Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to download new programs or updates

Started by Susanking96 , Sep 11 2015 10:20 AM

  • Please log in to reply

#1
Susanking96
Posted 11 September 2015 - 10:20 AM

Susanking96

    Member

  • Member
  • PipPip
  • 24 posts

Hi. My computer will not allow me to download any new programs or updates to Windows. I used to receive a message stating there is a conflict between tcp/ip protocol, but lately it just says unable to complete download, shuts the install progress down, or does nothing.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Susan (administrator) on SUSAN-PCLT (11-09-2015 12:11:31)
Running from C:\Users\Susan\Desktop
Loaded Profiles: UpdatusUser & Susan & CK (Available Profiles: UpdatusUser & Susan & CK)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-12] (Lenovo)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-12] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-774334311-1544358969-1951404087-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-07-12]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: -> Catalog5 - Broken internet access due to missing entry. <===== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3A52EB3C-3063-4D6E-96CE-75FE57ED5B60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EA8BBAB4-39B8-4B89-B2BD-F725069F1857}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSERT1
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSRT&Tid=80033373&OHP=http%3A%2F%2Fwww.google.com%2Fig%2Fredirectdomain%3Fbrand%3DLENN%26bmod%3DLENN,http%3A%2F%2Fwww.lenovo.com&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Die7%26q%3D%7BsearchTerms%7D%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%3F%7D%26ie%3D%7BinputEncoding%7D%26oe%3D%7BoutputEncoding%7D%26rlz%3D1I7LENN
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS499US499
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: weDownload Manager Pro -> {11111111-1111-1111-1111-110411361128} -> C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll [2013-12-23] (weDownload)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: weDownload Manager Pro -> {11111111-1111-1111-1111-110411361128} -> C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll [2013-12-23] (weDownload)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-05] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\i5mk3s1t.default
FF Homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-06-05] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774334311-1544358969-1951404087-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-06-05] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-09-03] (Coupons, Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (weDownload Manager Pro) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-12-23]
CHR Extension: (AVG Secure Search) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-10-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
U2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 12:11 - 2015-09-11 12:12 - 00020875 _____ C:\Users\Susan\Desktop\FRST.txt
2015-09-11 12:11 - 2015-09-11 12:11 - 00000000 ____D C:\FRST
2015-09-11 12:09 - 2015-09-11 12:09 - 02190848 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2015-09-11 10:40 - 2015-09-11 10:40 - 00000017 _____ C:\Users\Susan\AppData\Local\resmon.resmoncfg
2015-09-11 10:27 - 2015-09-11 10:27 - 13155552 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\Silverlight_x64.exe
2015-09-11 10:08 - 2015-09-11 10:08 - 00000000 ____D C:\Users\Susan\Desktop\Pet Pics
2015-09-11 10:04 - 2015-09-11 10:06 - 00000000 ____D C:\Users\Susan\Desktop\Resume'
2015-09-11 02:11 - 2015-09-11 02:13 - 00000000 ____D C:\Users\Susan\Desktop\MC aka TD
2015-09-08 00:52 - 2015-09-08 00:52 - 00000694 _____ C:\Users\Susan\Desktop\Spider Solitaire - Shortcut.lnk
2015-08-14 10:15 - 2015-08-14 10:15 - 02077392 _____ (Microsoft Corporation) C:\Users\Susan\Desktop\IE11-Windows6.1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 12:07 - 2012-09-24 01:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-11 12:01 - 2012-12-18 01:23 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-09-11 11:41 - 2012-07-12 10:11 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 10:47 - 2012-07-12 09:26 - 01735158 _____ C:\Windows\WindowsUpdate.log
2015-09-11 10:28 - 2013-03-14 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-11 10:28 - 2013-03-14 23:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-11 10:28 - 2013-03-14 23:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-11 10:10 - 2013-03-17 08:41 - 00000000 ____D C:\Users\Susan\Desktop\Megan's stuff
2015-09-11 10:09 - 2014-03-01 12:49 - 00000000 ____D C:\Users\Susan\Desktop\Recipes and food related docs
2015-09-11 10:08 - 2012-10-01 18:32 - 00000000 ____D C:\Users\Susan\Desktop\trends
2015-09-11 10:05 - 2013-08-17 14:20 - 00000000 ____D C:\Users\Susan\Desktop\quilt layout
2015-09-11 09:48 - 2013-12-23 19:17 - 00002042 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2015-09-11 09:48 - 2013-12-23 19:17 - 00001410 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2015-09-11 09:48 - 2013-12-23 19:17 - 00001312 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2015-09-11 09:48 - 2013-12-23 19:17 - 00001212 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2015-09-11 09:48 - 2012-07-12 10:11 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 09:48 - 1601-01-02 00:16 - 01374295 _____ C:\Windows\system32\fastboot.set
2015-09-11 09:48 - 1601-01-02 00:16 - 00013640 _____ C:\Windows\setupact.log
2015-09-11 09:48 - 1601-01-02 00:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 02:13 - 2012-08-29 17:37 - 00000000 ____D C:\Users\Susan\Desktop\Sue's stuff
2015-09-10 23:21 - 1601-01-02 00:16 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-19 10:55 - 2014-06-26 12:13 - 00000000 ____D C:\Users\Susan\Desktop\Mystery Shopping
2015-08-19 10:54 - 2014-03-01 12:26 - 00000000 ____D C:\Users\Susan\Desktop\Nelnet
2015-08-19 10:50 - 2014-10-13 21:49 - 00000000 ____D C:\Users\Susan\Desktop\Funny cat pics
2015-08-17 09:23 - 2012-08-29 13:37 - 00000000 ____D C:\Users\Susan\Desktop\UOP

==================== Files in the root of some directories =======

2015-09-11 10:40 - 2015-09-11 10:40 - 0000017 _____ () C:\Users\Susan\AppData\Local\resmon.resmoncfg
2012-12-18 01:20 - 2012-12-18 01:20 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Susan\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
C:\Users\Susan\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe
C:\Users\Susan\AppData\Local\Temp\avguidx.dll
C:\Users\Susan\AppData\Local\Temp\BetterBrowseSetup.exe
C:\Users\Susan\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Susan\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Susan\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Susan\AppData\Local\Temp\oi_{811F77E8-A705-48C4-87EB-6BDB0464E43B}.exe
C:\Users\Susan\AppData\Local\Temp\sp_downloader.exe
C:\Users\Susan\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Susan\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Susan\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-03 14:57

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Susan (2015-09-11 12:12:36)
Running from C:\Users\Susan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-29 15:22:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-774334311-1544358969-1951404087-500 - Administrator - Disabled)
CK (S-1-5-21-774334311-1544358969-1951404087-1004 - Limited - Enabled) => C:\Users\CK
Guest (S-1-5-21-774334311-1544358969-1951404087-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-774334311-1544358969-1951404087-1003 - Limited - Enabled)
Susan (S-1-5-21-774334311-1544358969-1951404087-1002 - Administrator - Enabled) => C:\Users\Susan
UpdatusUser (S-1-5-21-774334311-1544358969-1951404087-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.32.50 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.5.12480 - Blizzard Entertainment)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}) (Version: 1.1.007.00 - Lenovo Group Limited)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
NVIDIA Graphics Driver 296.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
weDownload Manager Pro (HKLM-x32\...\weDownload Manager Pro) (Version: 1.31.153.0 - weDownload) <==== ATTENTION
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.1.0.16357 - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06584C2E-3394-4285-A6BD-BB00E6C8DE87} - \weDownload Manager Pro-enabler -> No File <==== ATTENTION
Task: {089038CB-601E-48DB-A7C3-576AD5E43E20} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-05-16] ()
Task: {1215FBB2-1300-42D1-B739-DCA4958A7D00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {14C98695-8673-4050-9222-9A788E523CE6} - System32\Tasks\{D83BD0DE-6C30-45E6-8ECE-7BD839304479} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {1BE31C82-B533-43DD-9095-EB9D7AD93BCA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-05-16] ()
Task: {35E638A1-82B4-45AE-BEF4-23CEB850DE20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {3BBF1A3C-5882-40D9-8036-81B8E74C230D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {3DB96A97-586D-4DF7-912C-0C9E40E45F05} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2013-12-23] (weDownload) <==== ATTENTION
Task: {4F4831CF-E72F-4EA1-9004-AB8D4240784B} - System32\Tasks\{F3B4721F-762C-4E11-8487-1EFDC24091D3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {4FBECA4A-9A2B-4D5E-B0E3-BA8794C669D7} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {62888E2F-0DDC-47CE-A6E9-BD4651F3B46A} - System32\Tasks\{8B9C5B60-1CE9-4082-8798-BACA67B1BE14} => pcalua.exe -a "C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W250X9RP\codecs.exe" -d C:\Users\Susan\Desktop
Task: {62B389EA-7C79-4354-8C03-B6FF6E6B68C4} - System32\Tasks\{317431B5-9AF6-4D32-A029-1DBBD8F0CCDE} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {738445FC-DD00-41A2-A556-F6AF101C6CA6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-05-16] (Lenovo)
Task: {9706F521-8B89-4239-A828-FB0278A49B25} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2013-12-23] (weDownload) <==== ATTENTION
Task: {9D340C32-B9E5-4900-9683-3A937884A02A} - System32\Tasks\{C0EDFA2F-4593-4DC6-866C-265DF48377D3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {A40D3699-B2E7-4765-9AE0-F90DC7F9523E} - System32\Tasks\{F73B8CE9-580D-4E9B-8ADB-1BCFF6875E56} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {A9DB3994-94F2-4EB0-9178-8E7C94BDCDA0} - System32\Tasks\{43D400F6-39BE-4FB7-A7D0-C0899DC64CD3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {B190CFE0-5C3E-47F3-8D5F-334333045911} - System32\Tasks\weDownload Manager Pro-updater => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe [2013-12-23] (weDownload) <==== ATTENTION
Task: {BA6A6602-D324-4BC9-8C1B-CF93CC19282D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C2EA2679-B34E-4B7A-B205-DA780373C58D} - System32\Tasks\{D9E9F80F-317C-44EB-91B7-3FB726361CFF} => pcalua.exe -a "C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H39DCCKV\DivXInstaller.exe" -d C:\Users\Susan\Desktop
Task: {CB3F6C5C-0BD8-41F8-B0B4-2C5DBC7BA72F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-21] (Adobe Systems Incorporated)
Task: {CCB61FFC-D68C-42DD-8296-E549A5499FB3} - System32\Tasks\{EE8D5053-F557-4834-A97C-28A38B8051D2} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {CF993E35-556E-4032-9239-56B8544EFDA3} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe̿/installcrx /agentregpath='weDownload Manager Pro' /extensionfilepath C:\Program Files (x86)\weDownload Manager Pro\43628.crx' /appid=43628 /srcid='000529' /subid='verticals-intext,ads,pops' /zdata='0' /bic=2EA985BD883941C7B91B6637DFFA004BIE /verifier=3883da5265018bf7b1604abc8b9b735f /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1387840642 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exeǓ/reinstallapp /agentregpath='weDownload Manager Pro' /appid=43628 /srcid='000529' /subid='verticals-intext,ads,pops' /zdata='0' /bic=2EA985BD883941C7B91B6637DFFA004BIE /verifier=3883da5265018bf7b1604abc8b9b735f /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1387840642 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-enabler.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exeƨ/enablebho /agentregpath='weDownload Manager Pro' /appid=43628 /srcid='000529' /subid='verticals-intext,ads,pops' /zdata='0' /bic=2EA985BD883941C7B91B6637DFFA004BIE /verifier=3883da5265018bf7b1604abc8b9b735f /installerversion=1_31_153 /installationtime=1387840642 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-updater.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exeȋ/runupdater /agentregpath='weDownload Manager Pro' /appid=43628 /srcid='000529' /subid='verticals-intext,ads,pops' /zdata='0' /bic=2EA985BD883941C7B91B6637DFFA004BIE /verifier=3883da5265018bf7b1604abc8b9b735f /installerversion=1_31_153 /installationtime=1387840642 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /monetizationdomain=http:/stats.syncstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.srvstatsdata.com <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2012-12-18 01:25 - 2011-06-08 17:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2008-12-20 06:20 - 2012-07-12 10:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 19:22 - 2012-07-12 10:12 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 06:20 - 2012-07-12 10:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-05-16 01:26 - 2012-02-17 12:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-09-16 19:56 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-09-16 19:56 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-17 07:17 - 2014-10-17 07:17 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-07-12 09:31 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-12 09:42 - 2012-05-01 10:00 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-02-05 22:26 - 2012-12-18 15:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2013-02-05 22:26 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-774334311-1544358969-1951404087-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\CK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17A09ACC-4A1F-44E8-913F-967E18827858}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{404FD3EF-4E7E-4C1B-A432-DAC24D614C14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BC24237D-EAAE-475A-A967-9F59F66EE80B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C810BB70-F8C1-474D-9BF1-AF46B45EF4BE}] => (Allow) LPort=2869
FirewallRules: [{9431585D-F3A6-438F-9BCB-5D6EA5B6E259}] => (Allow) LPort=1900
FirewallRules: [{B78FF6BB-8532-4D36-8284-130EFCB60A39}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{098E2178-A0B2-4C9A-9F97-F053CE4DBEF5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{988CB3AC-D2D0-481D-868F-746D9BEC0B5C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7EDB1DBA-9752-4EB7-B84F-856F8664765D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4E50BA14-D0A5-4C04-B5AB-E77B628D93D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{FB5C3433-32C3-465D-B905-5C7BFC387F2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B9E4A273-6500-4673-9B43-CB986126373D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{11A1EE84-E8AC-46BC-9B3F-AA7EC8AFF364}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{4BC9AF07-76CC-46FD-B649-0DB6B4D43ACD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{B60DF31B-D22C-49A0-A723-40FA79EF7173}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C9E1FA33-AD0C-47D7-B76A-E24DE572E9CE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{F56E18B0-C511-499A-8112-0785FAA13EEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8497394-1F03-4957-9826-D00EE7FB1FF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AA2CC57-7F0E-4BE7-9CE4-F329E81073BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDEC2855-C400-41F8-B250-626B9096237C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D408D13C-84C7-4E21-AB7F-AE3928E80671}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4E176D59-8957-4C28-BF99-0AC62EA99F0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{E20087B0-100D-4C11-8CAA-979516978B1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{E85B31AA-3347-4B7C-9BAF-ED5B365ADB99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{6BD00D7C-31DB-4DB1-BB83-C310AAA50584}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{D1F2424C-17BC-4DFC-A951-69FBFEA6E2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{37859EEE-DB51-41E6-962F-AB040DE02D2B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{91FAA90D-A957-4772-9E6F-56B3F0590F03}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{59D2E3EC-60BD-43CE-96A4-22C73081CFA1}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{41EE5C5C-9739-4292-B749-686500843E91}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{35CABC81-1222-4415-97F4-B2522EE57803}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{0C880ED4-4189-42FB-8390-06B36A2895F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{FD75E4FC-0DBF-427C-B21F-EB497A7CC3D7}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{246F59FF-6BBD-4E71-B608-DAEC290F7C7F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{CD0EB16C-B29A-43CF-B4EF-7EFBBD564775}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [TCP Query User{E9FF8C94-F927-44E8-A40B-C1BCCEAD710B}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{755E9C5D-EE5D-4CBB-AE49-452EAB42A84C}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{FF7CBF99-0C15-4D7C-A252-D76E769B4AA0}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B1BA14DE-0B6A-4F36-93B9-0F947A484265}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2015 10:59:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cleanmgr.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc995
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc00000fd
Fault offset: 0x000000000005234a
Faulting process id: 0x164c
Faulting application start time: 0xcleanmgr.exe0
Faulting application path: cleanmgr.exe1
Faulting module path: cleanmgr.exe2
Report Id: cleanmgr.exe3

Error: (09/11/2015 10:00:55 AM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/11/2015 09:49:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2015 02:32:51 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/09/2015 11:23:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/09/2015 09:49:12 AM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/09/2015 12:18:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 21700

Start Time: 01d0ea344948d565

Termination Time: 360

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/08/2015 09:12:27 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/08/2015 09:12:02 AM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/07/2015 09:11:55 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

System errors:
=============
Error: (09/11/2015 10:14:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (09/11/2015 09:50:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053

Error: (09/11/2015 09:50:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (09/11/2015 09:50:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (09/11/2015 09:50:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (09/11/2015 09:50:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (09/11/2015 09:49:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/11/2015 09:48:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Error: (09/11/2015 09:48:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Routing and Remote Access service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Error: (09/11/2015 09:48:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Microsoft Office:
=========================
Error: (09/11/2015 10:59:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cleanmgr.exe6.1.7600.163854a5bc995ntdll.dll6.1.7601.18869556366f2c00000fd000000000005234a164c01d0eca27356e9e6C:\Windows\system32\cleanmgr.exeC:\Windows\SYSTEM32\ntdll.dllb8d55a0c-5895-11e5-a19f-08edb99fd31e

Error: (09/11/2015 10:00:55 AM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (09/11/2015 09:49:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2015 02:32:51 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (09/09/2015 11:23:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (09/09/2015 09:49:12 AM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (09/09/2015 12:18:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.166592170001d0ea344948d565360C:\Program Files\Internet Explorer\iexplore.exe

Error: (09/08/2015 09:12:27 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (09/08/2015 09:12:02 AM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (09/07/2015 09:11:55 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 3998.36 MB
Available physical RAM: 2179.24 MB
Total Virtual: 7994.92 MB
Available Virtual: 5478.22 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:215.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:22.23 GB) NTFS
Drive f: (SIMPLY_TAI_CHI) (CDROM) (Total:1.69 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C9E52945)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements

#2
RKinner
Posted 12 September 2015 - 08:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that. 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 


  • 0

#3
Susanking96
Posted 14 September 2015 - 10:08 AM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Susan (2015-09-14 12:05:49) Run:1
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan (Available Profiles: UpdatusUser & Susan & CK)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winsock: -> Catalog5 - Broken internet access due to missing entry. <===== ATTENTION
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
Task: {06584C2E-3394-4285-A6BD-BB00E6C8DE87} - \weDownload Manager Pro-enabler -> No File <==== ATTENTION
BHO-x32: weDownload Manager Pro -> {11111111-1111-1111-1111-110411361128} -> C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll [2013-12-23] (weDownload)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-01-26] (Oracle Corporation)
2015-09-11 09:48 - 2013-12-23 19:17 - 00002042 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2015-09-11 09:48 - 2013-12-23 19:17 - 00001410 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2015-09-11 09:48 - 2013-12-23 19:17 - 00001312 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2015-09-11 09:48 - 2013-12-23 19:17 - 00001212 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
cmd: netsh winsock reset

 

*****************

Winsock: -> Catalog5 - Broken internet access due to missing entry. <===== ATTENTION => Winsock will be renumbered.
BcmSqlStartupSvc => service removed successfully
CLKMSVC10_3A60B698 => service removed successfully
CLKMSVC10_C3B3B687 => service removed successfully
DriverService => service removed successfully
iATAgentService => service removed successfully
idealife Update Service => service removed successfully
IGRS => service removed successfully
IviRegMgr => service removed successfully
Oasis2Service => service removed successfully
PCCarerService => service removed successfully
ReadyComm.DirectRouter => service removed successfully
RichVideo => service removed successfully
RtLedService => service removed successfully
SeaPort => service removed successfully
SoftwareService => service removed successfully
SQLWriter => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06584C2E-3394-4285-A6BD-BB00E6C8DE87} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-enabler => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128} => key not found.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411361128} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.11.2" => key removed successfully
C:\Windows\SysWOW64\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2" => key removed successfully
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
"C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job" => File/Folder not found.
"C:\Windows\Tasks\weDownload Manager Pro-updater.job" => File/Folder not found.
"C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job" => File/Folder not found.
"C:\Windows\Tasks\weDownload Manager Pro-enabler.job" => File/Folder not found.

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog 12:05:52 ====


  • 0

#4
Susanking96
Posted 14 September 2015 - 10:47 AM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

After running sfc /scannow I received the following message:

 

Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log.

 

Should I now continue your instructions from where it states

 

1. Please download the Event Viewer Tool by Vino Rosso


  • 0

#5
RKinner
Posted 14 September 2015 - 11:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Yes continue from there.  Since SFC was able to fix everything we don't need the Findstr stuff.


  • 0

#6
Susanking96
Posted 14 September 2015 - 01:19 PM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/09/2015 3:10:32 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/09/2015 4:17:18 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 14/09/2015 4:15:12 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:15:11 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Routing and Remote Access service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:15:11 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:15:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:14:44 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:14:43 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Base Filtering Engine service terminated with the following error:  %%-2144206839

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/09/2015 4:14:19 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/09/2015 4:11:24 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 14/09/2015 4:11:24 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/09/2015 3:12:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/09/2015 4:29:56 PM
Type: Error Category: 0
Event: 1002 Source: MsiInstaller
Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Log: 'Application' Date/Time: 14/09/2015 4:15:24 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/09/2015 4:11:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   12 user registry handles leaked from \Registry\User\S-1-5-21-774334311-1544358969-1951404087-1002:
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\SystemCertificates\Root
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\SystemCertificates\My
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\SystemCertificates\CA
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 3792 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\SystemCertificates\trust

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Susan (administrator) on SUSAN-PCLT (14-09-2015 15:14:48)
Running from C:\Users\Susan\Desktop
Loaded Profiles: UpdatusUser & Susan & CK (Available Profiles: UpdatusUser & Susan & CK)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Co.) C:\SysPart\Default\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Apple Inc.) C:\SysPart\Default\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\SysPart\Default\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\SysPart\Default\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-12] (Lenovo)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-12] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-774334311-1544358969-1951404087-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-07-12]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3A52EB3C-3063-4D6E-96CE-75FE57ED5B60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EA8BBAB4-39B8-4B89-B2BD-F725069F1857}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS499US499
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-05] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-774334311-1544358969-1951404087-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\i5mk3s1t.default
FF Homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-09-03] (Coupons, Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Secure Search) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-10-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
U2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 15:10 - 2015-09-14 15:12 - 00004274 _____ C:\VEW.txt
2015-09-14 15:09 - 2015-09-14 15:09 - 00061440 _____ ( ) C:\Users\Susan\Desktop\VEW.exe
2015-09-14 12:37 - 2013-02-12 00:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-09-14 12:37 - 2013-02-12 00:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-09-14 12:37 - 2012-07-04 16:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-09-14 12:37 - 2012-07-04 16:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-09-14 12:10 - 2015-09-14 12:10 - 20975616 _____ C:\Users\Susan\Documents\application log 914-1210.evtx
2015-09-11 15:19 - 2015-09-11 15:19 - 00000000 ____D C:\Users\CK\AppData\Local\Deployment
2015-09-11 15:19 - 2015-09-11 15:19 - 00000000 ____D C:\Users\CK\AppData\Local\Apps\2.0
2015-09-11 15:17 - 2015-09-11 15:17 - 42012712 _____ C:\Users\CK\Downloads\Firefox Setup 40.0.3.exe
2015-09-11 15:17 - 2015-09-11 15:17 - 00000000 ____D C:\Users\CK\AppData\Roaming\Mozilla
2015-09-11 15:17 - 2015-09-11 15:17 - 00000000 ____D C:\Users\CK\AppData\Local\Mozilla
2015-09-11 15:15 - 2015-09-11 15:15 - 00242752 _____ C:\Users\CK\Desktop\Firefox Setup Stub 40.0.3.exe
2015-09-11 15:14 - 2015-09-11 15:14 - 00001420 _____ C:\Users\CK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-11 15:14 - 2015-09-11 15:14 - 00000000 ____D C:\Users\CK\AppData\Roaming\Google
2015-09-11 15:14 - 2015-09-11 15:14 - 00000000 ____D C:\Users\CK\AppData\Local\Google
2015-09-11 15:06 - 2015-09-11 15:06 - 51015680 _____ C:\Users\Susan\Downloads\GoogleChromeStandaloneEnterprise64 (1).msi
2015-09-11 15:05 - 2015-09-11 15:05 - 51015680 _____ C:\Users\Susan\Downloads\GoogleChromeStandaloneEnterprise64.msi
2015-09-11 14:10 - 2015-09-11 14:10 - 00000000 _____ C:\Users\Susan\Downloads\standalonesetup64_exe.j393yvt.partial
2015-09-11 12:12 - 2015-09-11 12:13 - 00038607 _____ C:\Users\Susan\Desktop\Addition.txt
2015-09-11 12:11 - 2015-09-14 15:16 - 00017894 _____ C:\Users\Susan\Desktop\FRST.txt
2015-09-11 12:11 - 2015-09-14 15:14 - 00000000 ____D C:\FRST
2015-09-11 12:09 - 2015-09-11 12:09 - 02190848 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2015-09-11 10:40 - 2015-09-11 10:40 - 00000017 _____ C:\Users\Susan\AppData\Local\resmon.resmoncfg
2015-09-11 10:27 - 2015-09-11 10:27 - 13155552 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\Silverlight_x64.exe
2015-09-11 10:08 - 2015-09-11 10:08 - 00000000 ____D C:\Users\Susan\Desktop\Pet Pics
2015-09-11 10:04 - 2015-09-11 22:17 - 00000000 ____D C:\Users\Susan\Desktop\Resume'
2015-09-11 02:11 - 2015-09-11 02:13 - 00000000 ____D C:\Users\Susan\Desktop\MC aka TD
2015-09-08 00:52 - 2015-09-08 00:52 - 00000694 _____ C:\Users\Susan\Desktop\Spider Solitaire - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 15:07 - 2012-09-24 01:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-14 15:01 - 2012-12-18 01:23 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-09-14 13:52 - 2012-07-12 10:11 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 12:17 - 1601-01-02 00:16 - 00663689 _____ C:\Windows\system32\fastboot.set
2015-09-14 12:14 - 1601-01-02 00:16 - 00013864 _____ C:\Windows\setupact.log
2015-09-14 12:14 - 1601-01-02 00:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-14 12:07 - 2012-09-24 01:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-14 12:07 - 2012-08-29 19:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 12:07 - 2012-08-29 19:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 12:03 - 1601-01-02 00:16 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-11 20:13 - 2014-06-05 12:05 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-09-11 20:07 - 2013-12-23 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-11 15:14 - 2013-10-25 18:07 - 00088968 _____ C:\Users\CK\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-11 15:14 - 2013-10-25 18:07 - 00001454 _____ C:\Users\CK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-11 15:14 - 1601-01-02 00:16 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-11 15:07 - 2013-03-21 19:22 - 00000000 ____D C:\Users\Susan\AppData\Local\Deployment
2015-09-11 13:47 - 1601-01-02 00:16 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-11 12:53 - 2013-03-14 23:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-11 12:53 - 2013-03-14 23:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-11 10:47 - 2012-07-12 09:26 - 01735158 _____ C:\Windows\WindowsUpdate.log
2015-09-11 10:28 - 2013-03-14 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-11 10:10 - 2013-03-17 08:41 - 00000000 ____D C:\Users\Susan\Desktop\Megan's stuff
2015-09-11 10:09 - 2014-03-01 12:49 - 00000000 ____D C:\Users\Susan\Desktop\Recipes and food related docs
2015-09-11 10:08 - 2012-10-01 18:32 - 00000000 ____D C:\Users\Susan\Desktop\trends
2015-09-11 10:05 - 2013-08-17 14:20 - 00000000 ____D C:\Users\Susan\Desktop\quilt layout
2015-09-11 02:13 - 2012-08-29 17:37 - 00000000 ____D C:\Users\Susan\Desktop\Sue's stuff
2015-08-19 10:55 - 2014-06-26 12:13 - 00000000 ____D C:\Users\Susan\Desktop\Mystery Shopping
2015-08-19 10:54 - 2014-03-01 12:26 - 00000000 ____D C:\Users\Susan\Desktop\Nelnet
2015-08-19 10:50 - 2014-10-13 21:49 - 00000000 ____D C:\Users\Susan\Desktop\Funny cat pics
2015-08-17 09:23 - 2012-08-29 13:37 - 00000000 ____D C:\Users\Susan\Desktop\UOP

==================== Files in the root of some directories =======

2015-09-11 10:40 - 2015-09-11 10:40 - 0000017 _____ () C:\Users\Susan\AppData\Local\resmon.resmoncfg
2012-12-18 01:20 - 2012-12-18 01:20 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Susan\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
C:\Users\Susan\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe
C:\Users\Susan\AppData\Local\Temp\avguidx.dll
C:\Users\Susan\AppData\Local\Temp\BetterBrowseSetup.exe
C:\Users\Susan\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Susan\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Susan\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Susan\AppData\Local\Temp\oi_{811F77E8-A705-48C4-87EB-6BDB0464E43B}.exe
C:\Users\Susan\AppData\Local\Temp\sp_downloader.exe
C:\Users\Susan\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Susan\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Susan\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-11 14:30

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Susan (2015-09-14 15:16:27)
Running from C:\Users\Susan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-29 15:22:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-774334311-1544358969-1951404087-500 - Administrator - Disabled)
CK (S-1-5-21-774334311-1544358969-1951404087-1004 - Limited - Enabled) => C:\Users\CK
Guest (S-1-5-21-774334311-1544358969-1951404087-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-774334311-1544358969-1951404087-1003 - Limited - Enabled)
Susan (S-1-5-21-774334311-1544358969-1951404087-1002 - Administrator - Enabled) => C:\Users\Susan
UpdatusUser (S-1-5-21-774334311-1544358969-1951404087-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.32.50 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.5.12480 - Blizzard Entertainment)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}) (Version: 1.1.007.00 - Lenovo Group Limited)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Graphics Driver 296.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.1.0.16357 - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {089038CB-601E-48DB-A7C3-576AD5E43E20} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-05-16] ()
Task: {14C98695-8673-4050-9222-9A788E523CE6} - System32\Tasks\{D83BD0DE-6C30-45E6-8ECE-7BD839304479} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {1BE31C82-B533-43DD-9095-EB9D7AD93BCA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-05-16] ()
Task: {35E638A1-82B4-45AE-BEF4-23CEB850DE20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {3BBF1A3C-5882-40D9-8036-81B8E74C230D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4F4831CF-E72F-4EA1-9004-AB8D4240784B} - System32\Tasks\{F3B4721F-762C-4E11-8487-1EFDC24091D3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {4FBECA4A-9A2B-4D5E-B0E3-BA8794C669D7} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {62888E2F-0DDC-47CE-A6E9-BD4651F3B46A} - System32\Tasks\{8B9C5B60-1CE9-4082-8798-BACA67B1BE14} => pcalua.exe -a "C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W250X9RP\codecs.exe" -d C:\Users\Susan\Desktop
Task: {62B389EA-7C79-4354-8C03-B6FF6E6B68C4} - System32\Tasks\{317431B5-9AF6-4D32-A029-1DBBD8F0CCDE} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {738445FC-DD00-41A2-A556-F6AF101C6CA6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-05-16] (Lenovo)
Task: {9D340C32-B9E5-4900-9683-3A937884A02A} - System32\Tasks\{C0EDFA2F-4593-4DC6-866C-265DF48377D3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {A40D3699-B2E7-4765-9AE0-F90DC7F9523E} - System32\Tasks\{F73B8CE9-580D-4E9B-8ADB-1BCFF6875E56} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {A9DB3994-94F2-4EB0-9178-8E7C94BDCDA0} - System32\Tasks\{43D400F6-39BE-4FB7-A7D0-C0899DC64CD3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {BA6A6602-D324-4BC9-8C1B-CF93CC19282D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C2EA2679-B34E-4B7A-B205-DA780373C58D} - System32\Tasks\{D9E9F80F-317C-44EB-91B7-3FB726361CFF} => pcalua.exe -a "C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H39DCCKV\DivXInstaller.exe" -d C:\Users\Susan\Desktop
Task: {CB3F6C5C-0BD8-41F8-B0B4-2C5DBC7BA72F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {CCB61FFC-D68C-42DD-8296-E549A5499FB3} - System32\Tasks\{EE8D5053-F557-4834-A97C-28A38B8051D2} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {CF993E35-556E-4032-9239-56B8544EFDA3} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2012-12-18 01:25 - 2011-06-08 17:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2008-12-20 06:20 - 2012-07-12 10:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 19:22 - 2012-07-12 10:12 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 06:20 - 2012-07-12 10:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-05-16 01:26 - 2012-02-17 12:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-16 19:56 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-09-16 19:56 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-17 07:17 - 2014-10-17 07:17 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-07-12 09:31 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-12 09:32 - 2012-02-21 00:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-774334311-1544358969-1951404087-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\CK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17A09ACC-4A1F-44E8-913F-967E18827858}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{404FD3EF-4E7E-4C1B-A432-DAC24D614C14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BC24237D-EAAE-475A-A967-9F59F66EE80B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C810BB70-F8C1-474D-9BF1-AF46B45EF4BE}] => (Allow) LPort=2869
FirewallRules: [{9431585D-F3A6-438F-9BCB-5D6EA5B6E259}] => (Allow) LPort=1900
FirewallRules: [{B78FF6BB-8532-4D36-8284-130EFCB60A39}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{098E2178-A0B2-4C9A-9F97-F053CE4DBEF5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{988CB3AC-D2D0-481D-868F-746D9BEC0B5C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7EDB1DBA-9752-4EB7-B84F-856F8664765D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4E50BA14-D0A5-4C04-B5AB-E77B628D93D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{FB5C3433-32C3-465D-B905-5C7BFC387F2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B9E4A273-6500-4673-9B43-CB986126373D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{11A1EE84-E8AC-46BC-9B3F-AA7EC8AFF364}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{4BC9AF07-76CC-46FD-B649-0DB6B4D43ACD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{B60DF31B-D22C-49A0-A723-40FA79EF7173}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C9E1FA33-AD0C-47D7-B76A-E24DE572E9CE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{F56E18B0-C511-499A-8112-0785FAA13EEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8497394-1F03-4957-9826-D00EE7FB1FF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AA2CC57-7F0E-4BE7-9CE4-F329E81073BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDEC2855-C400-41F8-B250-626B9096237C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D408D13C-84C7-4E21-AB7F-AE3928E80671}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4E176D59-8957-4C28-BF99-0AC62EA99F0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{E20087B0-100D-4C11-8CAA-979516978B1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{E85B31AA-3347-4B7C-9BAF-ED5B365ADB99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{6BD00D7C-31DB-4DB1-BB83-C310AAA50584}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{D1F2424C-17BC-4DFC-A951-69FBFEA6E2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{37859EEE-DB51-41E6-962F-AB040DE02D2B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{91FAA90D-A957-4772-9E6F-56B3F0590F03}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{59D2E3EC-60BD-43CE-96A4-22C73081CFA1}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{41EE5C5C-9739-4292-B749-686500843E91}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{35CABC81-1222-4415-97F4-B2522EE57803}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{0C880ED4-4189-42FB-8390-06B36A2895F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{FD75E4FC-0DBF-427C-B21F-EB497A7CC3D7}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{246F59FF-6BBD-4E71-B608-DAEC290F7C7F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{CD0EB16C-B29A-43CF-B4EF-7EFBBD564775}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [TCP Query User{E9FF8C94-F927-44E8-A40B-C1BCCEAD710B}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{755E9C5D-EE5D-4CBB-AE49-452EAB42A84C}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{FF7CBF99-0C15-4D7C-A252-D76E769B4AA0}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B1BA14DE-0B6A-4F36-93B9-0F947A484265}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2015 12:29:56 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/14/2015 12:15:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/14/2015 12:17:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/14/2015 12:15:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Error: (09/14/2015 12:15:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Routing and Remote Access service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Error: (09/14/2015 12:15:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Error: (09/14/2015 12:15:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Error: (09/14/2015 12:14:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%-2144206839

Error: (09/14/2015 12:14:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Base Filtering Engine service terminated with the following error:
%%-2144206839

Microsoft Office:
=========================
Error: (09/14/2015 12:29:56 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (09/14/2015 12:15:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 3998.36 MB
Available physical RAM: 2685.1 MB
Total Virtual: 7994.92 MB
Available Virtual: 6020.37 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:214.45 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:22.23 GB) NTFS
Drive f: (SIMPLY_TAI_CHI) (CDROM) (Total:1.69 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C9E52945)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of Addition.txt ============================


  • 0

#7
RKinner
Posted 14 September 2015 - 01:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

BFE is still broken.  Normally this is caused by a zero access infection but I don't see it in your logs.  Let's see if we can fix it:

 

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exeand Save it then right click on it and Run As Admin.  If I remember correctly it will reboot the PC when done.  If it doesn't please do so then run VEW again (just for System) and post the log.

 

 


  • 0

#8
Susanking96
Posted 14 September 2015 - 02:48 PM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/09/2015 4:47:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/09/2015 8:45:10 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 14/09/2015 8:44:59 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 14/09/2015 8:43:38 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Routing and Remote Access service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 8:43:38 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 8:43:29 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 8:42:53 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 8:42:52 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Base Filtering Engine service terminated with the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:17:18 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 14/09/2015 4:15:12 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:15:11 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Routing and Remote Access service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:15:11 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:15:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:14:44 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  %%-2144206839

Log: 'System' Date/Time: 14/09/2015 4:14:43 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Base Filtering Engine service terminated with the following error:  %%-2144206839

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/09/2015 8:42:27 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/09/2015 4:14:19 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/09/2015 4:11:24 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 14/09/2015 4:11:24 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll


  • 0

#9
RKinner
Posted 14 September 2015 - 03:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  BFE is still not starting.

 

Let's check for Zero Access

 

Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html

:!: Turn off your screen saver so you can see what is going on

Download and Save this file --  to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.  



    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.

 

We may need to change permissions on the reg entry for BFE but let's see what the two scans find.


  • 0

#10
Susanking96
Posted 14 September 2015 - 08:33 PM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Here is the log for aswmbr. It didn't bring up the fix button upon completion.

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-09-14 18:27:27
-----------------------------
18:27:27.182    OS Version: Windows x64 6.1.7601 Service Pack 1
18:27:27.182    Number of processors: 4 586 0x3A09
18:27:27.182    ComputerName: SUSAN-PCLT  UserName: Susan
18:27:27.868    Initialize success
18:27:27.868    VM: initialized successfully
18:27:27.868    VM: Intel CPU BiosDisabled
18:30:05.371    AVAST engine defs: 15091401
18:30:26.618    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:30:26.618    Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3
18:30:26.821    Disk 0 MBR read successfully
18:30:26.837    Disk 0 MBR scan
18:30:26.837    Disk 0 Windows 7 default MBR code
18:30:26.946    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          200 MB offset 2048
18:30:27.008    Disk 0 default boot code
18:30:27.039    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       430658 MB offset 411648
18:30:27.071    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS        26080 MB offset 882399232
18:30:27.102    Disk 0 Partition 4 00     12    Compaq diag NTFS        20001 MB offset 935811072
18:30:27.227    Disk 0 scanning C:\Windows\system32\drivers
18:30:37.819    File: C:\Windows\system32\drivers\AVGIDSHA.sys **HIDDEN**
18:30:37.866    File: C:\Windows\system32\drivers\AVGLDX64.sys **HIDDEN**
18:30:37.897    File: C:\Windows\system32\drivers\AVGMFX64.sys **HIDDEN**
18:30:37.913    File: C:\Windows\system32\drivers\AVGRKX64.sys **HIDDEN**
18:30:37.959    File: C:\Windows\system32\drivers\AVGTDIA.sys **HIDDEN**
18:30:38.022    File: C:\Windows\system32\drivers\avgtpx64.sys **HIDDEN**
18:30:38.069    File: C:\Windows\system32\drivers\cfwids.sys **HIDDEN**
18:30:38.115    File: C:\Windows\system32\drivers\mfeapfk.sys **HIDDEN**
18:30:38.162    File: C:\Windows\system32\drivers\mfeavfk.sys **HIDDEN**
18:30:38.178    File: C:\Windows\system32\drivers\mfeclnk.sys **HIDDEN**
18:30:38.225    File: C:\Windows\system32\drivers\mfefirek.sys **HIDDEN**
18:30:38.287    File: C:\Windows\system32\drivers\mfehidk.sys **HIDDEN**
18:30:38.318    File: C:\Windows\system32\drivers\mfenlfk.sys **HIDDEN**
18:30:38.349    File: C:\Windows\system32\drivers\mferkdet.sys **HIDDEN**
18:30:38.396    File: C:\Windows\system32\drivers\mfewfpk.sys **HIDDEN**
18:30:38.396    Service scanning
18:31:00.143    Modules scanning
18:31:01.422    AVAST engine scan C:\Windows
18:31:04.011    AVAST engine scan C:\Windows\system32
18:35:04.440    File: C:\Windows\system32\mfevtps.exe **HIDDEN**
18:35:04.549    File: C:\Windows\system32\SETF60F.tmp **HIDDEN**
18:35:15.329    File: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.v9.0.dll  **SUSPICIOUS**
18:35:18.464    File: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.v9.0.dll  **SUSPICIOUS**
18:35:21.569    File: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.v9.0.dll  **SUSPICIOUS**
18:35:24.720    File: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v9.0.dll  **SUSPICIOUS**
18:35:27.871    File: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.v9.0.dll  **SUSPICIOUS**
18:35:32.005    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll  **SUSPICIOUS**
18:35:38.198    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll  **SUSPICIOUS**
18:35:44.438    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll  **SUSPICIOUS**
18:35:53.830    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll  **SUSPICIOUS**
18:36:00.085    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll  **SUSPICIOUS**
18:36:06.388    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll  **SUSPICIOUS**
18:36:09.492    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll  **SUSPICIOUS**
18:36:12.612    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll  **SUSPICIOUS**
18:36:21.957    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll  **SUSPICIOUS**
18:36:25.077    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll  **SUSPICIOUS**
18:36:28.181    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll  **SUSPICIOUS**
18:36:43.734    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll  **SUSPICIOUS**
18:36:46.839    File: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll  **SUSPICIOUS**
18:37:09.444    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\Accessibility.ni.dll **HIDDEN**
18:37:09.616    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\BDATunePIA.ni.dll **HIDDEN**
18:37:09.756    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe **HIDDEN**
18:37:09.834    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll **HIDDEN**
18:37:09.928    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe **HIDDEN**
18:37:10.068    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe **HIDDEN**
18:37:10.177    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\7b6de29c99674df526ccf9d4937828fe\ehiExtens.ni.dll **HIDDEN**
18:37:10.318    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5cd902459c588bb0ac608d4cbc8b5e4c\ehiProxy.ni.dll **HIDDEN**
18:37:10.427    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\f09ce1eab0d18a4bbd53ab2a67a5c909\ehiUserXp.ni.dll **HIDDEN**
18:37:10.567    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\e05e6f6ef788b8973bbedf258216c972\ehiVidCtl.ni.dll **HIDDEN**
18:37:10.692    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\6e35ba22c9762646d5294dd919175c69\ehRecObj.ni.dll **HIDDEN**
18:37:10.817    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\654c5baca16d72756296ab1d927ea4a8\EventViewer.ni.dll **HIDDEN**
18:37:10.942    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ca11c3c4c5560bf7aafa094599128200\IAStorCommon.ni.dll **HIDDEN**
18:37:11.066    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\1428876b9bee0b7d7ced9462111719b8\IAStorDataMgr.ni.dll **HIDDEN**
18:37:11.176    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\51694f36a8a968fb3d8ca98152caf4ef\IAStorDataMgrSvc.ni.exe **HIDDEN**
18:37:11.300    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f1f0231b32dee581dcab0b26d83b02ca\IAStorUtil.ni.dll **HIDDEN**
18:37:11.503    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\c534da8afa812956f594f98fc9ff5998\Interop.CxHDAudioAPILib.ni.dll **HIDDEN**
18:37:11.612    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a21ece5c049c9f429756fd1a3fe55ccd\IsdiInterop.ni.dll **HIDDEN**
18:37:11.878    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\38e4b4d4c4cf98e359438769fae66149\mcepg.ni.dll **HIDDEN**
18:37:12.065    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\740a64a316ada107a23dd34f35ae3b94\mcstore.ni.dll **HIDDEN**
18:37:12.190    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\c359669d601990310a6b30ab5992ffa8\mcstoredb.ni.dll **HIDDEN**
18:37:12.330    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\942c10614a6f8c8a22d1f74e217a11d6\Microsoft.Build.Conversion.v3.5.ni.dll **HIDDEN**
18:37:12.486    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\14afe54e24cf09fe6c371fc47cfabf0e\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:37:12.658    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e4031bd0b7706fd0a686e9bb6353aa2a\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:37:12.751    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4c0fa9d495ac562afcb136f3e9a87cb9\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:37:12.845    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\84b83e7639310b35b5ce150df62a2843\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:37:13.032    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\880a680b2160130c8cf858a7d2a9067d\Microsoft.Build.Tasks.ni.dll **HIDDEN**
18:37:13.204    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d7245402b9853a8e390552ba45b3a6b4\Microsoft.Build.Tasks.v3.5.ni.dll **HIDDEN**
18:37:13.313    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\30f8865f88bb953486fd20650b54177c\Microsoft.Build.Utilities.ni.dll **HIDDEN**
18:37:13.406    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dfb5532e4cf07b7324280988a3e1cca4\Microsoft.Build.Utilities.v3.5.ni.dll **HIDDEN**
18:37:13.562    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\b0d0daea6a1d9a111a0f33a9a868bcf7\Microsoft.Ink.ni.dll **HIDDEN**
18:37:13.765    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3fde69f9642ab464bd3389f1fe3c5bd\Microsoft.JScript.ni.dll **HIDDEN**
18:37:13.890    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\630257a0b042768c2e3104a36559c1a9\Microsoft.ManagementConsole.ni.dll **HIDDEN**
18:37:14.077    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\d22ec1c367b915c4028867244c6a1623\Microsoft.MediaCenter.ni.dll **HIDDEN**
18:37:14.124    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\e7b8df5d803bb9bd27f63f0074775aaf\Microsoft.MediaCenter.UI.ni.dll **HIDDEN**
18:37:14.233    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e1f8e4d08d4b7f811b7dbbacd324027b\Microsoft.Office.Tools.v9.0.ni.dll **HIDDEN**
18:37:14.452    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2ba6bf6e9258afde91ab81fad2d37469\Microsoft.PowerShell.GPowerShell.ni.dll **HIDDEN**
18:37:14.623    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3008a05e2928e2c1d856cc34e0422c17\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
18:37:14.701    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f68cd04686e5dc5a55070d112d44bdf\Microsoft.PowerShell.Commands.Diagnostics.ni.dll **HIDDEN**
18:37:14.935    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6cc1334749f85cce651642f0a8260892\Microsoft.PowerShell.Editor.ni.dll **HIDDEN**
18:37:15.138    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ce205027e30804d1b2deaffa0582735\Microsoft.PowerShell.Security.ni.dll **HIDDEN**
18:37:15.278    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8df695fb80187f65208d87229e81e8a2\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
18:37:15.388    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
18:37:15.512    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e998eeb1548ffd53b39dcde50d196ab7\Microsoft.PowerShell.GraphicalHost.ni.dll **HIDDEN**
18:37:15.622    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4a235e617ad0a4c3aecd3982f0e3c48a\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:37:15.778    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\af058f98427f47670e70468a36d84ee4\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:37:15.934    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:37:16.058    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\4bfa36696bef033cf7e33b1a092c8a0f\Microsoft.VisualC.ni.dll **HIDDEN**
18:37:16.199    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\03cad6bd8b37d21b28dcb4f955be2158\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll **HIDDEN**
18:37:16.324    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0cb958acb9cd4cacb46ebc0396e30aa3\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll **HIDDEN**
18:37:16.433    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\147e0380bb1defe89cef3287b2e165f7\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll **HIDDEN**
18:37:16.542    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\367516b7878af19f5c84c67f2cd277ae\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll **HIDDEN**
18:37:16.636    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\706028ed10729086037ad3f6e33850a3\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll **HIDDEN**
18:37:16.745    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\808c8ecb40202a57a35a5f83facc3f6b\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll **HIDDEN**
18:37:16.854    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8c6bac317f75b51647ea3a8da141b143\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll **HIDDEN**
18:37:16.948    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\99b47ff04b25e114b6dd8dc8e0ae9f5c\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll **HIDDEN**
18:37:17.041    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ee73646032cbb022d16771203727e3b2\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll **HIDDEN**
18:37:17.150    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f1a7ac664667f2d6bcd6c388b230c22b\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll **HIDDEN**
18:37:17.244    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fc36797f7054935a6033077612905a0f\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll **HIDDEN**
18:37:17.353    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fd1cf4e736d6b312eac977974d613d35\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll **HIDDEN**
18:37:17.478    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\a415a146afc72f13f691f69a11ab5609\Microsoft.Vsa.ni.dll **HIDDEN**
18:37:17.618    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0a5d39e601d2512b483a56408c3cec05\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll **HIDDEN**
18:37:17.712    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\90cd177df2fc13d88c401b6b53a121b8\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll **HIDDEN**
18:37:17.821    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\aa3fa7748881ce0969396eba0be3c6c3\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll **HIDDEN**
18:37:17.915    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b5e6aa065d13e30c27219186f8e02689\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll **HIDDEN**
18:37:18.024    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\de64901e4cd2074f5c70733ab5d7787a\Microsoft.Windows.Diagnosis.SDHost.ni.dll **HIDDEN**
18:37:18.118    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\e7904d77bcee77868d534546ed2a61b6\Microsoft.Windows.Diagnosis.SDEngine.ni.dll **HIDDEN**
18:37:18.227    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ee8ed3c8e7f0281a9e29c7cdf050b69d\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll **HIDDEN**
18:37:18.367    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\Microsoft.WSMan.Management.ni.dll **HIDDEN**
18:37:18.461    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\86550fdda6994a9c192d7a0b9b59ee5b\Microsoft.WSMan.Runtime.ni.dll **HIDDEN**
18:37:18.523    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\569e273efda8306ec7e22143d5285476\MIGUIControls.ni.dll **HIDDEN**
18:37:18.710    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\6d4bacfd54e8f79763945bee5a50711d\MMCEx.ni.dll **HIDDEN**
18:37:18.820    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\18e41c018ceff36c2512d12f570f0be7\MMCFxCommon.ni.dll **HIDDEN**
18:37:18.944    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe **HIDDEN**
18:37:19.007    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll **HIDDEN**
18:37:19.100    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\napcrypt\09b65f9c3f78e6ef3e259af945e937b9\napcrypt.ni.dll **HIDDEN**
18:37:19.210    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\3905ee11acabb6d202a69b8bfa3c91a0\naphlpr.ni.dll **HIDDEN**
18:37:19.303    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\napinit\6a657f2f518f97b282702fce20033459\napinit.ni.dll **HIDDEN**
18:37:19.444    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\f64692e58aa1a7116024bf3c3cbd1352\napsnap.ni.dll **HIDDEN**
18:37:19.662    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe **HIDDEN**
18:37:19.802    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c0a8f3f379d7a62a032783cc4e04a4dd\PresentationBuildTasks.ni.dll **HIDDEN**
18:37:19.896    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3e357e76593a8cc5346dc0431f4cdaa9\PresentationCFFRasterizer.ni.dll **HIDDEN**
18:37:19.958    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll **HIDDEN**
18:37:20.052    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe **HIDDEN**
18:37:20.177    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e5bae8f265fbbbf53e8ca79d159cd6d\PresentationFramework.Luna.ni.dll **HIDDEN**
18:37:20.286    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\17ab5131ab854c98847ad70236435924\PresentationFramework.Royale.ni.dll **HIDDEN**
18:37:20.380    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2897c35bf2bc4ef171004bfc2909aaf3\PresentationFramework.Classic.ni.dll **HIDDEN**
18:37:20.489    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll **HIDDEN**
18:37:20.536    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll **HIDDEN**
18:37:20.723    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6f4c8aeb8f066adf5cafedbec0cac415\PresentationUI.ni.dll **HIDDEN**
18:37:20.941    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7073e12b4c349a6ad94522e465e4f4ed\ReachFramework.ni.dll **HIDDEN**
18:37:21.175    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\1c301df37d78b555739f4881e69b9170\SmartAudio.ni.exe **HIDDEN**
18:37:21.316    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8218dc4808b77f3585fb048c61597af1\SMDiagnostics.ni.dll **HIDDEN**
18:37:21.425    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe **HIDDEN**
18:37:21.550    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\8abe9d895b3e9efe741b9162cb9206fc\sysglobl.ni.dll **HIDDEN**
18:37:21.612    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll **HIDDEN**
18:37:21.737    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\29c55874e34f9d5cd3ea739262f48adc\System.AddIn.ni.dll **HIDDEN**
18:37:21.830    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\78ce3fd89c50ab2d8d0ffc42ad838644\System.AddIn.Contract.ni.dll **HIDDEN**
18:37:21.924    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\221fa10bd3cb407e43b7476af5039090\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:37:22.033    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\System.Configuration.Install.ni.dll **HIDDEN**
18:37:22.189    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll **HIDDEN**
18:37:22.376    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll **HIDDEN**
18:37:22.439    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll **HIDDEN**
18:37:22.548    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\eae18653a1b39fe484b49963d43480ce\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:37:22.610    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a5947a9c77b884b9e06c54f38ff3c4d7\System.Data.Entity.ni.dll **HIDDEN**
18:37:22.766    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\32088676b4c08d192aae910cac1dade4\System.Data.Entity.Design.ni.dll **HIDDEN**
18:37:22.938    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\748de10ea72fad908022d9507c7304fc\System.Data.Linq.ni.dll **HIDDEN**
18:37:23.078    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\907f5045e26c39e1ae48024201b6334d\System.Data.OracleClient.ni.dll **HIDDEN**
18:37:23.188    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\5d0f494f1be2367fb0a634956f719965\System.Data.Services.Design.ni.dll **HIDDEN**
18:37:23.328    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a933cd1241698e4d13d80c8cb31d7055\System.Data.Services.Client.ni.dll **HIDDEN**
18:37:23.515    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c335a6ef5339fa917518475c286c8ca4\System.Data.Services.ni.dll **HIDDEN**
18:37:23.734    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4308c2310ca6f08c6e0068172e5b709f\System.Data.SqlXml.ni.dll **HIDDEN**
18:37:23.936    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\be74d258a0daa0e11197e1dcb1b3b0b9\System.Deployment.ni.dll **HIDDEN**
18:37:23.983    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\52873358b397c328168f0a5be7f3b9ae\System.Design.ni.dll **HIDDEN**
18:37:24.170    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\System.DirectoryServices.ni.dll **HIDDEN**
18:37:24.295    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bcad898b90aee666da2f81b0a87a91ee\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:37:24.404    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ced847eb933ffee8e1a2e738205916ce\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:37:24.592    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll **HIDDEN**
18:37:24.701    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\fac6392e83ef7e777b78933e057c9546\System.Drawing.Design.ni.dll **HIDDEN**
18:37:24.857    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll **HIDDEN**
18:37:24.950    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:37:25.060    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5490e4be56d6b1a80586439ac8b09b77\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:37:25.216    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\System.IdentityModel.ni.dll **HIDDEN**
18:37:25.340    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\19837bdc62b7667aba81364142e3565a\System.IO.Log.ni.dll **HIDDEN**
18:37:25.481    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll **HIDDEN**
18:37:25.543    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4436815b432c313255af322f4ec3560d\System.Management.Automation.ni.dll **HIDDEN**
18:37:25.668    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\17e443d6c643b83137beb310adee3c48\System.Management.Instrumentation.ni.dll **HIDDEN**
18:37:25.777    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9c17882ea083259c36cfd691f7c0835b\System.Messaging.ni.dll **HIDDEN**
18:37:25.902    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\964a515210f3bad01949e9ae4f83c7b2\System.Net.ni.dll **HIDDEN**
18:37:26.058    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\aac5817d96d0ddcffebc1c45000e9008\System.Printing.ni.dll **HIDDEN**
18:37:26.214    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll **HIDDEN**
18:37:26.339    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0728af1479c3388cadf85ccfc2b12582\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:37:26.526    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll **HIDDEN**
18:37:26.682    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\d9a485330ec2708456134e4a9712a4ab\System.Security.ni.dll **HIDDEN**
18:37:26.729    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e2642bff810609f64343e53dddb6b59c\System.ServiceModel.ni.dll **HIDDEN**
18:37:26.916    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll **HIDDEN**
18:37:27.025    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll **HIDDEN**
18:37:27.197    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\6935e1dad6ec5de21658f8d38999099a\System.Speech.ni.dll **HIDDEN**
18:37:27.322    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll **HIDDEN**
18:37:27.384    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll **HIDDEN**
18:37:27.509    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\3112fe15b1994ff59b169cf7ce997e71\System.Web.Abstractions.ni.dll **HIDDEN**
18:37:27.634    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ec2acb1a563ecfce8396babd4a3b25\System.Web.DynamicData.Design.ni.dll **HIDDEN**
18:37:27.743    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a16dd65d2bfab6a019ac8a05337a5c24\System.Web.DynamicData.ni.dll **HIDDEN**
18:37:27.852    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9a3ab1594cf5cd52f0794b0a93a14b57\System.Web.Entity.ni.dll **HIDDEN**
18:37:27.961    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\a63e76cc86c8958f0f3e9741c0d89f14\System.Web.Entity.Design.ni.dll **HIDDEN**
18:37:28.102    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0b5071ee1d40266575a7ac53b9b299d4\System.Web.Extensions.Design.ni.dll **HIDDEN**
18:37:28.304    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\70823ac0d6e6631a11d443bf38987cc9\System.Web.Extensions.ni.dll **HIDDEN**
18:37:28.476    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9abec9ee3dab00d67b395d1994a60776\System.Web.Mobile.ni.dll **HIDDEN**
18:37:28.585    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\c72ccbd1fef598dd897fdf0d2e49195b\System.Web.RegularExpressions.ni.dll **HIDDEN**
18:37:28.726    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\165d0873203da280298bfcfa50567a0b\System.Web.Routing.ni.dll **HIDDEN**
18:37:28.913    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be8209f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll **HIDDEN**
18:37:28.991    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll **HIDDEN**
18:37:29.100    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\fee2bbfe0b8f5988a3ab7a9db85c7a30\System.Windows.Presentation.ni.dll **HIDDEN**
18:37:29.318    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b2a2c534c407bbe46e8536445d0ada50\System.Workflow.Activities.ni.dll **HIDDEN**
18:37:29.381    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e1a68d2a01e132ebc60a5565a771902b\System.Workflow.ComponentModel.ni.dll **HIDDEN**
18:37:29.568    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\2101dbd9fa083a2ed0cc112636260070\System.Workflow.Runtime.ni.dll **HIDDEN**
18:37:29.724    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll **HIDDEN**
18:37:29.786    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll **HIDDEN**
18:37:29.896    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\70aac9dff3bdde548962557151c1ff49\System.Xml.Linq.ni.dll **HIDDEN**
18:37:30.020    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\99797e9500ed7bfa6b06063e7f017313\TaskScheduler.ni.dll **HIDDEN**
18:37:30.223    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eca4310274a7a6ce651b33cd4278610c\UIAutomationClient.ni.dll **HIDDEN**
18:37:30.395    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\56780b4bd164787631d4317d0556c3c0\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:37:30.504    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ab8ac659d9525c6a0cd22c6f3734862f\UIAutomationProvider.ni.dll **HIDDEN**
18:37:30.629    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6820836e29efa97200d3fcfb4d0f170b\UIAutomationTypes.ni.dll **HIDDEN**
18:37:30.894    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll **HIDDEN**
18:37:31.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\30b1d86571495ea86b9a19b13498aad3\WindowsFormsIntegration.ni.dll **HIDDEN**
18:37:31.128    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe **HIDDEN**
18:37:31.253    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\Accessibility.ni.dll **HIDDEN**
18:37:31.440    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\BDATunePIA.ni.dll **HIDDEN**
18:37:31.580    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe **HIDDEN**
18:37:31.690    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\e41fccd68a6543f2528f6f6118f5f7e2\CustomMarshalers.ni.dll **HIDDEN**
18:37:31.783    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe **HIDDEN**
18:37:31.924    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b648e07269decc9d5a2d8aeba1d48cbb\ehCIR.ni.dll **HIDDEN**
18:37:32.048    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe **HIDDEN**
18:37:32.158    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\56a7faf970109dc1dc6b76f643d93c5f\ehiActivScp.ni.dll **HIDDEN**
18:37:32.267    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\99c61751c71078d92ff372495bc38fc3\ehiBmlDataCarousel.ni.dll **HIDDEN**
18:37:32.392    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d122f8c71cdd586e76d9617f80a0297f\ehiExtens.ni.dll **HIDDEN**
18:37:32.516    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4a7ec1155d9e9e4b40889b171d16a577\ehiiTv.ni.dll **HIDDEN**
18:37:32.704    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\50691bdee045a2df00f00ac461844c5f\ehiProxy.ni.dll **HIDDEN**
18:37:32.813    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\32c163c5b3420fb95f4bc8b5a365a6bd\ehiTVMSMusic.ni.dll **HIDDEN**
18:37:32.938    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\8b58e86c1211cac8bb344ec05015055b\ehiUPnP.ni.dll **HIDDEN**
18:37:33.062    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\a6dc826bf08c95bd5fe459a02bbfd33c\ehiUserXp.ni.dll **HIDDEN**
18:37:33.265    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\005810b5e7d8802575d07878997d434d\ehiVidCtl.ni.dll **HIDDEN**
18:37:33.437    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\9f570489c98c93a79f0fd793586afdc6\ehiwmp.ni.dll **HIDDEN**
18:37:33.577    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\b253aa4b8000e29b2fb725e4f7b8bc7c\ehiWUapi.ni.dll **HIDDEN**
18:37:33.718    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\dd75e74b3a7686f661129df07fdeadf1\ehRecObj.ni.dll **HIDDEN**
18:37:33.780    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehshell\a1e624126e0db648f3b8ea24d0f13f84\ehshell.ni.dll **HIDDEN**
18:37:33.936    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\EventViewer\21464de9aa1dce17c1f42044129a986e\EventViewer.ni.dll **HIDDEN**
18:37:34.076    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe **HIDDEN**
18:37:34.342    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\13b4ad00d1167ff3ed7d2a8e4994f1ff\mcepg.ni.dll **HIDDEN**
18:37:34.591    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\f04b0488328a68d57953149b31a85065\MCESidebarCtrl.ni.dll **HIDDEN**
18:37:34.732    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\18aae97d7e56a28acf9d642ad23ab413\mcGlidHostObj.ni.dll **HIDDEN**
18:37:34.841    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\f7a93626b76fe66f217c19426cc5b02a\mcplayerinterop.ni.dll **HIDDEN**
18:37:35.059    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\67c2902f53638a9056174f6130a8bde7\mcstore.ni.dll **HIDDEN**
18:37:35.184    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\e049a1a3948a031aed69690fc102ea6c\mcstoredb.ni.dll **HIDDEN**
18:37:35.324    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe **HIDDEN**
18:37:35.434    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\53fddfded025faba07fdd8b69fef6bd6\Mcx2Dvcs.ni.dll **HIDDEN**
18:37:35.558    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\ba0cf5858766f7bc9413b1d4af6d69bd\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll **HIDDEN**
18:37:35.668    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\8d64f031cf429f4ce79642e8be267d2d\Microsoft.Build.Conversion.v3.5.ni.dll **HIDDEN**
18:37:35.839    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\2e1dbe90bc10ba70f147a249adfc7f64\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:37:36.011    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\8c4abd55a6b822e3efbbc649c5c01a3e\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:37:36.136    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\89815091ad8cb6d7b4c48d84ff1021e0\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:37:36.229    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\a71fda14114136e528b310f41dce7915\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:37:36.448    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\3cf3740de20740208d614d330aa4416c\Microsoft.Build.Tasks.v3.5.ni.dll **HIDDEN**
18:37:36.619    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\ca72594c581d8024d629f931f0e312d7\Microsoft.Build.Tasks.ni.dll **HIDDEN**
18:37:36.728    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\8ce46e3ffce2d37b9c50762a641c57ee\Microsoft.Build.Utilities.ni.dll **HIDDEN**
18:37:36.822    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\97d05b893a063bbb5b56c7b3d20c5245\Microsoft.Build.Utilities.v3.5.ni.dll **HIDDEN**
18:37:37.072    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3d4632e11d04d8db85c98485b1622bae\Microsoft.Ink.ni.dll **HIDDEN**
18:37:37.321    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\71e40c479d779f2bf55bb925834e3cd3\Microsoft.JScript.ni.dll **HIDDEN**
18:37:37.446    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e72886c96b63be364c0205b6c4ff4413\Microsoft.ManagementConsole.ni.dll **HIDDEN**
18:37:37.664    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\140714964f3afbcea38cb33d548c5d3c\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll **HIDDEN**
18:37:37.789    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1e99a9d1dc792d81f86b5de451cf9f3d\Microsoft.MediaCenter.Interop.ni.dll **HIDDEN**
18:37:38.226    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4e9468fdc6937145e65c6434787e2fa5\Microsoft.MediaCenter.iTv.Media.ni.dll **HIDDEN**
18:37:38.694    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5b9c2eae674609a3d84010c9906e0bf8\Microsoft.MediaCenter.iTv.Hosting.ni.dll **HIDDEN**
18:37:38.850    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\618ab8996b43e841efdcfb273393fc02\Microsoft.MediaCenter.UI.ni.dll **HIDDEN**
18:37:39.692    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\91d1761a767975dc100e4e05e48cc9a3\Microsoft.MediaCenter.Shell.ni.dll **HIDDEN**
18:37:39.989    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9ae837dc03e8519b40fe2c35c8752146\Microsoft.MediaCenter.ni.dll **HIDDEN**
18:37:40.114    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a9f43923aab0d83b93cbf10ac1dfd0b5\Microsoft.MediaCenter.iTv.ni.dll **HIDDEN**
18:37:40.270    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b883b83d1f72f1fcaf4acdef3c9c381f\Microsoft.MediaCenter.Bml.ni.dll **HIDDEN**
18:37:40.410    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ce17670e5d6d33a85e64766e340a2176\Microsoft.MediaCenter.Playback.ni.dll **HIDDEN**
18:37:40.550    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\dc34242bf840d340e94d2657c7c33371\Microsoft.MediaCenter.Sports.ni.dll **HIDDEN**
18:37:40.660    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ef44c6dfcb60c7b8bc8c26847048d6e5\Microsoft.MediaCenter.ITVVM.ni.dll **HIDDEN**
18:37:40.784    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f1f58d6720098d7c1d51faf7f326d72d\Microsoft.MediaCenter.Mheg.ni.dll **HIDDEN**
18:37:41.018    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7a9c26f21641112fcacd6f087b42133a\Microsoft.PowerShell.GPowerShell.ni.dll **HIDDEN**
18:37:41.143    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9206dc8156588e608d405729c833edc5\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
18:37:41.190    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\997418025a2c73d8088b0f59264a6f2b\Microsoft.PowerShell.Editor.ni.dll **HIDDEN**
18:37:41.299    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b023321bc53c20c10ccbbd8f78c82c82\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
18:37:41.393    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b5a6a5ce3cd3d4dd2b151315c612aeff\Microsoft.PowerShell.Security.ni.dll **HIDDEN**
18:37:41.580    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdf48153115fc0bb466f37b7dcad9ac5\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
18:37:41.705    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\dcf1d740ffae84572215588047a59861\Microsoft.PowerShell.GraphicalHost.ni.dll **HIDDEN**
18:37:41.814    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec50af274bf7a15fb59ac1f0d353b7ea\Microsoft.PowerShell.Commands.Diagnostics.ni.dll **HIDDEN**
18:37:41.939    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\22b5364c10d315a7f0a1fbd23f671c5a\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:37:42.079    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\a04be0cabc675da23c6cdd970b50e3c5\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:37:42.266    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:37:42.376    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\692d1ed105277febf1550c93d00cd202\Microsoft.VisualC.ni.dll **HIDDEN**
18:37:42.485    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\bb235aa98e8e876f0f641c4d486f9151\Microsoft.Vsa.ni.dll **HIDDEN**
18:37:42.594    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\03ab7eafba7f39a47e9e50e59551395a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll **HIDDEN**
18:37:42.703    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1dd37db07c93d0d49379838760970302\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll **HIDDEN**
18:37:42.812    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5efdf2ce3570caddc09eeae943f71cee\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll **HIDDEN**
18:37:42.906    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a178c0607d3809c8334a450b9b839b43\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll **HIDDEN**
18:37:43.031    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a5daafd496ae30928b7ac626037af53c\Microsoft.Windows.Diagnosis.SDEngine.ni.dll **HIDDEN**
18:37:43.124    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\dcc11202188c9fa2ba06359a04d4b43a\Microsoft.Windows.Diagnosis.SDHost.ni.dll **HIDDEN**
18:37:43.234    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e97b40597db13e8a8151b30b9c59007e\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll **HIDDEN**
18:37:43.374    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\8cd73e65058ef6f77f36b62a74ec3344\Microsoft.WSMan.Management.ni.dll **HIDDEN**
18:37:43.483    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\4582b654b68ad17b90714875bd8c3fa2\Microsoft.WSMan.Runtime.ni.dll **HIDDEN**
18:37:43.530    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\5d7e85e3ad81826e2e1d7131284c63fe\MIGUIControls.ni.dll **HIDDEN**
18:37:43.748    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MMCEx\b46af15d2e2ae2782f384bfc4a4c2c03\MMCEx.ni.dll **HIDDEN**
18:37:44.388    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\98b1fc37038b59eb1fcb89ce6284190e\MMCFxCommon.ni.dll **HIDDEN**
18:37:44.903    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe **HIDDEN**
18:37:45.074    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll **HIDDEN**
18:37:45.184    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\napcrypt\d95f343677c556b67e99818cc02f4214\napcrypt.ni.dll **HIDDEN**
18:37:45.308    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\naphlpr\03d99e593bc94e308005a972667d7ca9\naphlpr.ni.dll **HIDDEN**
18:37:45.418    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\napinit\a64d6cb9f99621449821066eca9291e9\napinit.ni.dll **HIDDEN**
18:37:45.589    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\napsnap\46a2e8958905ea98cb6e91b38449c58a\napsnap.ni.dll **HIDDEN**
18:37:45.932    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe **HIDDEN**
18:37:46.198    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\08ccd030c85c817c0a889196955a49a4\PresentationBuildTasks.ni.dll **HIDDEN**
18:37:46.291    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\c0ad9f95f88a6678d9ab2a648f0f2eae\PresentationCFFRasterizer.ni.dll **HIDDEN**
18:37:46.354    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\e097881a6e1956a4c3f6b8dbb81cb4ee\PresentationCore.ni.dll **HIDDEN**
18:37:46.447    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe **HIDDEN**
18:37:46.525    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\09ca6fe45ec9d8c535413b0dfa7d2075\PresentationFramework.ni.dll **HIDDEN**
18:37:46.650    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1badf57680aebab32f17bc080876b61d\PresentationFramework.Classic.ni.dll **HIDDEN**
18:37:46.759    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4260e87dc94e25052b34ea78873dfedb\PresentationFramework.Aero.ni.dll **HIDDEN**
18:37:46.884    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\495f263cbca8e7d0462ee309a634e115\PresentationFramework.Luna.ni.dll **HIDDEN**
18:37:46.993    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c462be068987b2b4fac3a700f265fc77\PresentationFramework.Royale.ni.dll **HIDDEN**
18:37:47.180    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d7c71f43e6d6e92221717345e6156044\PresentationUI.ni.dll **HIDDEN**
18:37:47.399    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\34177215bbd2e05eb6d59d40a0a98f96\ReachFramework.ni.dll **HIDDEN**
18:37:47.508    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\4b5adb098f8ce2890826195454a777b2\SMDiagnostics.ni.dll **HIDDEN**
18:37:47.633    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe **HIDDEN**
18:37:47.742    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\sysglobl\857fbc76bdd79711e5228e5b075ade49\sysglobl.ni.dll **HIDDEN**
18:37:47.804    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll **HIDDEN**
18:37:47.960    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\ed852e32514b415cfb4ac81aef9ac0fd\System.AddIn.ni.dll **HIDDEN**
18:37:48.085    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\eadb7dd5fe85da92b491154484bc40e3\System.AddIn.Contract.ni.dll **HIDDEN**
18:37:48.194    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\560cb6a2e8f4877877b11de7c1f07d42\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:37:48.319    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\fcf35536476614410e0b0bd0e412199e\System.Configuration.Install.ni.dll **HIDDEN**
18:37:48.491    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll **HIDDEN**
18:37:48.740    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\System.Core.ni.dll **HIDDEN**
18:37:48.803    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\accc3a5269658c8c47fe3e402ac4ac1c\System.Data.ni.dll **HIDDEN**
18:37:48.943    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\56ccdabce54219b23bc4b6477d98b45c\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:37:49.006    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\84467aa24019da88d4aece177e51a223\System.Data.Entity.ni.dll **HIDDEN**
18:37:49.177    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\8f1dcb9771b151969c5afdae76376d5c\System.Data.Entity.Design.ni.dll **HIDDEN**
18:37:49.396    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\b357f35e860204c5b74e1388f97db058\System.Data.Linq.ni.dll **HIDDEN**
18:37:49.552    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\89eae0aa2c0c6d4678ccffdc84fcc410\System.Data.OracleClient.ni.dll **HIDDEN**
18:37:49.661    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\1e96bc85441d7719ea6f7e63c4c3e287\System.Data.Services.Design.ni.dll **HIDDEN**
18:37:49.832    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\5d81c3e6fa9f3f78cd8d06d8cf2caff0\System.Data.Services.Client.ni.dll **HIDDEN**
18:37:50.035    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\0765c6422b48cd504d2fba3765c78c79\System.Data.Services.ni.dll **HIDDEN**
18:37:50.301    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\7111bf18edb7bf9d986782131f797acb\System.Data.SqlXml.ni.dll **HIDDEN**
18:37:50.519    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\413d36d1d35aabadf1c9d6f0a56cfab8\System.Deployment.ni.dll **HIDDEN**
18:37:50.581    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Design\d42a48a3e73b472a80d0d44038af89b0\System.Design.ni.dll **HIDDEN**
18:37:50.753    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\6ed2b26c49820b85b9f78ac7abceefa9\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:37:50.893    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\System.DirectoryServices.ni.dll **HIDDEN**
18:37:51.018    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e883ac4543d94e67abd1c33191633865\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:37:51.205    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll **HIDDEN**
18:37:51.330    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\aa8854bd55fca246dd3226a671092bfa\System.Drawing.Design.ni.dll **HIDDEN**
18:37:51.517    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\a6155c70b3df6c860303ffee7b560ade\System.EnterpriseServices.ni.dll **HIDDEN**
18:37:51.611    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\a6155c70b3df6c860303ffee7b560ade\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:37:51.751    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\559a3dee015d005c199f3867b10f5bbc\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:37:51.923    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\9b1d7533105a793af14b7b51cd5443af\System.IdentityModel.ni.dll **HIDDEN**
18:37:52.063    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\85b543fd18ce71c8bc95c49abf8ceb66\System.IO.Log.ni.dll **HIDDEN**
18:37:52.251    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c44929bde355680c886f8a52f5e22b81\System.Management.ni.dll **HIDDEN**
18:37:52.313    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\009a09f5b2322bb8c5520dc5ddbb28bb\System.Management.Automation.ni.dll **HIDDEN**
18:37:52.438    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\8b62ac3a8cfd55c530052c79253d25c8\System.Management.Instrumentation.ni.dll **HIDDEN**
18:37:52.578    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\ee9a323861b378713f17421b0d98adb5\System.Messaging.ni.dll **HIDDEN**
18:37:52.719    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Net\d567624f1206028ff852c689416d6b58\System.Net.ni.dll **HIDDEN**
18:37:52.875    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Printing\8a2376658a24628765d359a0fafb3339\System.Printing.ni.dll **HIDDEN**
18:37:53.015    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\0fde44651bdf14a3988b955dd94aa318\System.Runtime.Remoting.ni.dll **HIDDEN**
18:37:53.249    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\52bdf474b237d949c5b2b407ebec8f1e\System.Runtime.Serialization.ni.dll **HIDDEN**
18:37:53.358    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8ad0e1382ab6565741bbb64b965f2748\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:37:53.530    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\821d4406efa3556465e6244fae26b536\System.Security.ni.dll **HIDDEN**
18:37:53.592    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\ac74a0642981011a441823a762bfb3d8\System.ServiceModel.ni.dll **HIDDEN**
18:37:53.795    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\bde9665f643d6e82b36b401d38f07fc8\System.ServiceModel.Web.ni.dll **HIDDEN**
18:37:53.935    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\df4cc33bfe326b259eeef086451a2528\System.ServiceProcess.ni.dll **HIDDEN**
18:37:54.154    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Speech\0dc049d2993f3d0e2651581533093e17\System.Speech.ni.dll **HIDDEN**
18:37:54.325    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\051655963f24f9ade08486084c570086\System.Transactions.ni.dll **HIDDEN**
18:37:54.388    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\ea5a0e7af3956d40caeffaab3bb8b753\System.Web.ni.dll **HIDDEN**
18:37:54.497    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\e66285eb011e4864314f3e4e4d6d8e40\System.Web.Abstractions.ni.dll **HIDDEN**
18:37:54.622    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\98acb62493655ab4e5cad815e8df664d\System.Web.DynamicData.Design.ni.dll **HIDDEN**
18:37:54.747    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bef47cfaf8928e35b99d8deb0eeb6b08\System.Web.DynamicData.ni.dll **HIDDEN**
18:37:54.871    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d3aaf07a1d6356d9edf7c3c9f4b7dd0d\System.Web.Entity.ni.dll **HIDDEN**
18:37:55.012    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\86fd874752b7cca432941e9f482c3590\System.Web.Entity.Design.ni.dll **HIDDEN**
18:37:55.168    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\47da05ff5ddd7d25ab9df88e6d79bb39\System.Web.Extensions.Design.ni.dll **HIDDEN**
18:37:55.371    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e2d043bbce0d8d303dadd068037c3ffb\System.Web.Extensions.ni.dll **HIDDEN**
18:37:55.605    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\5ea81699d36a1938a0ff618380506f11\System.Web.Mobile.ni.dll **HIDDEN**
18:37:55.729    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\fc4fb8a45f4e2115c1290af5ffe5ace0\System.Web.RegularExpressions.ni.dll **HIDDEN**
18:37:55.823    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\b9977dd97ed7006f1d7968495c594bc5\System.Web.Routing.ni.dll **HIDDEN**
18:37:56.041    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\2f157d250a738f7a6074e0f29b298998\System.Web.Services.ni.dll **HIDDEN**
18:37:56.104    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll **HIDDEN**
18:37:56.213    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\93ee0d8b03d20f6b2d9875add13e23e8\System.Windows.Presentation.ni.dll **HIDDEN**
18:37:56.494    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\a53a2767e448aef90b345af1339d4c9a\System.Workflow.Activities.ni.dll **HIDDEN**
18:37:56.650    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\20e46d1d15a9eaee80b1d16dafef4017\System.Workflow.ComponentModel.ni.dll **HIDDEN**
18:37:56.884    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\462293b97f4b8f084192a7fbae47269f\System.Workflow.Runtime.ni.dll **HIDDEN**
18:37:57.055    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\7f1f91903e297c234f177743d94c318e\System.WorkflowServices.ni.dll **HIDDEN**
18:37:57.118    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll **HIDDEN**
18:37:57.227    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\164d9beb2bf9b6160593f915a2d9aa6d\System.Xml.Linq.ni.dll **HIDDEN**
18:37:57.367    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\a3883e7fc1bd0fbc54761b26c2bc5483\TaskScheduler.ni.dll **HIDDEN**
18:37:57.586    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\60fa801c6b0c236ddeb6e93364ec5705\UIAutomationClient.ni.dll **HIDDEN**
18:37:57.742    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\1820fd86357ea33153927f127e6c5d3f\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:37:57.835    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\0445defa66af3e3548dd3052e8752079\UIAutomationProvider.ni.dll **HIDDEN**
18:37:57.929    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\69e6acc80dfb71c3ebeac12584ea008c\UIAutomationTypes.ni.dll **HIDDEN**
18:37:57.991    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\40864f42b00635e6fa6ce8da88d9ab83\WindowsBase.ni.dll **HIDDEN**
18:37:58.101    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\0cb1830849e0ce11c8985339523d5b63\WindowsFormsIntegration.ni.dll **HIDDEN**
18:37:58.225    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe **HIDDEN**
18:37:58.350    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll **HIDDEN**
18:37:58.475    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll **HIDDEN**
18:37:58.569    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe **HIDDEN**
18:37:58.818    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll **HIDDEN**
18:37:58.990    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\08b2c2639708ab20748653185d6b67be\Microsoft.JScript.ni.dll **HIDDEN**
18:37:59.099    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:37:59.255    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:37:59.395    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll **HIDDEN**
18:37:59.536    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a7b5a07abe981fc8d777ff40a0e45102\Microsoft.VisualBasic.Compatibility.ni.dll **HIDDEN**
18:37:59.707    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:37:59.801    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edcde6e8ccca7996c2e1ad40bd0f2758\Microsoft.VisualBasic.Compatibility.Data.ni.dll **HIDDEN**
18:37:59.910    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll **HIDDEN**
18:37:59.973    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll **HIDDEN**
18:38:00.004    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll **HIDDEN**
18:38:00.144    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll **HIDDEN**
18:38:00.238    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll **HIDDEN**
18:38:00.347    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll **HIDDEN**
18:38:00.394    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll **HIDDEN**
18:38:00.503    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll **HIDDEN**
18:38:00.690    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll **HIDDEN**
18:38:00.924    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll **HIDDEN**
18:38:01.080    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll **HIDDEN**
18:38:01.205    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe **HIDDEN**
18:38:01.252    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll **HIDDEN**
18:38:01.564    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll **HIDDEN**
18:38:01.845    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll **HIDDEN**
18:38:01.985    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll **HIDDEN**
18:38:02.235    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll **HIDDEN**
18:38:02.453    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll **HIDDEN**
18:38:02.515    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll **HIDDEN**
18:38:02.625    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll **HIDDEN**
18:38:02.671    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:38:02.749    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll **HIDDEN**
18:38:02.859    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll **HIDDEN**
18:38:02.890    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll **HIDDEN**
18:38:02.905    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll **HIDDEN**
18:38:02.968    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:38:02.999    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll **HIDDEN**
18:38:03.124    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll **HIDDEN**
18:38:03.186    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\685c7df1332a74aaa899f2bdb3beabc3\System.Data.Services.Client.ni.dll **HIDDEN**
18:38:03.295    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll **HIDDEN**
18:38:03.389    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll **HIDDEN**
18:38:03.405    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\95a46d4775428acf5dd84f12aaa9f06f\System.Design.ni.dll **HIDDEN**
18:38:03.436    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Device\36342e6024e2844502d0bdaa9d30971a\System.Device.ni.dll **HIDDEN**
18:38:03.545    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\46a7f51ef1a9d917598b96f7a758a459\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:38:03.623    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll **HIDDEN**
18:38:03.670    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7f4419b6f829a2485d83b3c3e7b26a97\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:38:03.748    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll **HIDDEN**
18:38:03.841    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\8f9993d3eb4cd33d1452155f79b23d65\System.Drawing.Design.ni.dll **HIDDEN**
18:38:03.919    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll **HIDDEN**
18:38:04.013    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll **HIDDEN**
18:38:04.060    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:38:04.091    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\386f41f744eedacd1517c8a15750a48b\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:38:04.169    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll **HIDDEN**
18:38:04.231    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\150da10324f2811a48da58d3496bbe10\System.IO.Log.ni.dll **HIDDEN**
18:38:04.294    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll **HIDDEN**
18:38:04.325    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8b5fe7aff54a7aed07287257a9b8e420\System.Management.Instrumentation.ni.dll **HIDDEN**
18:38:04.387    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ab3e80af8e5e95a5a62092cc9293c91\System.Messaging.ni.dll **HIDDEN**
18:38:04.434    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd5c866d2462dd913ed0a0287396aa50\System.Net.ni.dll **HIDDEN**
18:38:04.481    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll **HIDDEN**
18:38:04.559    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll **HIDDEN**
18:38:04.637    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll **HIDDEN**
18:38:04.684    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll **HIDDEN**
18:38:04.777    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:38:04.965    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll **HIDDEN**
18:38:05.027    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll **HIDDEN**
18:38:05.043    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll **HIDDEN**
18:38:05.136    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll **HIDDEN**
18:38:05.183    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll **HIDDEN**
18:38:05.214    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll **HIDDEN**
18:38:05.277    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll **HIDDEN**
18:38:05.308    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll **HIDDEN**
18:38:05.433    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll **HIDDEN**
18:38:05.479    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll **HIDDEN**
18:38:05.526    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll **HIDDEN**
18:38:05.604    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll **HIDDEN**
18:38:05.651    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll **HIDDEN**
18:38:05.651    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll **HIDDEN**
18:38:05.698    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll **HIDDEN**
18:38:05.729    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll **HIDDEN**
18:38:05.823    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll **HIDDEN**
18:38:05.823    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll **HIDDEN**
18:38:05.885    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll **HIDDEN**
18:38:05.963    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll **HIDDEN**
18:38:06.041    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:38:06.072    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll **HIDDEN**
18:38:06.119    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll **HIDDEN**
18:38:06.291    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll **HIDDEN**
18:38:06.431    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll **HIDDEN**
18:38:06.493    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\dea86a81aacc28e408507e311da6d2fa\Accessibility.ni.dll **HIDDEN**
18:38:06.540    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\484c3c0ed451c906dec30445553d8fc1\CustomMarshalers.ni.dll **HIDDEN**
18:38:06.571    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\a354197a45ffa73be93177ed5b0ce377\dfsvc.ni.exe **HIDDEN**
18:38:06.681    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\4e7049d81f575a6e0652f7af80040a17\Microsoft.CSharp.ni.dll **HIDDEN**
18:38:06.899    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0ec582085325e7acf33b004c484be1de\Microsoft.JScript.ni.dll **HIDDEN**
18:38:06.993    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\0fb7cbd4c3fcf73f8860bd91497e8f66\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:38:07.039    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\a4381928c37d4cf483070269f48326d2\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:38:07.117    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\227517fd5a11539b8ed1fbe6a8c10f79\Microsoft.VisualBasic.Compatibility.Data.ni.dll **HIDDEN**
18:38:07.227    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\af08f116e2c31d2c65bd492804fb2fef\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:38:07.305    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b37e1ae66271b1dd2b7879febc9eac93\Microsoft.VisualBasic.Activities.Compiler.ni.dll **HIDDEN**
18:38:07.367    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f989c78736b186c8cc9ff2d1ca06217e\Microsoft.VisualBasic.Compatibility.ni.dll **HIDDEN**
18:38:07.398    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\35566e921b6dc6f070408594e730faaa\Microsoft.VisualC.ni.dll **HIDDEN**
18:38:07.414    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\bc19222db4406c472d9aa1f8b6e0f470\mscorlib.ni.dll **HIDDEN**
18:38:07.429    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\f3bf2b87e57d986369366c34f520a41b\PresentationCore.ni.dll **HIDDEN**
18:38:07.476    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\27fcc0e27b29a6518808712035f60f71\PresentationFramework.Aero.ni.dll **HIDDEN**
18:38:07.476    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\33e1103724b1b63ae539a292b56355fe\PresentationFramework.ni.dll **HIDDEN**
18:38:07.523    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8b726992b3b59fd5fb396feaa5697ee0\PresentationFramework.Luna.ni.dll **HIDDEN**
18:38:07.554    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a63e7b9a489aaa79e0708cd669469c72\PresentationFramework.Royale.ni.dll **HIDDEN**
18:38:07.585    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d63d1aeda73031944cb04496577630e3\PresentationFramework.Classic.ni.dll **HIDDEN**
18:38:07.679    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\b3fcf4290c9ba947d8dcb293442eacb1\PresentationUI.ni.dll **HIDDEN**
18:38:07.851    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\c8777929815906c78c1cd0fd6003eb9c\ReachFramework.ni.dll **HIDDEN**
18:38:08.038    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\ac74a156499a8303d5788ab299881d5d\SMDiagnostics.ni.dll **HIDDEN**
18:38:08.116    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\ef022a4092ef0a271b4dd7d12264dae8\SMSvcHost.ni.exe **HIDDEN**
18:38:08.147    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System\0f8f78b729ce16dd078f5d5f734a1110\System.ni.dll **HIDDEN**
18:38:08.163    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities\8a7112ce783f048fabd7c0ae1102f282\System.Activities.ni.dll **HIDDEN**
18:38:08.241    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8ec6b52230006060fd8e0ae4ee5a6078\System.Activities.Core.Presentation.ni.dll **HIDDEN**
18:38:08.303    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\17de1d19c3443b70236762a493b51aa4\System.Activities.DurableInstancing.ni.dll **HIDDEN**
18:38:08.334    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\d6f957aff5d1d2adbae373ba2c895fc7\System.Activities.Presentation.ni.dll **HIDDEN**
18:38:08.397    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\fb44540b59b268b7a681165b000da009\System.AddIn.ni.dll **HIDDEN**
18:38:08.443    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\47d59056ac291cf639edc1499ad22e84\System.AddIn.Contract.ni.dll **HIDDEN**
18:38:08.521    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\041944016e311af997be348fdf7bf101\System.ComponentModel.Composition.ni.dll **HIDDEN**
18:38:08.537    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\209765cffc4869810e3dac2a63356adb\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:38:08.568    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c080a9ed31f78466f2400bba623af2f8\System.Configuration.Install.ni.dll **HIDDEN**
18:38:08.646    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\11581b5eba4b3ff58441c638ab66c742\System.Configuration.ni.dll **HIDDEN**
18:38:08.693    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\7a93c267da35a5f16b6fa5a10482eb4e\System.Core.ni.dll **HIDDEN**
18:38:08.724    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\5a47dfd0b200a502a4d5d27ee99bcc3c\System.Data.ni.dll **HIDDEN**
18:38:08.802    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\e21ef3f0466f3b32573b2054a8ec2756\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:38:08.849    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\c41b30de7215a62c8ca5bfe6e04ea763\System.Data.Entity.ni.dll **HIDDEN**
18:38:09.083    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\8b5e92d8d715887140ae692251667d2a\System.Data.Linq.ni.dll **HIDDEN**
18:38:09.177    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\5ac492f703d6d741140f7cd45ef3c746\System.Data.Services.Client.ni.dll **HIDDEN**
18:38:09.379    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\eda698e4f33bbc7f6824512b1af768b4\System.Data.SqlXml.ni.dll **HIDDEN**
18:38:09.473    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\b02f2fc896c45ef188c8fcc62bb78622\System.Deployment.ni.dll **HIDDEN**
18:38:09.520    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Device\355f9ad8b3a2820986085f8194e46afd\System.Device.ni.dll **HIDDEN**
18:38:09.645    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1e6d600cb8881ea39ba9321e27665bcd\System.DirectoryServices.ni.dll **HIDDEN**
18:38:09.723    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\4e646b87f86fb1349f132c16106281ee\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:38:09.754    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\c2e9871975b94235b9e6ab192ecd1bf7\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:38:09.863    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1266d26c7b7843d308e2705cb8239d55\System.Drawing.ni.dll **HIDDEN**
18:38:09.910    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\898b578693d64daac6e604c9cc44fcea\System.Dynamic.ni.dll **HIDDEN**
18:38:10.003    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\48264d6ad04173a3a82cc06b70c5cd28\System.EnterpriseServices.ni.dll **HIDDEN**
18:38:10.035    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\48264d6ad04173a3a82cc06b70c5cd28\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:38:10.081    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\2db9efed85653059a279145d180bc535\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:38:10.175    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\33ac21194152cf9a89b82d9cd38b398d\System.IdentityModel.ni.dll **HIDDEN**
18:38:10.206    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\858fcb90269ce9231b39c3c8fd773d18\System.IO.Log.ni.dll **HIDDEN**
18:38:10.300    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\da51604aa808b94c181181b37c727078\System.Management.ni.dll **HIDDEN**
18:38:10.347    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\0ed484f6ac7e052feab93c030580fe83\System.Management.Instrumentation.ni.dll **HIDDEN**
18:38:10.409    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\e00e9887726be6523c6766d97563a5ce\System.Messaging.ni.dll **HIDDEN**
18:38:10.487    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Net\e12639aa1d12f14e08d88dabb7d7aec2\System.Net.ni.dll **HIDDEN**
18:38:10.518    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\215d813343ba0950ad6e148e2098018b\System.Numerics.ni.dll **HIDDEN**
18:38:10.565    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Printing\0b4141cd5f9a1f9b5db2ed0d53c2aafa\System.Printing.ni.dll **HIDDEN**
18:38:10.643    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2f02efd9ddb7417ffd5c06cfe6e865ca\System.Runtime.DurableInstancing.ni.dll **HIDDEN**
18:38:10.783    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\bfcee391af3b055588839ed4dcd0a93c\System.Runtime.Remoting.ni.dll **HIDDEN**
18:38:10.955    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\08fba6b56d838ad48b4451c82e5728d4\System.Runtime.Serialization.ni.dll **HIDDEN**
18:38:11.017    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\b468f9d8655e91b7a6aa11473eca4a97\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:38:11.064    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\1a32460874cc4452c740b86ff22ecdf1\System.Security.ni.dll **HIDDEN**
18:38:11.080    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\d072039db89cac96d9e0b1ae9b3a94f4\System.ServiceModel.ni.dll **HIDDEN**
18:38:11.205    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3d4a4c37891be698e4a6da84c70f9f74\System.ServiceModel.Discovery.ni.dll **HIDDEN**
18:38:11.251    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\50c0039fed2761ebedbf30436cb26d4e\System.ServiceModel.Channels.ni.dll **HIDDEN**
18:38:11.283    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\71433975df10aad7d60d14f2a2e59ade\System.ServiceModel.Routing.ni.dll **HIDDEN**
18:38:11.361    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\ab64e8f7c3bcb8d217c80c6b24a6e2d1\System.ServiceModel.Activities.ni.dll **HIDDEN**
18:38:11.407    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\7b167f31f23d4aed19dfa65ad3d29480\System.ServiceProcess.ni.dll **HIDDEN**
18:38:11.532    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Speech\56deb12b13d969b72e250df440b3cd5f\System.Speech.ni.dll **HIDDEN**
18:38:11.595    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\122cea70c5d0d591f9af1f4316848fd1\System.Transactions.ni.dll **HIDDEN**
18:38:11.641    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\cb9aa37454ca42d505366aa421872b49\System.Web.ApplicationServices.ni.dll **HIDDEN**
18:38:11.751    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\f417705d2257cd04cb9d11483ed38be8\System.Web.Services.ni.dll **HIDDEN**
18:38:11.797    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\c4b205eb68df08b6c0e3e2645f6653c5\System.Windows.Forms.DataVisualization.ni.dll **HIDDEN**
18:38:11.813    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f0acb5c0e7dc2c42c6c61f3aa1278338\System.Windows.Forms.ni.dll **HIDDEN**
18:38:11.875    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\63310265c78b84ed848564e7b48fbdb4\System.Windows.Input.Manipulations.ni.dll **HIDDEN**
18:38:11.938    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ae6799bd4dc4d1a2a65cdcc8a82cea40\System.Windows.Presentation.ni.dll **HIDDEN**
18:38:12.078    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\535e182d16212c61bc8b22e0309d3362\System.Xaml.ni.dll **HIDDEN**
18:38:12.094    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\5d9f385419332f14eaf937556199856f\System.Xml.ni.dll **HIDDEN**
18:38:12.141    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\9d14b7bc969452800c0456286309d41d\System.Xml.Linq.ni.dll **HIDDEN**
18:38:12.187    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\3b9f689c1ba2a1875d5001ade2cc54e2\UIAutomationClient.ni.dll **HIDDEN**
18:38:12.265    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\9438a191056a09eab733771508954503\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:38:12.297    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\17f02848e133014dab9270423d9dc916\UIAutomationProvider.ni.dll **HIDDEN**
18:38:12.343    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\61f2a7b20694daeb02f7de4931261fa4\UIAutomationTypes.ni.dll **HIDDEN**
18:38:12.375    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\38d48114cb19778e4bfdc338eb8adde2\WindowsBase.ni.dll **HIDDEN**
18:38:12.437    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\1c94b0dc0867d4028750c5efc3cb5edf\WindowsFormsIntegration.ni.dll **HIDDEN**
18:38:13.279    AVAST engine scan C:\Windows\system32\drivers
18:38:26.992    File: C:\Windows\system32\drivers\AVGIDSHA.sys **HIDDEN**
18:38:27.070    File: C:\Windows\system32\drivers\AVGLDX64.sys **HIDDEN**
18:38:27.117    File: C:\Windows\system32\drivers\AVGMFX64.sys **HIDDEN**
18:38:27.163    File: C:\Windows\system32\drivers\AVGRKX64.sys **HIDDEN**
18:38:27.226    File: C:\Windows\system32\drivers\AVGTDIA.sys **HIDDEN**
18:38:27.288    File: C:\Windows\system32\drivers\avgtpx64.sys **HIDDEN**
18:38:27.382    File: C:\Windows\system32\drivers\cfwids.sys **HIDDEN**
18:38:27.460    File: C:\Windows\system32\drivers\mfeapfk.sys **HIDDEN**
18:38:27.491    File: C:\Windows\system32\drivers\mfeavfk.sys **HIDDEN**
18:38:27.538    File: C:\Windows\system32\drivers\mfeclnk.sys **HIDDEN**
18:38:27.585    File: C:\Windows\system32\drivers\mfefirek.sys **HIDDEN**
18:38:27.663    File: C:\Windows\system32\drivers\mfehidk.sys **HIDDEN**
18:38:27.694    File: C:\Windows\system32\drivers\mfenlfk.sys **HIDDEN**
18:38:27.725    File: C:\Windows\system32\drivers\mferkdet.sys **HIDDEN**
18:38:27.787    File: C:\Windows\system32\drivers\mfewfpk.sys **HIDDEN**
18:38:28.599    AVAST engine scan C:\Users\Susan
18:38:46.523    File: C:\Users\Susan\AppData\Local\Temp\ose00000.exe **HIDDEN**
18:38:47.537    AVAST engine scan C:\ProgramData
18:39:19.018    File: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe **HIDDEN**
18:39:25.445    File: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm **HIDDEN**
18:39:25.507    File: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm **HIDDEN**
18:39:25.570    File: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll **HIDDEN**
18:39:25.648    File: C:\ProgramData\Partner\Partner.dll **HIDDEN**
18:39:25.710    File: C:\ProgramData\Partner\Partner.exe **HIDDEN**
18:39:25.773    File: C:\ProgramData\Partner\Partner64.dll **HIDDEN**
18:39:25.773    Disk 0 statistics 3331089/0/0 @ 9.24 MB/s
18:39:25.773    Scan finished successfully
18:41:46.984    Disk 0 MBR has been saved successfully to "C:\Users\Susan\Desktop\MBR.dat"
18:41:46.984    The log file has been saved successfully to "C:\Users\Susan\Desktop\aswMBR.txt"

 


  • 0

Advertisements

#11
Susanking96
Posted 15 September 2015 - 06:17 AM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I ran ComboFix four times last night. Each time it would get to completed stage 32 and stop. I thought maybe I wasn't letting it run long enough so on the fourth attempt I let it run overnight and this morning it was still at completed stage 32.


  • 0

#12
RKinner
Posted 15 September 2015 - 08:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  Look and see if it left you a log at C:\Combofix\combofix.txt.

 

AswMBR didn't really find anything tho you do need to download, save and run by right clicking and selecting Run As Administrator the McAfee Removal tools sometime when you get a chance.

 

http://download.mcaf...atches/MCPR.exe

 

 

 

For your current problem:

 

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(We want it to say
"The requested service has already been started

More help is available by typing NET HELPMSG 2182"

but it likely will say Access Denied. (If that's not what it says then let me know)  If you get Access Denied then:

Go into regedit, (Start, Search, regedit, doubleclick on regedit.exe, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it.  Find CurrentControlSet and click on its plus.  Click on Services) then right click on Services and select Permissions then click Add.
Type in
NT Service\bfe
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and do the 
net  start  bfe
command again and see if BFE has already been started.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(also check the mpssvc which is Windows Firewall)

net  start  mpssvc

 

Did they start?


  • 0

#13
Susanking96
Posted 15 September 2015 - 05:47 PM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

No log was left for ComboFix.

 

I ran the McAfee removal tools... when it finished it said unistallation incomplete.

 

When I put net start bfe in the command prompt it did say

"The requested service has already been started

More help is available by typing NET HELPMSG 2182"

 

and when I did net start mpssvc I also got the same message

"The requested service has already been started

More help is available by typing NET HELPMSG 2182"


  • 0

#14
RKinner
Posted 15 September 2015 - 08:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

That sounds good.  Can you run a new FRST scan with Addition checked and post both logs?


  • 0

#15
Susanking96
Posted 15 September 2015 - 09:32 PM

Susanking96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Susan (administrator) on SUSAN-PCLT (15-09-2015 23:27:34)
Running from C:\Users\Susan\Desktop
Loaded Profiles: UpdatusUser & Susan & CK (Available Profiles: UpdatusUser & Susan & CK)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\SysPart\Default\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-12] (Lenovo)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-12] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-774334311-1544358969-1951404087-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-07-12]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3A52EB3C-3063-4D6E-96CE-75FE57ED5B60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EA8BBAB4-39B8-4B89-B2BD-F725069F1857}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-774334311-1544358969-1951404087-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS499US499
SearchScopes: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-05] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-774334311-1544358969-1951404087-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-774334311-1544358969-1951404087-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-05] (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\i5mk3s1t.default
FF Homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-09-03] (Coupons, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Secure Search) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-10-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
U2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 23:27 - 2015-09-15 23:27 - 00000000 ____D C:\Users\Susan\Desktop\FRST-OlderVersion
2015-09-15 19:28 - 2015-09-15 19:28 - 03480040 _____ (McAfee, Inc.) C:\Users\Susan\Desktop\Mcafee removal tool.exe
2015-09-14 22:34 - 2015-09-14 22:46 - 00000000 ___SD C:\ComboFix
2015-09-14 19:02 - 2015-09-14 19:02 - 00000000 ____D C:\Qoobox
2015-09-14 19:02 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-14 19:02 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-14 19:02 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-14 19:02 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-14 19:02 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-14 19:02 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-09-14 19:02 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-14 19:02 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-14 19:02 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-14 19:01 - 2015-09-14 19:01 - 00000000 ____D C:\Windows\erdnt
2015-09-14 18:59 - 2015-09-14 18:59 - 05635119 ____R (Swearware) C:\Users\Susan\Desktop\ComboFix.exe
2015-09-14 18:41 - 2015-09-14 18:41 - 00092282 _____ C:\Users\Susan\Desktop\aswMBR.txt
2015-09-14 18:41 - 2015-09-14 18:41 - 00000512 _____ C:\Users\Susan\Desktop\MBR.dat
2015-09-14 18:23 - 2015-09-14 18:23 - 05200384 _____ (AVAST Software) C:\Users\Susan\Desktop\aswmbr.exe
2015-09-14 16:37 - 2015-09-14 16:37 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2015-09-14 16:36 - 2015-09-14 16:36 - 04009167 _____ C:\Users\Susan\Desktop\ServicesRepair.exe
2015-09-14 15:10 - 2015-09-14 16:47 - 00005121 _____ C:\VEW.txt
2015-09-14 15:09 - 2015-09-14 15:09 - 00061440 _____ ( ) C:\Users\Susan\Desktop\VEW.exe
2015-09-14 12:37 - 2013-02-12 00:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-09-14 12:37 - 2013-02-12 00:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-09-14 12:37 - 2012-07-04 16:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-09-14 12:37 - 2012-07-04 16:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-09-14 12:10 - 2015-09-14 12:10 - 20975616 _____ C:\Users\Susan\Documents\application log 914-1210.evtx
2015-09-11 15:19 - 2015-09-11 15:19 - 00000000 ____D C:\Users\CK\AppData\Local\Deployment
2015-09-11 15:19 - 2015-09-11 15:19 - 00000000 ____D C:\Users\CK\AppData\Local\Apps\2.0
2015-09-11 15:17 - 2015-09-11 15:17 - 42012712 _____ C:\Users\CK\Downloads\Firefox Setup 40.0.3.exe
2015-09-11 15:17 - 2015-09-11 15:17 - 00000000 ____D C:\Users\CK\AppData\Roaming\Mozilla
2015-09-11 15:17 - 2015-09-11 15:17 - 00000000 ____D C:\Users\CK\AppData\Local\Mozilla
2015-09-11 15:15 - 2015-09-11 15:15 - 00242752 _____ C:\Users\CK\Desktop\Firefox Setup Stub 40.0.3.exe
2015-09-11 15:14 - 2015-09-11 15:14 - 00001420 _____ C:\Users\CK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-11 15:14 - 2015-09-11 15:14 - 00000000 ____D C:\Users\CK\AppData\Roaming\Google
2015-09-11 15:14 - 2015-09-11 15:14 - 00000000 ____D C:\Users\CK\AppData\Local\Google
2015-09-11 15:06 - 2015-09-11 15:06 - 51015680 _____ C:\Users\Susan\Downloads\GoogleChromeStandaloneEnterprise64 (1).msi
2015-09-11 15:05 - 2015-09-11 15:05 - 51015680 _____ C:\Users\Susan\Downloads\GoogleChromeStandaloneEnterprise64.msi
2015-09-11 14:10 - 2015-09-11 14:10 - 00000000 _____ C:\Users\Susan\Downloads\standalonesetup64_exe.j393yvt.partial
2015-09-11 12:12 - 2015-09-14 15:16 - 00029143 _____ C:\Users\Susan\Desktop\Addition.txt
2015-09-11 12:11 - 2015-09-15 23:29 - 00017968 _____ C:\Users\Susan\Desktop\FRST.txt
2015-09-11 12:11 - 2015-09-15 23:27 - 00000000 ____D C:\FRST
2015-09-11 12:09 - 2015-09-15 23:27 - 02191360 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2015-09-11 10:40 - 2015-09-11 10:40 - 00000017 _____ C:\Users\Susan\AppData\Local\resmon.resmoncfg
2015-09-11 10:27 - 2015-09-11 10:27 - 13155552 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\Silverlight_x64.exe
2015-09-11 10:08 - 2015-09-11 10:08 - 00000000 ____D C:\Users\Susan\Desktop\Pet Pics
2015-09-11 10:04 - 2015-09-11 22:17 - 00000000 ____D C:\Users\Susan\Desktop\Resume'
2015-09-11 02:11 - 2015-09-11 02:13 - 00000000 ____D C:\Users\Susan\Desktop\MC aka TD
2015-09-08 00:52 - 2015-09-08 00:52 - 00000694 _____ C:\Users\Susan\Desktop\Spider Solitaire - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 23:07 - 2012-09-24 01:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-15 23:01 - 2012-12-18 01:23 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-09-15 19:32 - 2012-08-29 17:37 - 00000000 ____D C:\Users\Susan\Desktop\Sue's stuff
2015-09-15 19:19 - 1601-01-02 00:16 - 00658097 _____ C:\Windows\system32\fastboot.set
2015-09-15 19:18 - 2012-07-12 10:11 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 19:17 - 1601-01-02 00:16 - 00014032 _____ C:\Windows\setupact.log
2015-09-15 19:17 - 1601-01-02 00:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 08:16 - 1601-01-02 00:16 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-14 12:07 - 2012-09-24 01:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-14 12:07 - 2012-08-29 19:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 12:07 - 2012-08-29 19:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-11 20:13 - 2014-06-05 12:05 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-09-11 20:07 - 2013-12-23 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-11 15:14 - 2013-10-25 18:07 - 00088968 _____ C:\Users\CK\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-11 15:14 - 2013-10-25 18:07 - 00001454 _____ C:\Users\CK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-11 15:14 - 1601-01-02 00:16 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-11 15:07 - 2013-03-21 19:22 - 00000000 ____D C:\Users\Susan\AppData\Local\Deployment
2015-09-11 13:47 - 1601-01-02 00:16 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-11 12:53 - 2013-03-14 23:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-11 12:53 - 2013-03-14 23:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-11 10:47 - 2012-07-12 09:26 - 01735158 _____ C:\Windows\WindowsUpdate.log
2015-09-11 10:28 - 2013-03-14 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-11 10:10 - 2013-03-17 08:41 - 00000000 ____D C:\Users\Susan\Desktop\Megan's stuff
2015-09-11 10:09 - 2014-03-01 12:49 - 00000000 ____D C:\Users\Susan\Desktop\Recipes and food related docs
2015-09-11 10:08 - 2012-10-01 18:32 - 00000000 ____D C:\Users\Susan\Desktop\trends
2015-09-11 10:05 - 2013-08-17 14:20 - 00000000 ____D C:\Users\Susan\Desktop\quilt layout
2015-08-19 10:55 - 2014-06-26 12:13 - 00000000 ____D C:\Users\Susan\Desktop\Mystery Shopping
2015-08-19 10:54 - 2014-03-01 12:26 - 00000000 ____D C:\Users\Susan\Desktop\Nelnet
2015-08-19 10:50 - 2014-10-13 21:49 - 00000000 ____D C:\Users\Susan\Desktop\Funny cat pics
2015-08-17 09:23 - 2012-08-29 13:37 - 00000000 ____D C:\Users\Susan\Desktop\UOP

==================== Files in the root of some directories =======

2015-09-11 10:40 - 2015-09-11 10:40 - 0000017 _____ () C:\Users\Susan\AppData\Local\resmon.resmoncfg
2012-12-18 01:20 - 2012-12-18 01:20 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-11 14:30

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Susan (2015-09-15 23:29:33)
Running from C:\Users\Susan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-29 15:22:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-774334311-1544358969-1951404087-500 - Administrator - Disabled)
CK (S-1-5-21-774334311-1544358969-1951404087-1004 - Limited - Enabled) => C:\Users\CK
Guest (S-1-5-21-774334311-1544358969-1951404087-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-774334311-1544358969-1951404087-1003 - Limited - Enabled)
Susan (S-1-5-21-774334311-1544358969-1951404087-1002 - Administrator - Enabled) => C:\Users\Susan
UpdatusUser (S-1-5-21-774334311-1544358969-1951404087-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.32.50 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.5.12480 - Blizzard Entertainment)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}) (Version: 1.1.007.00 - Lenovo Group Limited)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Graphics Driver 296.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.1.0.16357 - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {089038CB-601E-48DB-A7C3-576AD5E43E20} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-05-16] ()
Task: {14C98695-8673-4050-9222-9A788E523CE6} - System32\Tasks\{D83BD0DE-6C30-45E6-8ECE-7BD839304479} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {1BE31C82-B533-43DD-9095-EB9D7AD93BCA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-05-16] ()
Task: {35E638A1-82B4-45AE-BEF4-23CEB850DE20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {3BBF1A3C-5882-40D9-8036-81B8E74C230D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4F4831CF-E72F-4EA1-9004-AB8D4240784B} - System32\Tasks\{F3B4721F-762C-4E11-8487-1EFDC24091D3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {4FBECA4A-9A2B-4D5E-B0E3-BA8794C669D7} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {62888E2F-0DDC-47CE-A6E9-BD4651F3B46A} - System32\Tasks\{8B9C5B60-1CE9-4082-8798-BACA67B1BE14} => pcalua.exe -a "C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W250X9RP\codecs.exe" -d C:\Users\Susan\Desktop
Task: {62B389EA-7C79-4354-8C03-B6FF6E6B68C4} - System32\Tasks\{317431B5-9AF6-4D32-A029-1DBBD8F0CCDE} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {738445FC-DD00-41A2-A556-F6AF101C6CA6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-05-16] (Lenovo)
Task: {9D340C32-B9E5-4900-9683-3A937884A02A} - System32\Tasks\{C0EDFA2F-4593-4DC6-866C-265DF48377D3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {A40D3699-B2E7-4765-9AE0-F90DC7F9523E} - System32\Tasks\{F73B8CE9-580D-4E9B-8ADB-1BCFF6875E56} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {A9DB3994-94F2-4EB0-9178-8E7C94BDCDA0} - System32\Tasks\{43D400F6-39BE-4FB7-A7D0-C0899DC64CD3} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {BA6A6602-D324-4BC9-8C1B-CF93CC19282D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C2EA2679-B34E-4B7A-B205-DA780373C58D} - System32\Tasks\{D9E9F80F-317C-44EB-91B7-3FB726361CFF} => pcalua.exe -a "C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H39DCCKV\DivXInstaller.exe" -d C:\Users\Susan\Desktop
Task: {CB3F6C5C-0BD8-41F8-B0B4-2C5DBC7BA72F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {CCB61FFC-D68C-42DD-8296-E549A5499FB3} - System32\Tasks\{EE8D5053-F557-4834-A97C-28A38B8051D2} => Iexplore.exe http://www.skype.com...LastError=12159
Task: {CF993E35-556E-4032-9239-56B8544EFDA3} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-12 10:11 - 2012-07-12 10:11 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2008-12-20 06:20 - 2012-07-12 10:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 19:22 - 2012-07-12 10:12 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 06:20 - 2012-07-12 10:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-12-18 01:25 - 2011-06-08 17:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-05-16 01:26 - 2012-02-17 12:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-16 19:56 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-09-16 19:56 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-12 10:11 - 2012-07-12 10:11 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-17 07:17 - 2014-10-17 07:17 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-07-12 09:31 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-12 09:32 - 2012-02-21 00:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-774334311-1544358969-1951404087-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-774334311-1544358969-1951404087-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\CK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17A09ACC-4A1F-44E8-913F-967E18827858}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{404FD3EF-4E7E-4C1B-A432-DAC24D614C14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BC24237D-EAAE-475A-A967-9F59F66EE80B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C810BB70-F8C1-474D-9BF1-AF46B45EF4BE}] => (Allow) LPort=2869
FirewallRules: [{9431585D-F3A6-438F-9BCB-5D6EA5B6E259}] => (Allow) LPort=1900
FirewallRules: [{B78FF6BB-8532-4D36-8284-130EFCB60A39}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{098E2178-A0B2-4C9A-9F97-F053CE4DBEF5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{988CB3AC-D2D0-481D-868F-746D9BEC0B5C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7EDB1DBA-9752-4EB7-B84F-856F8664765D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4E50BA14-D0A5-4C04-B5AB-E77B628D93D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{FB5C3433-32C3-465D-B905-5C7BFC387F2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B9E4A273-6500-4673-9B43-CB986126373D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{11A1EE84-E8AC-46BC-9B3F-AA7EC8AFF364}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{4BC9AF07-76CC-46FD-B649-0DB6B4D43ACD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{B60DF31B-D22C-49A0-A723-40FA79EF7173}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C9E1FA33-AD0C-47D7-B76A-E24DE572E9CE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{F56E18B0-C511-499A-8112-0785FAA13EEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8497394-1F03-4957-9826-D00EE7FB1FF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AA2CC57-7F0E-4BE7-9CE4-F329E81073BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDEC2855-C400-41F8-B250-626B9096237C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D408D13C-84C7-4E21-AB7F-AE3928E80671}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4E176D59-8957-4C28-BF99-0AC62EA99F0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{E20087B0-100D-4C11-8CAA-979516978B1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{E85B31AA-3347-4B7C-9BAF-ED5B365ADB99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{6BD00D7C-31DB-4DB1-BB83-C310AAA50584}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{D1F2424C-17BC-4DFC-A951-69FBFEA6E2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{37859EEE-DB51-41E6-962F-AB040DE02D2B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{91FAA90D-A957-4772-9E6F-56B3F0590F03}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{59D2E3EC-60BD-43CE-96A4-22C73081CFA1}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{41EE5C5C-9739-4292-B749-686500843E91}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{35CABC81-1222-4415-97F4-B2522EE57803}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{0C880ED4-4189-42FB-8390-06B36A2895F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{FD75E4FC-0DBF-427C-B21F-EB497A7CC3D7}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{246F59FF-6BBD-4E71-B608-DAEC290F7C7F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{CD0EB16C-B29A-43CF-B4EF-7EFBBD564775}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [TCP Query User{E9FF8C94-F927-44E8-A40B-C1BCCEAD710B}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{755E9C5D-EE5D-4CBB-AE49-452EAB42A84C}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{FF7CBF99-0C15-4D7C-A252-D76E769B4AA0}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B1BA14DE-0B6A-4F36-93B9-0F947A484265}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2015 07:28:49 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/15/2015 07:19:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2015 10:09:16 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/14/2015 09:59:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2015 04:54:15 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/14/2015 04:44:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2015 12:29:56 PM) (Source: MsiInstaller) (EventID: 1002) (User: Susan-PCLT)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/14/2015 12:15:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/15/2015 08:26:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/15/2015 08:26:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/15/2015 08:26:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/15/2015 08:26:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/15/2015 08:26:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/15/2015 08:25:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/15/2015 08:25:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/15/2015 08:25:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/15/2015 08:25:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/15/2015 08:25:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 3998.36 MB
Available physical RAM: 2187.02 MB
Total Virtual: 7994.92 MB
Available Virtual: 4173.45 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:213.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:22.23 GB) NTFS
Drive f: (SIMPLY_TAI_CHI) (CDROM) (Total:1.69 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C9E52945)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of Addition.txt ============================


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP