13260-01.

Log: 'System' Date/Time: 25/07/2015 6:54:05 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:53:17 PM on ?7/?25/?2015 was unexpected.

Log: 'System' Date/Time: 25/07/2015 5:19:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/07/2015 3:16:54 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 6:54:53 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 5:54:18 PM
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MCUPDA~1.EXE pid (1656) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 25/07/2015 5:54:16 PM
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MCUPDA~1.EXE pid (1656) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 25/07/2015 5:11:15 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 5:09:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/07/2015 4:54:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/07/2015 4:37:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/07/2015 4:06:07 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 4:04:15 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/07/2015 3:51:02 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 3:49:24 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/07/2015 2:04:29 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 1:45:09 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/07/2015 1:44:44 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 1:43:35 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/07/2015 1:31:14 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 25/07/2015 12:28:09 AM
Type: Warning Category: 0
Event: 54 Source: TrueSight
The event description cannot be found.

Log: 'System' Date/Time: 24/07/2015 11:39:36 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 24/07/2015 10:44:40 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/07/2015 12:11:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/07/2015 4:55:32 PM
Type: Error Category: 1
Event: 5010 Source: AVLogEvent
McShield failed to start because it is not trusted. Error Code:a7f40905

Log: 'Application' Date/Time: 25/07/2015 4:55:32 PM
Type: Error Category: 1
Event: 5007 Source: AVLogEvent
Failed to load a dependant module. Error Code:a7f42003

Log: 'Application' Date/Time: 25/07/2015 4:38:33 PM
Type: Error Category: 1
Event: 5010 Source: AVLogEvent
McShield failed to start because it is not trusted. Error Code:a7f40905

Log: 'Application' Date/Time: 25/07/2015 4:38:33 PM
Type: Error Category: 1
Event: 5007 Source: AVLogEvent
Failed to load a dependant module. Error Code:a7f42003

Log: 'Application' Date/Time: 25/07/2015 4:20:01 PM
Type: Error Category: 1
Event: 5010 Source: AVLogEvent
McShield failed to start because it is not trusted. Error Code:a7f40905

Log: 'Application' Date/Time: 25/07/2015 4:20:01 PM
Type: Error Category: 1
Event: 5007 Source: AVLogEvent
Failed to load a dependant module. Error Code:a7f42003

Log: 'Application' Date/Time: 22/07/2015 8:04:54 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: 1414  Start Time: 01d0c4b9a22405a7  Termination Time: 47  Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Report Id: 

Log: 'Application' Date/Time: 22/07/2015 3:45:57 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2 Exception code: 0xc0000005 Fault offset: 0x000000000004ada4 Faulting process id: 0x4190 Faulting application start time: 0x01d0c430ea196851 Faulting application path: C:\Windows\System32\GWX\GWXUX.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 28e136f2-3024-11e5-be23-d48564b1984b

Log: 'Application' Date/Time: 21/07/2015 4:47:24 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2 Exception code: 0xc0000005 Fault offset: 0x000000000004ada4 Faulting process id: 0xf34 Faulting application start time: 0x01d0c370554d807d Faulting application path: C:\Windows\System32\GWX\GWXUX.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 93ca3c50-2f63-11e5-be23-d48564b1984b

Log: 'Application' Date/Time: 20/07/2015 4:58:32 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2 Exception code: 0xc0000005 Fault offset: 0x000000000004ada4 Faulting process id: 0x3da0 Faulting application start time: 0x01d0c30d4da8ad78 Faulting application path: C:\Windows\System32\GWX\GWXUX.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 8d2316cc-2f00-11e5-be23-d48564b1984b

Log: 'Application' Date/Time: 20/07/2015 2:20:21 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2 Exception code: 0xc0000005 Fault offset: 0x000000000004ada4 Faulting process id: 0x2d3c Faulting application start time: 0x01d0c2929f60831d Faulting application path: C:\Windows\System32\GWX\GWXUX.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: dec58faf-2e85-11e5-be23-d48564b1984b

Log: 'Application' Date/Time: 18/07/2015 9:37:45 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file  for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Internet Explorer because of this error.  Program: Internet Explorer File:   The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and  - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.  - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: 00000000 Disk type: 0

Log: 'Application' Date/Time: 18/07/2015 9:37:45 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17909, time stamp: 0x55844c24 Faulting module name: nvwgf2um.dll, version: 10.18.13.5338, time stamp: 0x558aa184 Exception code: 0xc000001d Fault offset: 0x00236961 Faulting process id: 0x1548 Faulting application start time: 0x01d0c197c242d112 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\nvwgf2um.dll Report Id: 3993f0c9-2d95-11e5-be23-d48564b1984b

Log: 'Application' Date/Time: 18/07/2015 10:25:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2 Exception code: 0xc0000005 Fault offset: 0x000000000004ada4 Faulting process id: 0x11e8 Faulting application start time: 0x01d0c14413433ecc Faulting application path: C:\Windows\System32\GWX\GWXUX.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 5209fbf7-2d37-11e5-be23-d48564b1984b

Log: 'Application' Date/Time: 18/07/2015 10:23:22 AM
Type: Error Category: 0
Event: 2001 Source: NvStreamSvc
An error has occurred (Can't open process handle to nvstreamsvc.exe [87]).

Log: 'Application' Date/Time: 17/07/2015 11:15:59 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: wwanapi.dll, version: 6.1.7600.16385, time stamp: 0x4a5be0a8 Exception code: 0xc0000005 Fault offset: 0x00000000000333eb Faulting process id: 0x920 Faulting application start time: 0x01d0c0e660d59861 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\wwanapi.dll Report Id: c85b90d8-2cd9-11e5-974b-d48564b1984b

Log: 'Application' Date/Time: 16/07/2015 11:12:19 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x0000000000000000 Faulting process id: 0xfe8 Faulting application start time: 0x01d0c01c7534c75d Faulting application path: C:\Windows\system32\mmc.exe Faulting module path: unknown Report Id: 1a9c5f8a-2c10-11e5-bd32-d48564b1984b

Log: 'Application' Date/Time: 16/07/2015 11:12:13 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0xfe8 Faulting application start time: 0x01d0c01c7534c75d Faulting application path: C:\Windows\system32\mmc.exe Faulting module path: unknown Report Id: 1739eaa7-2c10-11e5-bd32-d48564b1984b

Log: 'Application' Date/Time: 16/07/2015 10:51:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x0000000000000000 Faulting process id: 0x17ec Faulting application start time: 0x01d0c0194e6e63f5 Faulting application path: C:\Windows\system32\mmc.exe Faulting module path: unknown Report Id: 37b422a0-2c0d-11e5-959c-d48564b1984b

Log: 'Application' Date/Time: 16/07/2015 10:51:33 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x17ec Faulting application start time: 0x01d0c0194e6e63f5 Faulting application path: C:\Windows\system32\mmc.exe Faulting module path: unknown Report Id: 34247398-2c0d-11e5-959c-d48564b1984b

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/07/2015 12:32:13 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-2394937029-579550273-2574859083-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
 A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 26/07/2015 9:39:59 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:36:44 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:32:14 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:28:29 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:24:44 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:20:59 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:16:59 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:12:59 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:09:44 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:05:29 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 9:02:59 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:59:29 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:53:59 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:50:14 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:46:14 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:42:14 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:38:29 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:34:44 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

Log: 'Application' Date/Time: 26/07/2015 8:30:59 AM
Type: Warning Category: 0
Event: 2002 Source: NvStreamSvc
A warning has occured (Can continue stopping. [0]).

 

 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

The files that SFC complained about are known MS screw ups and not a problem so can be ignored per MS:

This update contains the following files that are occasionally updated by the Diagnostic Tracking Service:
  • telemetry.ASM-WindowsDefault.json
  • utc.app.json

The two files are marked as static files in the update. When an advanced user runs the System File Checker Tool (sfc.exe), the files are unintentionally flagged as corrupted. There is no impact or actual corruption on a device running this update, and a later service update will resolve this issue.

 

 

Your bluescreen view is more troublesome.  The file being referenced is a Windows core file and only causes problems when there is some underlying hardware issue.

 

I would run the built-in RAM test.  http://www.sevenforu...stics-tool.html

 

or better the non built-in one:

 

http://www.sevenforu...-memtest86.html

 

Multiple passes are best to insure there is no flakiness and that heat doesn't change the results.

 

 

Finally because of an error in your log

A fatal hardware error has occurred.  Component: AMD Northbridge Error Source: Machine Check Exception Error Type: HyperTransport Watchdog Timeout Error Processor ID: 0  The details view of this entry contains further information.

 

I would check the PC maker's website for a newer BIOS and also a chipset utility.  What is the make and model of the PC?

 

Speccy show your hard drive is having some problems:
 

 

Attribute name    Reported Uncorrectable Errors
                                            Real value    1,674
                                            Current    100
                                            Worst    1
                                            Threshold    0
                                            Raw Value    000000068A
                                            Status    Good
                                        BC
                                            Attribute name    Command Timeout
                                            Real value    270
                                            Current    100
                                            Worst    1
                                            Threshold    0
                                            Raw Value    000000010E
                                            Status    Good

 

Despite what the Status lines say these are not good.  You might want to get a replacement drive and clone it before it fails. 

Your event log shows a lot of errors associated with McAfee and NVIDIA.  I would look for updated versions or reinstall the current versions and see if some of the errors go away.  (Actually I am no fan of McAfee so would probably replace it with the free Avast.)  Your NVIDIA graphics card is running a bit warm.  Does it have a separate fan and is it running?

 

Temp for the CPU looks good but this can change with load (a hot PC will often make errors) so you might want to run Speedfan:

 

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)

It will tell you your temps in real time. (If you click on Configure then on Core you can check Show in Tray then OK  and even when minimized it will show the Core temp in the system tray (near the clock),  If you don't see it then Windows is hiding it.  Click on the up arrow to the left of the icons near the clock and  Customize.  Find Speedfan and change it to Show Icons and Notifications.  ) Leave it up and run something like a video or a scan or maybe sfc /scannow again and see if the temps climb into the 60s or higher.
 

 

 

I like to clear the event logs, reboot and then see what errors I am still getting:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

 

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

I am curious about your command window.  There are some scans I am not allowed to run outside of the malware forum which would probably show what was happening so I am going to get this topic moved to the malware forum by one of the admins. 


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

In addition to the previous post I have had us moved to the malware forum so now we can look for your command window.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.  (You need the 64 bit version)
 

  • Right click to run as administrator ( When the tool opens click Yes to disclaimer.
  • click on the Addition.txt box.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


  • 0

#6
kristi10

kristi10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts

Here are the logs for Farbar.  I am working on the items from your earlier email also, thanks.

 

One thing to note, the video card does have a fan, so I checked and it is not working.  It stutters a bit here and there, so is getting power.  I removed, cleaned and re-seated it but no luck.  Guess I am in need of a new card and a hard drive both.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by WestFamily (administrator) on WESTFAMILY-HP (26-07-2015 15:33:17)
Running from C:\Users\WestFamily\Desktop
Loaded Profiles: WestFamily (Available Profiles: WestFamily & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Curse) C:\Users\WestFamily\AppData\Local\Apps\2.0\3YCWN37G.W9G\123KGJR5.J0Y\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\Users\WestFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-25] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2394937029-579550273-2574859083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2394937029-579550273-2574859083-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.protopage.com/kristiwest
HKU\S-1-5-21-2394937029-579550273-2574859083-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM -> {76F76EDF-2988-4A2A-B29A-C081B8BAD1DB} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 -> {76F76EDF-2988-4A2A-B29A-C081B8BAD1DB} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2394937029-579550273-2574859083-1000 -> {46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKU\S-1-5-21-2394937029-579550273-2574859083-1000 -> {76F76EDF-2988-4A2A-B29A-C081B8BAD1DB} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2394937029-579550273-2574859083-1000 -> {F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA} URL = http://search.yahoo....psg&type=HPDTDF
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} https://fpdownload.m...director/sw.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{2A020CF5-DFEC-4FCE-A7EA-4028697FD5C4}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}: [DhcpNameServer] 192.168.254.254 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-24] (NVIDIA Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2394937029-579550273-2574859083-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
S4 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 HomeNetSvc; No ImagePath
S2 HP Support Assistant Service; No ImagePath
S2 LightScribeService; No ImagePath
S4 McAPExe; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 MFE_RR; \??\C:\Users\WESTFA~1\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 15:33 - 2015-07-26 15:33 - 00016783 _____ C:\Users\WestFamily\Desktop\FRST.txt
2015-07-26 15:32 - 2015-07-26 15:33 - 00000000 ____D C:\FRST
2015-07-26 15:31 - 2015-07-26 15:31 - 02146816 _____ (Farbar) C:\Users\WestFamily\Desktop\FRST64.exe
2015-07-26 12:07 - 2015-07-26 12:07 - 00061440 _____ ( ) C:\Users\WestFamily\Desktop\VEW.exe
2015-07-26 12:02 - 2015-07-26 12:04 - 00085956 _____ C:\Users\WestFamily\Desktop\Speccy.txt
2015-07-26 11:53 - 2015-07-26 11:53 - 00036838 _____ C:\Users\WestFamily\Desktop\BSOD.txt
2015-07-26 11:16 - 2015-07-26 11:16 - 00262144 ____N C:\Windows\Minidump\072615-14632-01.dmp
2015-07-25 14:54 - 2015-07-25 14:54 - 00262144 ____N C:\Windows\Minidump\072515-13260-01.dmp
2015-07-25 12:17 - 2015-07-25 12:17 - 00262144 ____N C:\Windows\Minidump\072515-13244-01.dmp
2015-07-25 12:00 - 2015-07-25 12:00 - 00000000 ____D C:\Users\WestFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-25 11:47 - 2015-07-25 11:56 - 00000000 ____D C:\AdwCleaner
2015-07-25 11:47 - 2015-07-25 11:47 - 02248704 _____ C:\Users\WestFamily\Desktop\AdwCleaner.exe
2015-07-25 09:30 - 2015-07-25 09:30 - 00262144 ____N C:\Windows\Minidump\072515-14882-01.dmp
2015-07-24 19:38 - 2015-07-24 19:38 - 00262144 ____N C:\Windows\Minidump\072415-13416-01.dmp
2015-07-24 18:43 - 2015-07-24 18:43 - 00262144 ____N C:\Windows\Minidump\072415-16816-01.dmp
2015-07-21 18:25 - 2015-07-21 19:27 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-07-21 18:25 - 2015-07-21 18:25 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-21 09:32 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 09:32 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:32 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 09:32 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 09:32 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 09:32 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 09:32 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 09:32 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 09:32 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 09:32 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-17 00:50 - 2015-07-17 00:50 - 00000000 ____D C:\Users\WestFamily\AppData\Local\CEF
2015-07-16 18:50 - 2015-07-16 18:50 - 00000000 ____D C:\Users\WestFamily\AppData\Roaming\WinBatch
2015-07-16 17:06 - 2015-07-16 17:06 - 00262144 ____N C:\Windows\Minidump\071615-14773-01.dmp
2015-07-16 13:05 - 2015-07-16 13:05 - 00262144 ____N C:\Windows\Minidump\071615-14258-01.dmp
2015-07-15 11:48 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 11:48 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 11:48 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 11:48 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 11:48 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 11:48 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 11:48 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 11:48 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 11:48 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 11:48 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 11:48 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 11:48 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 11:48 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:48 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 11:48 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:48 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:48 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 11:48 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:48 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 11:48 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:48 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:48 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 11:48 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:48 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 11:48 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 11:48 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 11:48 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 11:48 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 11:48 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 11:48 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 11:48 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:48 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:48 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 11:48 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 11:48 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:48 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 11:48 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:48 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:48 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 11:48 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 11:48 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:48 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 11:48 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 11:48 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:48 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:48 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:48 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 11:48 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:48 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 11:48 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:48 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 11:48 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 11:48 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 11:48 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 11:48 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 11:48 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 11:48 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 11:48 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 11:48 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 11:48 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 11:48 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 11:48 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 11:48 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 11:48 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 11:48 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 11:48 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 11:48 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 11:48 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 11:48 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 11:48 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 11:48 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 11:48 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 11:48 - 2015-06-09 14:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 11:48 - 2015-06-09 14:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 11:48 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 11:48 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 11:47 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 11:47 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 11:47 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 11:47 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 11:47 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 11:47 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 11:47 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 11:47 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 11:47 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 11:47 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 11:47 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 11:47 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 11:47 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 11:47 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 11:47 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 11:47 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 11:47 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 11:47 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 11:47 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 11:47 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 11:47 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:47 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 11:47 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 11:47 - 2015-06-11 13:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 11:47 - 2015-06-11 13:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 11:47 - 2015-06-11 13:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 11:47 - 2015-06-11 13:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 11:47 - 2015-06-11 13:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 11:47 - 2015-06-11 13:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 11:47 - 2015-06-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 11:46 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 11:46 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 11:46 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 11:46 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 11:46 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 11:46 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 11:46 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 11:46 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 11:46 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 11:46 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 11:46 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 11:46 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 11:46 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 11:46 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 11:46 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 11:46 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 11:46 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 11:46 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 11:46 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 11:46 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 13:26 - 2015-07-14 13:26 - 00262144 ____N C:\Windows\Minidump\071415-14430-01.dmp
2015-07-14 13:17 - 2015-07-14 13:17 - 00262144 ____N C:\Windows\Minidump\071415-18220-01.dmp
2015-07-12 13:12 - 2015-07-12 13:12 - 00262144 ____N C:\Windows\Minidump\071215-16754-01.dmp
2015-07-11 01:45 - 2015-07-11 01:45 - 00000000 __SHD C:\found.004
2015-07-03 09:24 - 2015-07-03 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-03 09:24 - 2015-07-03 09:24 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-03 01:05 - 2015-07-03 01:05 - 00262144 ____N C:\Windows\Minidump\070315-20560-01.dmp
2015-07-02 23:33 - 2015-07-02 23:33 - 00262144 ____N C:\Windows\Minidump\070215-69108-01.dmp
2015-07-02 23:24 - 2015-06-24 08:58 - 00571208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-02 23:19 - 2015-06-24 16:17 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 16146208 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 15225984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 13264256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 12856424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 11832048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 11011400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-02 23:19 - 2015-06-24 16:17 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 02599568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435338.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435338.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 00974992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 00155464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 00151840 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-02 23:19 - 2015-06-24 16:17 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-02 23:05 - 2015-07-02 23:05 - 00262144 ____N C:\Windows\Minidump\070215-12542-01.dmp
2015-07-02 22:53 - 2015-07-02 22:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-07-02 22:53 - 2015-07-02 22:53 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-07-02 22:53 - 2015-07-02 22:53 - 00000000 ____D C:\Program Files\Realtek
2015-07-02 22:52 - 2015-06-18 18:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-07-02 22:52 - 2015-06-18 17:59 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-07-02 22:52 - 2015-06-17 19:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-07-02 22:52 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-07-02 22:52 - 2015-06-15 17:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-07-02 22:52 - 2015-05-26 11:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-07-02 22:52 - 2015-05-18 14:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-07-02 22:52 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-07-02 22:52 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-07-02 22:52 - 2015-02-04 00:38 - 01413776 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-07-02 22:52 - 2015-02-04 00:38 - 00454288 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-07-02 22:52 - 2015-02-04 00:38 - 00369296 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-07-02 22:52 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-07-02 22:52 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-07-02 22:52 - 2014-12-11 08:10 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-07-02 22:52 - 2014-12-11 08:10 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-07-02 22:52 - 2014-12-11 08:10 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-07-02 22:52 - 2014-12-11 08:10 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-07-02 22:52 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-07-02 22:52 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-07-02 22:52 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-07-02 22:52 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-07-02 22:52 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-07-02 22:52 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-07-02 22:52 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-07-02 22:52 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-07-02 22:52 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-07-02 22:52 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-07-02 22:52 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-07-02 22:51 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-07-02 22:50 - 2015-06-02 19:25 - 01576976 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-07-02 22:50 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-07-02 22:50 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-07-02 22:50 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-07-02 22:28 - 2015-07-02 22:28 - 00000000 ____D C:\Users\WestFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2015-07-02 22:28 - 2015-07-02 22:28 - 00000000 ____D C:\Program Files (x86)\NirSoft
2015-07-02 22:27 - 2015-07-02 22:27 - 00141864 _____ C:\Users\WestFamily\Desktop\bluescreenview_setup.exe
2015-07-02 22:21 - 2015-07-02 22:21 - 00262144 ____N C:\Windows\Minidump\070215-16629-01.dmp
2015-07-02 22:10 - 2015-07-02 22:10 - 00262144 _____ C:\Windows\Minidump\070215-18751-01.dmp
2015-07-02 18:58 - 2015-07-02 19:00 - 290964592 _____ (NVIDIA Corporation) C:\Users\WestFamily\Desktop\353.38-desktop-win8-win7-winvista-64bit-international.hf.exe
2015-07-02 17:23 - 2015-07-02 17:23 - 00262144 _____ C:\Windows\Minidump\070215-13884-01.dmp
2015-07-02 15:38 - 2015-06-24 16:17 - 17724792 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-02 15:38 - 2015-06-24 16:17 - 15868192 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-02 15:38 - 2015-06-24 16:17 - 03395832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-02 15:09 - 2015-06-24 16:17 - 00113984 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-07-02 15:09 - 2015-06-24 16:17 - 00106304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-07-02 15:09 - 2015-06-24 09:10 - 06873416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-02 15:09 - 2015-06-24 09:10 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-02 15:09 - 2015-06-24 09:10 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-02 15:09 - 2015-06-24 09:10 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-02 15:09 - 2015-06-24 09:10 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-02 15:09 - 2015-06-24 09:10 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-02 15:09 - 2015-06-02 13:29 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-07-02 14:24 - 2014-11-12 20:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2015-07-02 14:24 - 2014-11-12 20:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2015-07-02 13:26 - 2015-07-02 13:26 - 00003282 _____ C:\Windows\System32\Tasks\{F2A9409F-180C-497C-9A8D-6D8D619402A8}
2015-07-02 12:47 - 2015-03-13 23:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-02 12:47 - 2015-03-13 23:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-02 12:47 - 2015-03-13 23:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-07-02 12:47 - 2015-03-13 23:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-07-02 12:46 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-02 12:46 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-02 12:46 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-02 12:46 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-02 12:46 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-02 12:46 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-02 12:46 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-02 12:45 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-01 23:47 - 2015-07-02 11:45 - 00000000 ____D C:\Users\WestFamily\AppData\Roaming\Skype
2015-07-01 23:47 - 2015-07-01 23:47 - 00000000 ____D C:\Users\WestFamily\AppData\Local\Skype
2015-07-01 23:00 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 15:30 - 2012-12-04 09:43 - 00000000 ____D C:\Users\WestFamily\Documents\Kristi's
2015-07-26 15:27 - 2013-08-11 20:46 - 00000000 ____D C:\ProgramData\Radialpoint
2015-07-26 14:53 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 14:53 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-26 14:50 - 2010-08-26 04:06 - 01803757 _____ C:\Windows\WindowsUpdate.log
2015-07-26 14:48 - 2012-12-01 18:30 - 00000000 ____D C:\Users\WestFamily\AppData\Local\Deployment
2015-07-26 14:47 - 2012-11-28 20:28 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-26 14:47 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 14:47 - 2009-07-14 00:51 - 00113322 _____ C:\Windows\setupact.log
2015-07-26 11:16 - 2015-02-04 12:35 - 00000000 ____D C:\Windows\Minidump
2015-07-26 11:09 - 2013-10-25 22:03 - 00000000 ____D C:\Users\WestFamily\AppData\Local\Battle.net
2015-07-26 03:16 - 2015-01-16 00:20 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F94117D6-BE91-4168-B768-84BF605A5D7D}
2015-07-25 13:50 - 2012-11-27 22:15 - 00000000 ____D C:\ProgramData\Recovery
2015-07-25 12:34 - 2012-11-28 19:28 - 00000000 ____D C:\Users\WestFamily
2015-07-25 12:34 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-07-25 12:17 - 2013-07-31 11:12 - 03359232 ___SH C:\Users\WestFamily\Desktop\Thumbs.db
2015-07-25 09:36 - 2015-04-04 14:28 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 20:28 - 2014-12-20 23:24 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-24 20:12 - 2014-12-21 00:10 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-24 18:43 - 2014-03-02 23:22 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-24 18:43 - 2012-11-27 21:21 - 00439638 _____ C:\Windows\PFRO.log
2015-07-22 18:11 - 2013-07-05 09:43 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForWestFamily
2015-07-22 18:11 - 2013-07-05 09:43 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForWestFamily.job
2015-07-22 16:25 - 2013-04-11 11:16 - 00000000 ____D C:\ProgramData\McAfee
2015-07-22 03:17 - 2009-07-14 00:45 - 00328864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 23:46 - 2014-12-20 23:39 - 00000000 ____D C:\Users\WestFamily\AppData\Local\CrashDumps
2015-07-21 18:04 - 2014-09-24 12:55 - 00000000 ____D C:\Users\WestFamily\Documents\Financial
2015-07-17 19:33 - 2012-12-02 15:42 - 00000000 ____D C:\Windows\pss
2015-07-17 19:16 - 2015-03-27 19:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 19:08 - 2013-07-05 09:31 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-16 18:50 - 2012-11-28 19:28 - 00083040 _____ C:\Users\WestFamily\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-16 18:49 - 2012-11-28 20:01 - 00000000 ____D C:\Users\WestFamily\AppData\Local\Hewlett-Packard
2015-07-16 18:40 - 2010-08-26 04:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-16 17:45 - 2013-08-08 17:53 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 13:26 - 2012-12-04 09:37 - 00000000 ____D C:\Users\WestFamily\Desktop\Devan
2015-07-16 13:18 - 2014-12-30 21:02 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-16 13:18 - 2013-10-10 11:52 - 00000000 ____D C:\ProgramData\Oracle
2015-07-16 13:16 - 2015-04-10 10:03 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-16 13:13 - 2014-08-22 11:35 - 00000000 ____D C:\Users\WestFamily\AppData\Local\Adobe
2015-07-16 13:13 - 2012-11-30 21:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 13:13 - 2012-11-30 21:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 11:46 - 2012-11-30 23:19 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-07-16 04:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:20 - 2014-12-10 04:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:20 - 2014-05-02 11:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:00 - 2015-04-04 14:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-14 19:48 - 2015-04-10 10:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-14 19:46 - 2014-12-27 18:26 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-05 09:31 - 2012-11-28 20:38 - 00007628 _____ C:\Users\WestFamily\AppData\Local\Resmon.ResmonCfg
2015-07-03 17:03 - 2015-03-27 19:45 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-03 17:03 - 2015-03-27 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-03 17:03 - 2015-03-27 19:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-03 14:54 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-03 08:43 - 2012-11-28 21:10 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 23:24 - 2014-12-30 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-02 23:24 - 2012-11-28 20:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-02 23:24 - 2012-11-28 20:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-02 23:21 - 2013-07-30 18:47 - 00000000 ____D C:\NvidiaLogging
2015-07-02 22:54 - 2010-08-26 04:07 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-07-02 22:50 - 2010-08-26 04:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-02 17:12 - 2012-11-30 23:19 - 00001238 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2015-07-02 16:33 - 2014-12-04 18:51 - 00000000 ____D C:\Users\WestFamily\Desktop\Kristi Phone
2015-07-02 16:28 - 2015-03-06 20:11 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-07-02 16:26 - 2013-10-25 22:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-02 16:10 - 2015-06-02 19:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-02 15:59 - 2012-11-28 20:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-02 15:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2015-07-02 14:46 - 2015-01-13 16:22 - 00000000 ____D C:\Temp
2015-07-02 13:51 - 2014-12-30 21:29 - 00001379 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-02 13:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-02 11:47 - 2015-03-27 18:40 - 00000000 ____D C:\ProgramData\pdf995
2015-07-02 11:47 - 2014-03-02 21:55 - 00000000 ____D C:\Users\Administrator
2015-07-02 11:47 - 2014-03-02 01:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-02 11:47 - 2013-10-25 22:03 - 00000000 ____D C:\Users\WestFamily\AppData\Roaming\Battle.net
2015-07-02 11:47 - 2012-11-30 21:40 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-02 11:47 - 2010-08-26 04:16 - 00000000 ____D C:\ProgramData\CinemaNow
2015-07-02 11:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2015-07-02 11:45 - 2010-08-26 04:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-07-02 11:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

==================== Files in the root of some directories =======

2014-12-23 00:24 - 2014-12-23 00:24 - 0004096 ____H () C:\Users\WestFamily\AppData\Local\keyfile3.drm
2012-11-28 20:38 - 2015-07-05 09:31 - 0007628 _____ () C:\Users\WestFamily\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\WestFamily\AppData\Local\Temp\BCUCInstaller.exe
C:\Users\WestFamily\AppData\Local\Temp\dllnt_dump.dll
C:\Users\WestFamily\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aaa_aih.exe
C:\Users\WestFamily\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
C:\Users\WestFamily\AppData\Local\Temp\java-installer.exe
C:\Users\WestFamily\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\WestFamily\AppData\Local\Temp\mbam-setup.exe
C:\Users\WestFamily\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\WestFamily\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\WestFamily\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\WestFamily\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\WestFamily\AppData\Local\Temp\nvStInst.exe
C:\Users\WestFamily\AppData\Local\Temp\printcreations_3.0.255.500_patch_intl.exe
C:\Users\WestFamily\AppData\Local\Temp\sp58915.exe
C:\Users\WestFamily\AppData\Local\Temp\uninstall.exe
C:\Users\WestFamily\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\WestFamily\AppData\Local\Temp\UninstallHPTCA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-23 00:03

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by WestFamily at 2015-07-26 15:34:20
Running from C:\Users\WestFamily\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2394937029-579550273-2574859083-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2394937029-579550273-2574859083-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2394937029-579550273-2574859083-1005 - Limited - Enabled)
WestFamily (S-1-5-21-2394937029-579550273-2574859083-1000 - Administrator - Enabled) => C:\Users\WestFamily

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Curse Client (HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Kentucky 2012 (HKLM-x32\...\{B1663805-6A09-4C31-934A-8D01FA1667C4}) (Version: 1.12.3401 - HRB Technology, LLC.)
H&R Block Kentucky 2013 (HKLM-x32\...\{6884FBCF-02ED-489B-AD1B-5E28AE05AC9D}) (Version: 1.13.3101 - HRB Technology, LLC.)
H&R Block Kentucky 2014 (HKLM-x32\...\{F61A9E13-B840-4362-89BB-51C2BC777996}) (Version: 1.14.2601 - HRB Technology, LLC.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
Landmark (HKLM-x32\...\Steam App 297810) (Version:  - Sony Online Entertainment)
Landmark Beta (HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\SOE-Landmark Beta) (Version:  - Sony Online Entertainment)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA 3D Vision Driver 353.38 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.38 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.38 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.38 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - )
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SmartMusic (HKLM-x32\...\{42B1BDFC-9AF7-42C4-BC3C-EAED79D4DBEB}) (Version: 1.1.2204 - MakeMusic, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.5 - Tweaking.com)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2394937029-579550273-2574859083-1000_Classes\CLSID\{8f113057-f698-4e24-9ed9-00454180b814}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2394937029-579550273-2574859083-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\WestFamily\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\RobloxProxy64.dll No File

==================== Restore Points =========================

16-07-2015 03:00:30 Windows Update
16-07-2015 17:40:44 Windows Update
16-07-2015 18:39:20 Installed HP Support Solutions Framework
22-07-2015 03:00:20 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-06-04 09:46 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14FBFBD5-D97D-41E4-A5ED-3FE7FB47AE63} - System32\Tasks\{B107DAA4-D37D-4F8D-9B74-56B78501EE96} => pcalua.exe -a E:\Bin\assetup.exe -d E:\
Task: {1515BA7A-AB52-41F2-B5AE-45116A20DCE4} - System32\Tasks\{CA31C993-2DAE-4AE3-A0F6-3DCF4A49F1D2} => pcalua.exe -a "K:\Samsung Monitor Driver\20060217162527468_SM730BA.exe" -d "K:\Samsung Monitor Driver"
Task: {35B9B48E-BE47-4ED0-9B1E-B4F9A0A11863} - System32\Tasks\{F2A9409F-180C-497C-9A8D-6D8D619402A8} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {3A2F1879-D1F1-49AF-A3E3-D4EDEE861C7F} - System32\Tasks\{1BE506F3-D675-43E0-A3E4-E6911FB2CF21} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WAEJVIJB\AdobeAIRInstaller.exe" -d C:\Users\WestFamily\Desktop
Task: {464463F9-E861-4EDB-B16B-CA2BBE20AC06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-29] (Hewlett-Packard)
Task: {49A9AB55-850C-4E8A-A710-D93F5844E473} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {577ECD9F-987C-437D-8426-C1E368D9BDA0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {584A0A8B-D989-412C-A57F-BFB0CC3AA63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {592C26FB-4EC0-4653-9EFF-73E6E85BBF81} - System32\Tasks\HPCeeScheduleForWestFamily => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {5AB44427-E06B-4F19-95E9-ED321224F680} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {77385F57-E16B-41D9-98E4-D043C4312BF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {8C268C82-26DA-42C0-9C99-4443FA26F887} - System32\Tasks\{8ADAAA59-C348-4D5B-9ADA-B688F9151AE3} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UERQDH5Z\AdobeAIRInstaller.exe" -d C:\Users\WestFamily\Desktop
Task: {8D080A2D-8A51-41B1-B295-7EB7318B428E} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {AD11A397-961C-4DC2-AB77-72F698C8F630} - System32\Tasks\{08A82BD2-DBD6-43D4-9C3C-6E013FEFFE6F} => pcalua.exe -a "C:\Users\WestFamily\Desktop\Samsung Monitor Driver\20060217162527468_SM730BA.exe" -d "C:\Users\WestFamily\Desktop\Samsung Monitor Driver"
Task: {B7BA730B-4FEA-4444-AEDF-042EF635D88A} - System32\Tasks\{77880F7E-9B23-4900-B9EF-3B4B0E1971B1} => pcalua.exe -a C:\Users\WestFamily\Desktop\McPreInstall.exe -d C:\Users\WestFamily\Desktop
Task: {C10E016D-3817-44FF-B506-4A1D68A066F3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CA6E5566-19C4-47EC-86C6-DE66E2A11016} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CCC9CB53-01CC-48E4-BD6B-A88B414FBF40} - System32\Tasks\{054A3506-C5C4-481E-BDCA-0B5CA7DCF2DE} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAN2XZSP\AdobeAIRInstaller.exe" -d C:\Users\WestFamily\Desktop
Task: {D76394F0-73EB-4D42-B990-584F9A956810} - System32\Tasks\{8EB920F4-AA2D-4BED-B5D2-44BCD01D0B9B} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5F92XKA\setup.exe" -d C:\Users\WestFamily\Desktop
Task: {D8F80EB8-542C-4DD4-8CC3-164D8D39CD1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-06] (Microsoft)
Task: {DC9A8BBF-B161-4463-B129-84DE0CB5E15C} - System32\Tasks\{84C88415-6C3D-40B5-8037-FC020651506F} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding"
Task: {E4EFBF03-4ECB-44AB-9B27-1270D832A2D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E9386D78-9D7F-4134-9114-238195259DEA} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {E9AC1C3C-071F-4AC1-B66C-FCCA3C090633} - System32\Tasks\{4F4F6D93-B496-4A90-B2D9-7A7F9CDECC5A} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
Task: {F69339F6-10D7-4B45-AC67-CAAFD6C5A9D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-29] (Hewlett-Packard)
Task: {F8DC7892-89E0-4BF8-AF8F-27D0495CAC90} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FDD8276C-9DAB-4F33-873D-B503B7A54D0D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForWestFamily.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-02 15:09 - 2015-06-24 09:10 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-27 18:40 - 2012-04-26 15:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-18 13:21 - 2010-01-18 13:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2015-06-20 17:35 - 2015-06-20 17:35 - 00016384 ____N () C:\Users\WestFamily\AppData\Local\Apps\2.0\3YCWN37G.W9G\123KGJR5.J0Y\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
2015-06-20 17:35 - 2015-06-20 17:35 - 00035840 ____N () C:\Users\WestFamily\AppData\Local\Apps\2.0\3YCWN37G.W9G\123KGJR5.J0Y\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
2015-03-30 16:26 - 2015-06-24 07:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2394937029-579550273-2574859083-1000\...\windstreamonline.com -> hxxps://www.windstreamonline.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2394937029-579550273-2574859083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\WestFamily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: HsdService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^WestFamily^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: DiagnosticTools.exe => "C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Windstream Service Agent.exe => "C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe" /AUTORUN

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0A242250-71EB-40AF-98EA-A8D2BA9FAD97}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{78CA9CD6-AF75-4057-9273-7FD3E0D0DE59}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{D5E22F02-5FF1-4F18-BDD3-68F3143F9A51}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{3CDB3213-2A0B-47E6-83FF-8D0931C4B993}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{F873C28E-0114-4791-BBAC-BBDFD16581F3}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{0FCC74EF-42AA-42CC-B617-557706016180}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{5307921B-5561-431A-A0F4-BF3E0B392D3F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{1305F363-B0EA-43C5-AF26-F0CFD109A4D9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{ACEABC2F-6540-4CE0-9601-ADB3FA0CFC45}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{3329D196-738A-45FE-A807-ADDBE6EE23B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{BFBE558B-6D24-47EB-8D7A-A1434F2BAFFA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{B9C87587-7724-4D60-B5D8-EF016AA32643}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{67D00B99-74C5-4FE8-AB6C-DA3FCE264ED7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{D92892B1-EBC5-4042-B7E6-F44251D91CEB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{EC61C448-6467-46D0-9B93-B800BECE5D61}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D37D7B18-4275-41DE-A8AD-D23D260B776A}] => (Allow) svchost.exe
FirewallRules: [{E5283DFA-5533-4E42-92AE-19AD27245621}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{613C28F9-0606-4954-B7B8-1A96A8FA28C6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C4CFE748-E6A4-4B0C-9DEC-16044E898083}] => (Allow) LPort=2869
FirewallRules: [{F7C87D0D-1877-4AFA-A270-21C8B39BC4F0}] => (Allow) LPort=1900
FirewallRules: [{7908CD6D-C1D2-4B62-8EFE-9D3838CD153D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{F9D2746F-E85A-4E79-B9C1-0A293CA95A9E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{6125DD20-AEC9-448A-BBD7-09E93E4B4170}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{E29C62DC-616C-4352-9DF7-5EC97D0A9708}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{17195787-FE04-4CEA-8A35-3445C6BAC875}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{3112012A-E40A-4053-855B-D3A45F11D2C5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{FC3E3736-505F-4748-B15E-08F2B60AC818}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BEF9DF85-D987-4B75-948D-866271E787B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{D620326E-BE98-401D-A8B3-892563CDC8D2}] => (Allow) LPort=3724
FirewallRules: [{498654AA-81AF-41C2-8F7A-6F3B0FBA5DDC}] => (Allow) LPort=1119
FirewallRules: [{7E958CC5-3219-4C8A-8A1F-B554585093B2}] => (Allow) LPort=1120
FirewallRules: [{D0146FB3-1F44-4A0C-BDF8-0E599909C54A}] => (Allow) LPort=4000
FirewallRules: [{8261731E-E551-4D4D-B097-3C186FD37E02}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{33BCC5AD-8CF6-4EAB-BD1E-814D9111A27C}] => (Allow) C:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{193B7B8F-0951-4369-8A78-87D6F6F01C8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{15447E30-CD42-4C28-AD89-A9609DA2A851}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{6CD72999-9E47-4DFE-BE99-B3094E1EF62E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{7EA7420F-3D51-4985-8616-365D0EE75E20}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [TCP Query User{B3F0D915-1848-4B4D-A4E9-E748F6BC0EBA}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{DC816890-AFC2-43DA-96B0-4D0B5D955BB0}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{6E070B15-68B7-4F39-A77B-ECEF67E62AAA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3FB2E47E-CDDA-477A-BEDE-A146619ADD1F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6E78A015-B50E-4C5F-868D-F71A2C0BBD6B}C:\programdata\battle.net\agent\agent.1737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1737\agent.exe
FirewallRules: [UDP Query User{F540DADB-D9DB-47C3-800C-B839CD425B68}C:\programdata\battle.net\agent\agent.1737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1737\agent.exe
FirewallRules: [{7CF76F5E-DBA9-4CE1-A0FE-E4E4EE6F9BC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9508142-98AC-4837-8CD4-79AEB2F81B06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86967C7B-4D50-4236-82C6-1E15B90CEA9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{216D2FF8-D3FD-4BAF-AA04-5772B45920CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71B9FEC5-5214-4D68-9C4E-AF6D003EEBDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{22ED9C3B-8DF9-4101-BB04-B064B09522AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{711D3E8C-5561-477A-9A67-B1E338D1ECD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27A656F8-AC4F-43A7-A931-C5848940FA67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D1BC88FF-1F0F-4296-9643-D888022A38F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{814A56E9-94FC-44E1-95D4-73105A2778AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{41D92E16-B6D1-425F-8CE8-E6846D6F6D71}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{7B7DA972-2938-4AAD-9F1A-2FB2BE5E0B31}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{E82B30F8-5788-4FF8-BA3C-F00EFAE706B8}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{D5AA101F-A908-4A17-8598-FB98741A31B4}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [TCP Query User{214E5C98-F0B5-4B24-B9B0-16AC981F893A}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{096E984F-7F09-4E33-A898-41F777B9799D}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{B69F0186-2A82-4FB8-82B4-2B616D0A3007}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1F1BE908-CEAB-45D1-8A0F-974D247B5A6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{16170549-5E23-4978-9CE3-6D8AD69D0D58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20357B7F-A494-4035-AA45-6AD877F0709B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BA38B7D1-6337-4C3E-8802-0A26A47364CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C8CEF225-4E44-4C5C-A2A6-27F26F8C0C8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{939093BD-0E27-4EEF-8B77-E0A61FBCF7D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D0E24C67-51B7-49BF-BB3B-D6817F0DE5EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E9C7B9EF-329C-4C5E-8B86-38E03D2C8DFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{04B155F6-C9DC-4BCB-8CD7-1346500370BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E0FFCD80-69B9-4533-A968-498E3359C819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4F6DE6E4-2D0A-41E8-9941-08995985797A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BABF83B3-E1CA-40DC-B0F7-2AFBE9C7F6C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2C86C8AD-6152-439F-AAD9-3777D29C91FB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4038D173-4F6F-47FC-BAA0-9CF71F6F249C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F6F401FA-8003-49CC-B425-911C95B6EB84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{19B1477C-37D3-4EE7-9811-6AFA5EA7D724}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{69C13F3D-6A76-4C15-8358-C9FC7FD0D3BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ADA5BCD7-D627-4368-96F7-91311606E2E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{321B3B13-8D39-4B6D-98E2-F03F454D02FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{83FFE0A7-46E9-4DEF-8551-9796D6E0152E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{CE5C9B24-74F3-4D73-8A41-F65908B1B3D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{11377A4A-73F7-4BDC-8A76-0A21D4ACC1CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{FD224C4D-4DB8-451D-B9E8-3B12E2B45DD0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{F7A91F74-801A-4799-BB71-AE9409685B38}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{625CB227-4B44-442C-9A99-81D1956644DB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{FC07DB0E-E353-40CC-9F0A-4EC2265AD9E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{82F18E02-10C5-4AF8-8792-13B8834B0308}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0D39D12E-AEC8-40AE-A5A8-4516DAAECDD1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D8D96906-DCBB-4848-8C78-ACA84359D337}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{B9683037-402D-4E79-AAA7-ED113C9F0ADD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{D218EC16-6C1A-47DC-AB4E-9A8BE335AC21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{3FF33A30-AD42-4A61-8BEA-F2DBBED43CF3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{7CC58E76-F24B-4D7E-A9B4-0AE3D1D48B1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{F353A5CE-DE41-44A9-9DB4-9967175045AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{BE575406-80E4-45D2-9558-395A24030C77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{6234E957-15A9-4D22-979D-FCDBC2EB2BEE}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3A1EECC5-C8C8-4DD6-A7E3-99C3BE873CE2}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{2BC4F7E5-C6C0-4F55-9DE6-05BC1962B5CA}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{E899A024-5142-4753-8E9A-DC608ECB1A23}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{EB9E3B0C-755D-4A3D-AEB5-CE0BBC722DED}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{B907FE8E-115B-442A-994F-627807C2E980}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{57D10C5C-D18C-4516-B4C4-73A7013DEC41}] => (Allow) LPort=41780
FirewallRules: [TCP Query User{8877B058-C6B5-4348-8B26-8CDD7E70D1AF}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [UDP Query User{858A7F0F-141F-49AF-85F0-60ED58B4AC84}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [{89CA9AA3-F309-43EE-A829-8B6857E505AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{838E7E20-B99C-4F62-ADFD-0DCE95C4D815}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75318547-0F52-425C-8883-9C2D8E88023F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Landmark\LaunchPad.exe
FirewallRules: [{016772D3-FFE5-4656-9AE4-027E0E80C8B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Landmark\LaunchPad.exe
FirewallRules: [TCP Query User{34D687C1-0437-48AB-B234-44ACC8BFE58D}C:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe
FirewallRules: [UDP Query User{3F582AD4-8DB0-413C-8C70-AA6ABA05993E}C:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe
FirewallRules: [{79F0EF0A-B2B6-44B9-B794-EF34CF519C09}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{2E702DEA-7CBF-4519-9435-BB6607736B4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{8FE079AB-C646-48DE-8126-0D535DCCC75F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EEE49E36-F876-43A9-84A1-B7384D7DD0A8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{06215CDC-AD3C-4469-981D-6ACCECE68C52}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{3BC07D84-3054-4CD1-B50D-F2A51258766D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{EA5F3E0C-ACA2-44E5-A2A5-C0F58A993186}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{09D6C19F-5615-4306-BAFB-5ED8A07D2941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{7AB8DAE5-7C0C-4B09-B89D-89D5C0227AC9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D474047F-AFB7-4927-AA8B-3FF22C7CA818}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{1B8B0DFA-1DBB-48F0-ADE7-BFB1666C73E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F6353137-58AB-4E64-827C-9E213D78B248}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{D7FD4F5A-E51A-4B2D-A00B-F3EDC93A8EB1}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DF7DC0B5-B9C2-49F0-990D-D64A2712DAE7}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{5FC0E6F0-7CBA-4497-80F0-63CF40E382BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{90DAF3E7-4B43-4C38-98BD-729B4F2F0BD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{BF4907EC-1F21-433E-8FC8-CC67216A1BF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DC8938E7-C3B3-417C-9FD0-8631824EB04D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C098A9A8-2BF4-42E5-A54E-C9252AD9E293}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{04674D45-E70F-4CAC-A09B-97FDC4E72AB2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{2531F043-FBAD-4A3C-B726-981CC020C3DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{CF7EC36C-56D1-42A8-8F4C-9C40CCCE0C55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{65E6CCB0-23AB-4462-BBE3-F199352117CD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E23862B-0178-496E-B78F-104A6783FFB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{46F146DC-1B8F-4D98-A5AD-F3B34E4EA76D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{C8807531-541E-46F1-BA5F-8099AA72D70D}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{23D3AB97-DA05-4295-8765-98774BE79C5F}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2FEFB0AD-33CA-4504-B1C2-C4CED096E6BE}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{73752384-F2D8-47E8-8376-4A9F8A0771F2}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [{F2BA3B52-B02F-4F00-B812-9E595EDB45FC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{6C940C2E-86D2-45EA-A329-C64B2E9E7327}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{F99D2233-33B5-44C6-ADDE-36983D019790}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{CAF50B4A-561E-4DDC-9F10-8D5C233A1522}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8CE0AEE-B8DB-422E-9E40-9661E78D3111}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{6725E8C5-AFF6-4A6C-B996-3FDEFC4A7C24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 12:55:32 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905

Error: (07/25/2015 12:55:32 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: Failed to load a dependant module.
Error Code:a7f42003

Error: (07/25/2015 12:38:33 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905

Error: (07/25/2015 12:38:33 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: Failed to load a dependant module.
Error Code:a7f42003

Error: (07/25/2015 12:20:01 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905

Error: (07/25/2015 12:20:01 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: Failed to load a dependant module.
Error Code:a7f42003

Error: (07/22/2015 04:04:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1414

Start Time: 01d0c4b9a22405a7

Termination Time: 47

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/21/2015 11:45:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x4190
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (07/21/2015 12:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0xf34
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (07/20/2015 12:58:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x3da0
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

System errors:
=============
Error: (07/26/2015 02:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%3

Error: (07/26/2015 02:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%3

Error: (07/26/2015 02:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%3

Error: (07/26/2015 02:50:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%3

Error: (07/26/2015 02:48:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/26/2015 02:47:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:44:40 PM on ‎7/‎26/‎2015 was unexpected.

Error: (07/26/2015 02:45:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/26/2015 01:23:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (07/26/2015 01:23:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (07/26/2015 01:18:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Microsoft Office:
=========================
Error: (07/25/2015 12:55:32 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905

Error: (07/25/2015 12:55:32 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: a7f42003

Error: (07/25/2015 12:38:33 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905

Error: (07/25/2015 12:38:33 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: a7f42003

Error: (07/25/2015 12:20:01 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905

Error: (07/25/2015 12:20:01 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: a7f42003

Error: (07/22/2015 04:04:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17909141401d0c4b9a22405a747C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/21/2015 11:45:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada4419001d0c430ea196851C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll28e136f2-3024-11e5-be23-d48564b1984b

Error: (07/21/2015 12:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada4f3401d0c370554d807dC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll93ca3c50-2f63-11e5-be23-d48564b1984b

Error: (07/20/2015 12:58:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada43da001d0c30d4da8ad78C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll8d2316cc-2f00-11e5-be23-d48564b1984b

CodeIntegrity Error:
===================================
  Date: 2014-08-02 12:18:29.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC2D6D.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-02 12:18:29.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC2D6D.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-02 12:18:29.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC2D6D.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-02 12:18:29.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC2D6D.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-08 16:29:39.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-08 16:29:39.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-08 16:29:39.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 20:08:07.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 20:08:07.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-01 20:08:07.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 830 Processor
Percentage of memory in use: 32%
Total physical RAM: 6143.29 MB
Available physical RAM: 4155.49 MB
Total Virtual: 12284.79 MB
Available Virtual: 10022.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.33 GB) (Free:625.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.08 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 46CB4259)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Is it possible to replace the fan or add a fan on a card next to the NVidia? 

 

 

You have several tasks that are running from temp files which is a no-no so let's remove them:

 

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

 

There is something odd going on.  Not sure what it means.  You have all of these entries:

...

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"

...

 

Which I don't usually see in a FRST log.  Do you know why they are there?

 

 

 


  • 0

#8
kristi10

kristi10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts

Speedfan showed the CPU at 35C.  I added it to the tray and ran the sfc scan again.  It never got above 39C.

 

I have not run the memory tests yet, but will.  I did run the built in one a couple of days ago and all was well.

 

I wasn't very fond of the McAfee product myself, so I uninstalled it and installed Avast free as you suggested.

 

Since the fan on the NVidia card wasn't working, I replaced the card with one from a different computer.  It's not new but it's working, an ATI Radeon 2600 Pro.  I was able to install updated drivers for it and de-installed all of the NVidia drivers.

 

I believe that the lines from the FRST log that say "tweakingrunassystem" had something to do with tweaking.com.  I had installed it to do some trouble shooting, but didn't get any further than the first couple of steps - run chckdisk and sfc scan.  The sfc san gave me the errors we discussed earlier, so I stopped at that point.  I didn't use tweaking.com to make any changes and have de-installed it now.

 

From your earlier post today:  "I would check the PC maker's website for a newer BIOS and also a chipset utility.  What is the make and model of the PC?"

The PC is an HP Pavilion P6620F desktop.  AMD had an update for the chipset, and that's when things went awry.  After installing, the computer rebooted but stuck on the windows logo screen.  I restarted and startup repair came up.  It finished with "cannot repair this computer automatically" and gives this information:

Problem Signature 01:  6.1.7600.16385

Problem Signature 02:  6.1.7600.16385

Problem Signature 03:  unknown

Problem Signature 04:  242

Problem Signature 05:  AutoFailover

Problem Signature 06:  1

Problem Signature 07:  BadDriver

 

Should I use a restore point from earlier today and see if that gets me back in business?

 

Thank you, Kristi


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Yes try an older restore point.  Hopefully that will work.  You can also try going into Safe Mode and see if that will work.

 

Where did you get the AMD driver?  (Link to the page)


  • 0

#10
kristi10

kristi10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts

I used a restore point and it said that it didn't complete successfully and gave an option to select a different restore point.  When I click to go select the restore point, the computer restarted instead and is working now.  I don't know what didn't complete successfully.  Everything seems to be working okay, but more slowly than usual.

 

Should I try the system restore again, or move forward with the fixlist.txt you provided and with clearing the event log?

 

I got the AMD driver from AMD's website: http://support.amd.c...=Windows 7 - 64


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Stick with this restore point since it works.  Go ahead and do the fixlist and then clear the error log and reboot.  Let's see if something is broken.


  • 0

#12
kristi10

kristi10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts

The fixlist took a couple of hours to run.  The log for it follows below, as well as the new event logs.

 

I am still seeing the command window pop open and close.  The pc is very slow to boot up, get to desktop, etc.  That seemed to start either with Avast or with graphics card and driver replacement yesterday.  I checked speedfan and the GPU is running at about 35C now.  I haven't had a restart/bsod since I switched out the bum graphics card, so that's good news.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by WestFamily at 2015-07-27 11:15:42 Run:1
Running from C:\Users\WestFamily\Desktop
Loaded Profiles: WestFamily (Available Profiles: WestFamily & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {8C268C82-26DA-42C0-9C99-4443FA26F887} - System32\Tasks\{8ADAAA59-C348-4D5B-9ADA-B688F9151AE3} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UERQDH5Z\AdobeAIRInstaller.exe" -d C:\Users\WestFamily\Desktop
Task: {3A2F1879-D1F1-49AF-A3E3-D4EDEE861C7F} - System32\Tasks\{1BE506F3-D675-43E0-A3E4-E6911FB2CF21} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WAEJVIJB\AdobeAIRInstaller.exe" -d C:\Users\WestFamily\Desktop
Task: {CCC9CB53-01CC-48E4-BD6B-A88B414FBF40} - System32\Tasks\{054A3506-C5C4-481E-BDCA-0B5CA7DCF2DE} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAN2XZSP\AdobeAIRInstaller.exe" -d C:\Users\WestFamily\Desktop
Task: {D76394F0-73EB-4D42-B990-584F9A956810} - System32\Tasks\{8EB920F4-AA2D-4BED-B5D2-44BCD01D0B9B} => pcalua.exe -a "C:\Users\WestFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5F92XKA\setup.exe" -d C:\Users\WestFamily\Desktop
EmptyTemp:

 

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C268C82-26DA-42C0-9C99-4443FA26F887}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C268C82-26DA-42C0-9C99-4443FA26F887}" => key removed successfully
C:\Windows\System32\Tasks\{8ADAAA59-C348-4D5B-9ADA-B688F9151AE3} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8ADAAA59-C348-4D5B-9ADA-B688F9151AE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A2F1879-D1F1-49AF-A3E3-D4EDEE861C7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A2F1879-D1F1-49AF-A3E3-D4EDEE861C7F}" => key removed successfully
C:\Windows\System32\Tasks\{1BE506F3-D675-43E0-A3E4-E6911FB2CF21} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1BE506F3-D675-43E0-A3E4-E6911FB2CF21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCC9CB53-01CC-48E4-BD6B-A88B414FBF40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCC9CB53-01CC-48E4-BD6B-A88B414FBF40}" => key removed successfully
C:\Windows\System32\Tasks\{054A3506-C5C4-481E-BDCA-0B5CA7DCF2DE} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{054A3506-C5C4-481E-BDCA-0B5CA7DCF2DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D76394F0-73EB-4D42-B990-584F9A956810}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D76394F0-73EB-4D42-B990-584F9A956810}" => key removed successfully
C:\Windows\System32\Tasks\{8EB920F4-AA2D-4BED-B5D2-44BCD01D0B9B} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8EB920F4-AA2D-4BED-B5D2-44BCD01D0B9B}" => key removed successfully
EmptyTemp: => 18.9 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 11:48:55 ====

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/07/2015 1:43:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/07/2015 5:33:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 27/07/2015 5:29:44 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 27/07/2015 5:29:43 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

Log: 'System' Date/Time: 27/07/2015 5:29:43 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the path specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/07/2015 5:31:34 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00#7&34A78F2F&0&423237303148FD1EA5&0#.

Log: 'System' Date/Time: 27/07/2015 5:30:12 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/07/2015 1:46:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

It shouldn't take but a few minutes.  I think something is using the CPU time.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

 


  • 0

#14
kristi10

kristi10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts

Thank you btw for your continued help!

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.07 0 K 24 K 0   
procexp64.exe 1.56 30,020 K 54,776 K 3924 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.35 0 K 0 K n/a Hardware Interrupts and DPCs  
dwm.exe 0.27 32,456 K 30,552 K 2676 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.13 2,792 K 11,964 K 584 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.12 13,888 K 21,940 K 492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.12 196 K 2,640 K 4   
explorer.exe 0.10 29,820 K 48,288 K 3564 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.08 8,792 K 15,740 K 1580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 27,420 K 25,376 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CinemaNowSvc.exe 0.04 7,072 K 6,872 K 2004 CinemaNow Service Application CinemaNow, Inc. (Verified) Sonic Solutions
AvastSvc.exe 0.03 191,856 K 81,476 K 1544 avast! Service AVAST Software (Verified) AVAST Software a.s.
lsass.exe 0.02 7,332 K 15,096 K 632 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 15,424 K 16,552 K 1308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.02 18,448 K 25,132 K 1348 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
CCC.exe 0.01 113,556 K 20,768 K 4480 Catalyst Control Center: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
ServicepointService.exe < 0.01 8,856 K 20,480 K 2688  Radialpoint SafeCare Inc. (Verified) Radialpoint
MOM.exe < 0.01 39,468 K 5,640 K 2704 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
AppleMobileDeviceService.exe < 0.01 3,936 K 10,596 K 1904 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 58,868 K 26,164 K 2808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,508 K 4,944 K 480 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 17,272 K 19,596 K 2976 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 2,788 K 4,472 K 640 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 173,596 K 182,812 K 356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 7,900 K 7,636 K 996 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,908 K 16,092 K 3512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 22,488 K 39,256 K 608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 45,964 K 40,284 K 2860 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe < 0.01 2,304 K 5,448 K 2564 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
ipoint.exe < 0.01 5,492 K 2,616 K 4036 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
WUDFHost.exe  2,324 K 6,396 K 3796 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  5,932 K 10,812 K 4068 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  3,104 K 6,712 K 1652 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  3,340 K 7,856 K 848 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,708 K 4,672 K 552 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe  2,256 K 6,180 K 4364 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  2,688 K 7,020 K 1860 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  4,404 K 8,188 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  4,732 K 10,184 K 748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  17,712 K 20,088 K 1732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,856 K 5,960 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,612 K 5,976 K 3620 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  6,776 K 12,492 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe  7,976 K 14,564 K 1704 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  572 K 1,220 K 336 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SmartMenu.exe  7,640 K 15,700 K 3724 SmartMenu  (Verified) Hewlett-Packard Company
services.exe  6,008 K 11,180 K 612 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe  2,324 K 5,368 K 4288 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe  2,076 K 5,432 K 1176 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe  14,816 K 12,020 K 1288 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe  2,328 K 7,420 K 4500 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe  29,572 K 25,552 K 4812 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
mfevtps.exe  4,688 K 8,112 K 2592 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mDNSResponder.exe  2,932 K 6,424 K 1980 Bonjour Service Apple Inc. (Verified) Apple Inc.
jusched.exe  1,524 K 5,172 K 3916 Java Update Scheduler Oracle Corporation (Verified) Oracle America
itype.exe  6,020 K 2,456 K 1508 IType.exe Microsoft Corporation (Verified) Microsoft Corporation
hpwuschd2.exe  1,044 K 3,680 K 2112 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hpsysdrv.exe  1,000 K 3,560 K 3688 hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe  41,012 K 38,712 K 3672 HP Support Solutions Framework Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
GWX.exe  3,564 K 988 K 4164 GWX Microsoft Corporation (Verified) Microsoft Windows
Fuel.Service.exe  2,692 K 7,688 K 1852 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
E_S40STB.EXE  1,628 K 4,000 K 1440 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) Microsoft Windows Hardware Compatibility Publisher
E_S40RPB.EXE  1,588 K 3,644 K 1600 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) Microsoft Windows Hardware Compatibility Publisher
dllhost.exe  2,704 K 7,484 K 764 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe  1,732 K 4,528 K 972 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe  2,788 K 6,912 K 1236 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe  2,400 K 8,548 K 1812 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Process Explorer log looks really good.  It should be fairly quick right now.

 

Let's do another Frst so we can see if things have changed.  Check the Addition box and post both log.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP