Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware? Computer runs poorly


  • Please log in to reply

#1
bkp

bkp

    Member

  • Member
  • PipPip
  • 87 posts

Hello,

 

It has been a very long time since I used this website for assistance but do recall when I did you guys were very helpful! I want to thank you for that. I had to give up my computer to my girlfriend due to her is running very poorly. So I am trying to use it and can hardly work with it. It responds slow sometimes. It seems to work semi ok right after restarts however as time goes on it acts up. The mouse gets very choppy and sometimes unresponsive. I know she has run a bunch of programs to remove a lot of junk like Crap Cleaner and "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe". I am not sure what else has been run. I do know there has been a bunch of item quarantined. Also on this computer she has used bit torrent sites for years and seem to be ok with using them (until lately).  I have run the scan that you have requested and here it is. Again thank you for you help in the past and hope you can help me with this! There was also Extras so I posted that below the OTL.

 

 

OTL logfile created on: 12/17/2014 12:13:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kristen White\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 46.24% Memory free
7.95 Gb Paging File | 5.45 Gb Available in Paging File | 68.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.38 Gb Total Space | 107.19 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: KRISTEN | User Name: Kristen White | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/17 00:12:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristen White\Downloads\OTL.exe
PRC - [2014/12/15 17:09:58 | 001,381,208 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kristen White\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/13 12:31:40 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/09 21:04:06 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/03/14 06:05:10 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
PRC - [2011/03/14 06:05:10 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\pg_ctl.exe
PRC - [2011/03/14 06:04:38 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\jre\bin\java.exe
PRC - [2011/03/14 06:04:34 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe
PRC - [2010/12/02 04:30:36 | 000,626,688 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/17 18:36:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 20:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/09 21:04:02 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
MOD - [2014/10/09 21:03:53 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/12/02 04:30:36 | 000,626,688 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/01 09:30:06 | 000,508,464 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2012/04/30 18:56:52 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV:64bit: - [2011/10/24 17:17:36 | 001,431,824 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/10/24 16:57:38 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/04/14 19:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/09 18:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2008/03/18 14:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/13 21:42:31 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 19:31:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/01 09:30:06 | 000,508,464 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/03/14 06:05:10 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\pg_ctl.exe -- (SyncThru Admin 5 Database)
SRV - [2011/03/14 06:04:34 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe -- (SyncThru Admin 5)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/01/28 14:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/24 18:52:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/16 23:48:28 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:18 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/10/31 14:45:16 | 008,399,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2010/06/23 08:21:34 | 000,318,568 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/04/29 12:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/10/27 00:58:53 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/10/24 00:52:12 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2009/10/22 20:44:20 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/08/19 16:49:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/23 15:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/18 13:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 12:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/03 14:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/02/12 17:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/27 21:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/01/14 15:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/30 18:52:32 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2008/11/17 09:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/09/22 08:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/03/21 14:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2009/10/22 22:28:12 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E9AA86C9-F4E7-4D81-BA92-AF201D81EDDA}
IE:64bit: - HKLM\..\SearchScopes\{E9AA86C9-F4E7-4D81-BA92-AF201D81EDDA}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylo...m/home?AF=15627
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...&rlz=1I7TSHB_en
IE - HKCU\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.babylo...earch&AF=15627"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kristen White\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Kristen White\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/12/14 21:29:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/24 20:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/24 20:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/12/14 21:29:35 | 000,000,000 | ---D | M]
 
[2009/06/27 21:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Extensions
[2014/12/12 21:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions
[2012/10/14 16:29:49 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/01 12:29:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/13 21:31:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2014/12/12 19:36:07 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/11/26 16:46:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/14 21:02:57 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\[email protected]
[2012/02/13 21:36:51 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\[email protected]
[2011/05/17 21:48:17 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\[email protected]
[2013/02/21 22:37:40 | 000,119,925 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\[email protected]
[2014/12/12 19:36:04 | 000,730,412 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2014/11/26 16:46:20 | 000,392,877 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/11/26 16:46:20 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/26 09:30:48 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/12/03 16:35:52 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/01/02 11:15:30 | 000,001,919 | ---- | M] () -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\searchplugins\bing-zugo.xml
[2010/02/19 10:45:10 | 000,009,977 | ---- | M] () -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\searchplugins\mywebsearch.xml
[2014/03/24 20:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/26 16:41:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/06 12:25:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/06/06 12:25:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\internal-nacl-plugin
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Kristen White\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kristen White\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [BitTorrent] C:\Users\Kristen White\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5DFC549E6620A000F91C82F3D4A8D03C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cmf.org ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cmf.org ([remote] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {00000130-9980-0010-8000-00AA00389B71} http://codecs.micros...86/ACELPACM.CAB (Reg Error: Key error.)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://remote.cmf.o...ries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F438E491-54FC-49BC-B94C-01F288683755}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F438E491-54FC-49BC-B94C-01F288683755}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Kristen White\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kristen White\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34fee7bb-d0b3-11e2-af0f-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{34fee7bb-d0b3-11e2-af0f-001e33ca2ded}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{4bab3c51-34ef-11e0-ac4a-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{4bab3c51-34ef-11e0-ac4a-001e33ca2ded}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{4bab3e3a-34ef-11e0-ac4a-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{4bab3e3a-34ef-11e0-ac4a-001e33ca2ded}\Shell\AutoRun\command - "" = E:\DTSP_Launcher.exe
O33 - MountPoints2\{6c1dd31f-7250-11e2-aca5-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{6c1dd31f-7250-11e2-aca5-001e33ca2ded}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{7132c698-2aca-11e3-9bd7-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{7132c698-2aca-11e3-9bd7-001e33ca2ded}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{83f46eb0-0996-11e4-aa76-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{83f46eb0-0996-11e4-aa76-001e33ca2ded}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{c518dfd9-679f-11e4-95be-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{c518dfd9-679f-11e4-95be-001e33ca2ded}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e3598b32-168b-11e0-9922-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{e3598b32-168b-11e0-9922-001e33ca2ded}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/12 19:39:12 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/12 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/12 19:35:47 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/12 19:35:47 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/12 19:35:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/12 19:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/12 19:33:15 | 020,447,072 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/12 19:30:49 | 020,447,072 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe.part
[2014/11/26 15:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/26 15:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2012/09/05 05:30:04 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2009/10/22 20:44:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kristen White\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/16 23:48:28 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/16 23:42:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/16 23:42:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 23:42:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 23:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/16 23:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/16 23:23:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000UA.job
[2014/12/16 21:23:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000Core.job
[2014/12/16 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2014/12/13 18:53:17 | 000,151,250 | ---- | M] () -- C:\Users\Kristen White\Desktop\xmass2014.jpg
[2014/12/12 19:35:58 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/12 19:33:41 | 020,447,072 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/12 19:30:53 | 020,447,072 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe.part
[2014/11/26 16:41:55 | 000,000,883 | ---- | M] () -- C:\Users\Kristen White\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/11/26 16:41:51 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/22 14:50:49 | 000,759,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/22 14:50:49 | 000,642,990 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/22 14:50:49 | 000,120,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/21 06:14:18 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/13 18:53:12 | 000,151,250 | ---- | C] () -- C:\Users\Kristen White\Desktop\xmass2014.jpg
[2014/12/12 19:35:58 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/26 16:41:51 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/15 06:45:16 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2014/01/26 12:15:53 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/12/14 21:18:22 | 000,208,277 | ---- | C] () -- C:\Windows\hpoins40.dat
[2013/12/14 21:18:22 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2013/09/09 21:35:04 | 000,000,081 | ---- | C] () -- C:\Users\Kristen White\CTX.DAT
[2013/09/06 10:51:29 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2013/07/01 09:13:08 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ssdevm.dll
[2011/10/06 16:14:29 | 000,002,560 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\wklnhst.dat
[2011/06/09 16:20:34 | 000,012,498 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\SmarThruOptions.xml
[2011/04/18 20:05:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\Spooler opens temp file
[2011/03/19 15:24:32 | 000,004,096 | -H-- | C] () -- C:\Users\Kristen White\AppData\Local\keyfile3.drm
[2011/01/18 23:26:35 | 000,005,652 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\91E0.3B7
[2011/01/12 23:06:09 | 000,000,002 | -HS- | C] () -- C:\Users\Kristen White\AppData\Roaming\.zreglib
[2011/01/12 23:04:33 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/02 11:22:00 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/12/24 16:20:37 | 001,063,763 | ---- | C] () -- C:\Users\Kristen White\Hunter and Santa 2010.jpg
[2010/07/22 20:47:11 | 000,024,226 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\UserTile.png
[2010/06/09 20:04:01 | 000,012,978 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\Tab Separated Values (Windows).CAL
[2010/06/09 19:40:06 | 000,012,980 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/02/13 23:13:00 | 000,000,036 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\lZJoYI4Nl0eqQ3j+wCKUIry3uRhdqX5UaAaHS9bsjLeHjA==.trl
[2010/01/14 23:48:38 | 000,054,093 | ---- | C] () -- C:\Program Files (x86)\EULA.eng
[2009/11/04 17:19:56 | 000,000,732 | ---- | C] () -- C:\Users\Kristen White\AppData\Local\d3d9caps64.dat
[2009/10/22 20:44:20 | 000,099,384 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\inst.exe
[2009/10/22 20:44:20 | 000,007,859 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\pcouffin.cat
[2009/10/22 20:44:20 | 000,001,167 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\pcouffin.inf
[2009/10/04 07:18:18 | 000,156,672 | ---- | C] () -- C:\Users\Kristen White\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 21:30:25 | 000,006,080 | ---- | C] () -- C:\Users\Kristen White\AppData\Local\d3d9caps.dat
[2009/06/27 21:12:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/04/11 02:11:24 | 012,897,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010/03/21 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Audio Recorder Titanium
[2011/01/12 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\AviDvdBurner
[2014/12/17 00:25:04 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\BitTorrent
[2011/06/06 12:25:45 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Catalina Marketing Corp
[2014/01/21 12:37:26 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/15 16:19:05 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\com.vespertinesoft.PatternFile
[2010/05/13 15:33:34 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Downloaded Installations
[2013/01/05 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Dropbox
[2010/05/10 19:56:05 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\FileOpen
[2011/05/20 17:09:31 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\GetRightToGo
[2009/11/22 14:25:00 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Leadertech
[2011/12/30 23:51:22 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Leawo
[2012/10/16 08:23:26 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Motorola
[2011/04/18 22:59:15 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Nugent7e
[2013/07/16 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Oracle
[2010/02/09 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\pdf995
[2010/07/22 20:47:11 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\PeerNetworking
[2010/02/21 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\PowerCinema
[2010/02/21 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\SharePod
[2010/10/10 21:57:19 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\SmartDVDCreatorPro
[2013/04/24 22:56:42 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\SystemRequirementsLab
[2013/05/27 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\TaxCut
[2013/04/24 21:21:46 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Template
[2011/12/30 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\tiger-k
[2009/06/26 21:07:21 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\TOSHIBA
[2009/09/18 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Ulead Systems
[2011/01/21 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Vso
[2010/02/28 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\VTExtra
[2012/08/12 10:03:18 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\WinAVI
[2009/06/26 18:04:32 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\WinBatch
[2011/01/08 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\WindSolutions
[2013/01/06 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 7460708 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax00002B300001
 
@Alternate Data Stream - 7460708 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax0000143C0001
 
@Alternate Data Stream - 3730356 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax000016CC0001
 
@Alternate Data Stream - 3730356 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax00000CF00002
 
@Alternate Data Stream - 3730356 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax000009580001
 
@Alternate Data Stream - 11191060 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax000015400001
 
@Alternate Data Stream - 11191060 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax00000AFC0002
 
 
< End of report >
 
EXTRAS

OTL Extras logfile created on: 12/17/2014 12:13:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kristen White\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 46.24% Memory free
7.95 Gb Paging File | 5.45 Gb Available in Paging File | 68.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.38 Gb Total Space | 107.19 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: KRISTEN | User Name: Kristen White | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 55 52 C9 02 10 7A CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04208BA6-B4AE-42FC-B66E-05981D4566BD}" = lport=427 | protocol=17 | dir=in | name=hp printer | 
"{1E32D0B9-D874-4644-97A8-6DD97119143B}" = lport=53338 | protocol=6 | dir=in | name=akamai netsession interface | 
"{3175BC5D-303F-4707-998F-23457D5880BF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{356A448D-0954-49B3-9386-B8CF802F5E38}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3629B105-41CA-454C-A970-E02999CA4157}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{38652EBD-5C58-4912-82F5-C0D39F714EF0}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | 
"{386FE4B7-2435-4524-9DE3-8AB198081F1F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3E834E6C-0F76-4AB1-BEE9-9D46BA3D53F5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{400812F5-568C-4734-B307-728945CE880F}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe | 
"{4ACC2533-A61F-4BD2-AC59-05BAD15EA8B1}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | 
"{4BCB0644-0497-4A0D-A628-16F13517810C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4D37FBAD-3B54-499D-A4E1-0F80D966BFB4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4ED6A17A-4B48-43B3-81D3-8775FF2D9F6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{4F20AD64-AE89-427F-9EAB-6CB17FC2A168}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{52A03311-236F-4B85-AA8A-3383C535378D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{568AEC8B-C898-4305-B45D-C6A3E849A59D}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{5C5396ED-4AF7-4FFC-A027-A7C89768E92A}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | 
"{632B0D58-3CDA-4B52-BF3F-8008AB339CA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{633E17BB-DE40-4791-BC9B-3F34C8EB7EE2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{674E7711-8CCC-4BF8-8E98-0A93569FA834}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{6A1D39FE-9BA2-4ABB-8CF1-F9A42AFCB15B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6B7221A7-E47E-40C3-803B-FAA1342B3124}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{722198FF-A01D-45C0-B8A8-35B9A8F0ACF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{7734370E-4C2E-45A5-9548-3EC2C8EB403E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{7A6A8A40-1F28-426A-8943-9B159689A738}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{7AA11027-3630-4388-A0EC-7EC9D781D9AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D170649-02FF-45AA-9138-F2ECC78B98FA}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{85A7547A-872D-4514-8029-78575FCDFD00}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{868918DB-8A7C-4937-86BD-D5FB132FA3E2}" = lport=49332 | protocol=6 | dir=in | name=akamai netsession interface | 
"{8838E033-908E-4D4D-A389-0EEF62619E96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{88BF281A-C4DA-4C91-80DE-8B89111E911B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C3B76CE-4714-4878-805F-8D92A68558CA}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{8EB9D07E-E236-40DE-857A-5A4F53245F2B}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | 
"{91A3B1E5-B330-459E-85A7-D0AE579575DE}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{971C0E0D-AB56-4B9E-9A68-D60AA73B4744}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{9D36679F-BA96-4AD4-86A9-529144FC4DAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A10E0269-2C27-41FD-BDE0-5E47FB9DC84C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{B22250F1-4BA9-4C95-91FC-876D0BDDB61A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{B8463E2C-211B-4B29-9470-04100B5117D3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BB156C81-4B5A-47BB-AD14-1EB6338B1B8F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BBCE9493-488E-4C9C-ADD5-9310944C85BA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{BF2287F0-AF0C-46EF-B431-0B924216EF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C142071C-7637-463C-8ABB-D6D165DC4F04}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{D5E9E037-ADB0-4108-817A-ADCC76E2D44D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DB2888DD-8F39-449D-8ABA-426A28B54529}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E6416DFA-D099-48D2-9397-7474A0C6541B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe | 
"{EA56118B-09DD-47CE-91DC-272171E9D4DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{ECC7C4F7-D471-4B9B-892D-30979D61E4A3}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{EDC42144-3438-42DA-A6B1-B533CBC7DC97}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EE6A1F35-17F2-4199-B432-E32928425CFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{F2812F56-C4F6-450D-9287-88E4F791E126}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | 
"{F60E529F-BEF2-443B-B890-510A65919AFB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F84CE5B0-63EB-4A0B-B88B-89E85988C4CD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{FA9AFB0B-98DE-46F1-B9A8-8D93E2DF0D56}" = lport=80 | protocol=6 | dir=in | name=windows remote management - compatibility mode (http-in) | 
"{FDAC5901-1DA6-4213-A788-7D4ADAF96CAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E37A94-AFD0-420C-BF93-FD3601E2A294}" = protocol=58 | dir=out | [email protected],-28546 | 
"{02293F46-0405-4525-A84D-C5FDB9DF84AB}" = dir=in | app=c:\program files (x86)\samsung network printer utilities\syncthru admin 5\jre\bin\java.exe | 
"{03C5C30C-0571-423F-BDD3-FF75108385A9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{065A9766-E797-4209-94D7-E98FFBBAA9EA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{0731B3A7-44EF-4F33-B6A5-647F82C3C1B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{0AF5CE5A-C28E-47BB-B8A0-3F271580C252}" = protocol=6 | dir=in | app=c:\users\kristen white\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{1337544A-6A01-4E8F-89A5-CFA29DF788D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{1400A0F0-F57A-4572-9B71-BDDBB56F1006}" = protocol=6 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe | 
"{19084B58-88AF-405B-A482-5AE48C2E3234}" = protocol=17 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe | 
"{1A02D5DC-6EB3-4E15-82E2-3B52D2FCB6A1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{1D1254D5-9C93-463D-AEB7-52F73D3CB1DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{2A24BFE4-D82F-4FF5-9E99-A3767AC1AFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CB3611A-1E01-410A-B090-FC2D38E20D8A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2E830948-2BC9-4BE0-ACD6-247E5857D8F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{3701C7DB-AEA0-491B-A8D4-8395267327B6}" = dir=in | app=c:\users\kristen white\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{3736759E-88AE-47AE-9E9F-DB7433AE6B75}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\sscan2io.exe | 
"{374366E0-42DE-4502-9F3C-60EA93F6D784}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{37B7BC0D-FC49-4630-A366-986E5128877E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{3D005340-9C8B-4356-9448-58017BE56EC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{43A7B96A-096C-445C-8C4A-2959C56DE321}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{455FAD3C-DEB4-47A2-ADC6-787EB4541969}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\sscan2io.exe | 
"{47E369D2-D968-497C-991A-33643EB82755}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{49671804-19D6-40E3-8970-EFBBCE143DFD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{49ABBEAF-1E65-434F-B390-98658A10A67D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{4A84477D-3A97-4AFB-AD6D-B9CE1BC229AD}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\scan2pc.exe | 
"{5754E289-73E3-4CE7-BD13-34B7967D5753}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{60630A19-BBA7-46A1-B9F7-FB3A51B010F4}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe | 
"{632861E2-7BC6-4B66-9524-3AF041265DD5}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\scan2pc.exe | 
"{66BE8052-5036-44EC-ACBD-B87617B4A1B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{69F03470-36E6-42CA-89B3-CCBE3C47771C}" = protocol=17 | dir=in | app=c:\users\kristen white\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{73C7BFDE-D998-422B-938B-4060530DC3FB}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{7F60903C-4DBF-49DC-A5F2-E4399C58A36B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{8490BA8A-5BB2-4CFD-B02A-011A5B1134E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{8557A27E-171E-4CEF-B85A-555F3715B553}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8FED605D-D91B-45D5-AA38-B7CD494E4015}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{93074673-EF6E-4FC8-AB03-47523ED15F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{990B2156-8B9D-4492-9E61-DD03E6B2E7D6}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe | 
"{A01357B0-79A4-4C58-9798-9A038C798235}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{A05A474D-FD17-4EF4-8887-FFC76F6B465E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A185C8DE-CD36-42EA-B0A4-B1BB9D0F5290}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A419AACB-3AEE-4164-9404-40B3D6610032}" = dir=in | app=d:\setup\hpznui40.exe | 
"{A5DF3681-CF91-4D2B-A03B-0D8672FFA1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{AD4DF4E5-BE1B-4112-87D2-793FC3610690}" = protocol=17 | dir=in | app=c:\users\kristen white\appdata\roaming\bittorrent\bittorrent.exe | 
"{B91F6345-358F-4F0E-A165-4C9CD46BCBB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{C0665B97-2DC3-4F4C-83E9-657919C7A35A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C6416FAC-DF71-4A29-A0F8-EC7AE5389FE3}" = protocol=1 | dir=out | [email protected],-28544 | 
"{C7B4B8BC-9FA7-49E0-8930-9ABEAF0D3673}" = protocol=6 | dir=in | app=c:\users\kristen white\appdata\roaming\bittorrent\bittorrent.exe | 
"{D6C94E38-455C-4FAD-9726-279F3782C652}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{DCFABA6B-A01A-4442-B5F9-F4283DFB1317}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{E78EC6CE-A466-4C0D-817A-3B95B04D1063}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{F1E92206-AEED-4827-8411-F997E371AA4E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{F6978C44-A93D-4015-B5F1-1D333BD86CF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{FB5D9481-7079-4463-971F-38E0C8358C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{FBEF20D1-E0B8-450D-9240-1438A094E0BF}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe | 
"TCP Query User{0ABFD8C0-ECBD-4D91-A92F-15A85549174D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3F15B9DD-8DF1-4F60-9BC2-106550D1FA56}C:\program files\verizon cloud\verizon.exe" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon.exe | 
"TCP Query User{5CE86F5F-7A63-4C6E-9BD4-3266CAF65DBF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{9EB4FE0F-D42E-41A8-A318-5A9863867CDA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{A29427EA-9C48-46ED-BA20-E720569D5365}C:\program files\verizon cloud\verizon cloud service.exe" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe | 
"TCP Query User{E77D1123-800E-4506-841F-34F2936C4487}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{F41A99BC-5899-4180-A4CA-F1D71AF25AAD}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{712727F8-0526-4E2C-8639-D642FBA51DE8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{7B86DCAE-F843-40EC-9132-ECE41CCC649E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8A2A299D-1408-491C-8A3A-6FC74957F48A}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{8BF88F2A-217A-4E1E-AAB3-A07B64D36C4D}C:\program files\verizon cloud\verizon cloud service.exe" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe | 
"UDP Query User{E2A955EF-44F7-4F26-8E2F-3D98CAB3CDFE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{E98CBC45-1330-4EB6-90D2-D71BEA041EFC}C:\program files\verizon cloud\verizon.exe" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon.exe | 
"UDP Query User{FE2262C7-006C-440E-B9FE-66C706DD4CA2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B239E0BC-D88A-47B1-935B-9707C7EB9CC9}" = FileOpen Client (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8005A7B-9638-41DD-B83B-AF277754E211}" = Intel® PROSet/Wireless WiFi Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System  (11/19/2006 1.0.0.3)
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2F7EAE2-43B8-B331-73C2-7768F727BB11}" = PatternFile
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.vespertinesoft.PatternFile" = PatternFile
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 33.1.1 (x86 en-US)" = Mozilla Firefox 33.1.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Samsung SCX-4623FW Series" = Maintenance Samsung SCX-4623FW Series
"Verizon Cloud" = Verizon Cloud
"VLC media player" = VLC media player 2.1.2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"CopyTrans Suite" = CopyTrans Suite Remove Only
"MusicManager" = Music Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/16/2014 8:19:08 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description = 
 
Error - 12/16/2014 8:19:08 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description = 
 
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description = 
 
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description = 
 
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description = 
 
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description = 
 
Error - 12/16/2014 8:24:10 PM | Computer Name = Kristen | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/16/2014 8:31:07 PM | Computer Name = Kristen | Source = MsiInstaller | ID = 11921
Description = 
 
Error - 12/17/2014 12:44:15 AM | Computer Name = Kristen | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/17/2014 12:52:32 AM | Computer Name = Kristen | Source = MsiInstaller | ID = 11921
Description = 
 
[ Media Center Events ]
Error - 12/21/2011 5:04:21 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4676.1128)
 
Error - 12/21/2011 5:04:21 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description =     Unable to contact server.. (4676.1129)
 
Error - 12/21/2011 5:04:27 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4676.1128)
 
Error - 12/21/2011 5:04:27 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description =     Unable to contact server.. (4676.1129)
 
Error - 12/21/2011 6:04:32 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (8372.1128)
 
Error - 12/21/2011 6:04:32 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description =     Unable to contact server.. (8372.1129)
 
Error - 12/21/2011 6:04:37 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (8372.1128)
 
Error - 12/21/2011 6:04:37 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description =     Unable to contact server.. (8372.1129)
 
Error - 12/24/2011 10:50:25 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (7932.1128)
 
Error - 12/24/2011 10:50:25 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description =     Unable to contact server.. (7932.1129)
 
[ OSession Events ]
Error - 12/19/2012 5:45:58 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 179
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 12/19/2012 6:13:43 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1252
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 12/19/2012 6:59:49 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2757
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 3/15/2013 4:18:05 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4229
 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error - 4/2/2013 11:48:24 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5482
 seconds with 3540 seconds of active time.  This session ended with a crash.
 
Error - 6/29/2013 1:16:49 AM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/24/2013 10:01:29 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 263
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 2/11/2014 9:45:45 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8342
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 2/16/2014 4:38:46 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 999
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 2/24/2014 9:19:09 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 407
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/16/2009 7:13:44 PM | Computer Name = Kristen-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10/16/2009 7:13:44 PM | Computer Name = Kristen-Laptop | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10/16/2009 7:13:44 PM | Computer Name = Kristen-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10/16/2009 7:22:12 PM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 10/17/2009 12:24:29 AM | Computer Name = Kristen-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:04:39 AM on 10/17/2009 was unexpected.
 
Error - 10/17/2009 12:24:31 AM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 10/19/2009 3:17:27 AM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 10/19/2009 4:46:06 PM | Computer Name = Kristen-Laptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.80 for the Network Card with network
 address 0022FAE755C8 has been denied by the DHCP server 172.21.0.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 10/19/2009 10:26:47 PM | Computer Name = Kristen-Laptop | Source = Dhcp | ID = 1002
Description = The IP address lease 172.21.235.221 for the Network Card with network
 address 0022FAE755C8 has been denied by the DHCP server 192.168.1.254 (The DHCP
 Server sent a DHCPNACK message).
 
Error - 10/21/2009 7:08:51 PM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
 
 
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
It sounds like you may have a heat problem.  What make and model is this PC?
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (Click on More Reply Options, Choose File, Open, Attach This File,) Uninstall Speccy.
 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     

    • 0

    #3
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts

    Toshiba A505-S6960  Satellite


    • 0

    #4
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts

    Here is the Speccy

     

    Attached Files


    • 0

    #5
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts

    Adw Cleaner


    • 0

    #6
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts

    here it is sorry

    Attached Files


    • 0

    #7
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts

    JRT file

    Attached Files

    • Attached File  JRT.txt   1.67KB   151 downloads

    • 0

    #8
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts

    Sorry for the multiple post on all the files. 

     

    Thanks for the help

    Attached Files


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP
    Does look like there may have been a trojan.
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    Speccy says the hard drive is good but the CPU/Motherboard temps are getting pretty high.  I like to see under 50 tho newer PCs seem to run about 55.  Yours 
     
    CPU
    Intel Mobile Core 2 Duo T6500 @ 2.10GHz 65 °C
    ...
    Motherboard
    TOSHIBA Portable PC (CPU) 57 °C
     
     
    Get Speedfan
     
    Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).
     
    It will tell you your temps in real time.  Keep it running and check once in a while while you watch a movie or run an anti-virus scan.  If they keep going up and go over 70 then the heatsink is probably clogged with dust and will need to be cleaned.  Too bad it's not a Dell.  Much easier to get to the heatsink.  See:
     
    to get an idea of what you need to do to cool it down.  The thermal paste they talk about is a good idea too.  If you to decide to do it yourself then I recommend you get the kit with cleaner and paste:
     
     
    Let's check for other problems:
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    You really should consider getting rid of Microsoft Security Essentials and switching to the free Avast.  
     
    Download and Save the free Avast installer.
     
    Uninstall Microsoft Security Essentials
     
    Reboot
     
    Install Avast (Right click and Run As Admin).  (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
     
     
    If you get Avast then you can run their really good boot-time scan.  It takes about 6 hours so I usually let it run at night while I sleep.  (Don't run it if the PC is overheating).
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     
    Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
     
    They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.
     
    If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
     
     

     


    • 0

    #10
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts

    Thank you for the help

    Attached Files


    • 0

    Advertisements


    #11
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts
    I think this is what you mean by copy and paste command prompt junk.txt
     
     
    2014-12-23 14:33:41, Info                  CSI    00000006 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:33:41, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:33:44, Info                  CSI    00000009 [SR] Verify complete
    2014-12-23 14:33:46, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:33:46, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:33:51, Info                  CSI    0000000d [SR] Verify complete
    2014-12-23 14:33:53, Info                  CSI    0000000e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:33:53, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:33:58, Info                  CSI    00000011 [SR] Verify complete
    2014-12-23 14:34:00, Info                  CSI    00000012 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:00, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:05, Info                  CSI    00000015 [SR] Verify complete
    2014-12-23 14:34:08, Info                  CSI    00000016 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:08, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:13, Info                  CSI    00000019 [SR] Verify complete
    2014-12-23 14:34:16, Info                  CSI    0000001a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:16, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:22, Info                  CSI    0000001d [SR] Verify complete
    2014-12-23 14:34:24, Info                  CSI    0000001e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:24, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:31, Info                  CSI    00000021 [SR] Verify complete
    2014-12-23 14:34:33, Info                  CSI    00000022 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:33, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:38, Info                  CSI    00000025 [SR] Verify complete
    2014-12-23 14:34:41, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:41, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:45, Info                  CSI    00000029 [SR] Verify complete
    2014-12-23 14:34:48, Info                  CSI    0000002a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:48, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:52, Info                  CSI    0000002d [SR] Verify complete
    2014-12-23 14:34:54, Info                  CSI    0000002e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:34:54, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:34:59, Info                  CSI    00000031 [SR] Verify complete
    2014-12-23 14:35:02, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:02, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:10, Info                  CSI    00000035 [SR] Verify complete
    2014-12-23 14:35:12, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:12, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:17, Info                  CSI    00000039 [SR] Verify complete
    2014-12-23 14:35:18, Info                  CSI    0000003a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:18, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:23, Info                  CSI    0000003d [SR] Verify complete
    2014-12-23 14:35:25, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:25, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:29, Info                  CSI    00000041 [SR] Verify complete
    2014-12-23 14:35:31, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:31, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:36, Info                  CSI    00000045 [SR] Verify complete
    2014-12-23 14:35:37, Info                  CSI    00000046 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:37, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:42, Info                  CSI    00000049 [SR] Verify complete
    2014-12-23 14:35:43, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:43, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:49, Info                  CSI    0000004d [SR] Verify complete
    2014-12-23 14:35:50, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:50, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:35:54, Info                  CSI    00000051 [SR] Verify complete
    2014-12-23 14:35:56, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:35:56, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:00, Info                  CSI    00000055 [SR] Verify complete
    2014-12-23 14:36:02, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:36:02, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:06, Info                  CSI    00000059 [SR] Verify complete
    2014-12-23 14:36:08, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:36:08, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:16, Info                  CSI    0000005d [SR] Verify complete
    2014-12-23 14:36:18, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:36:18, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:24, Info                  CSI    00000061 [SR] Verify complete
    2014-12-23 14:36:27, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:36:27, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:33, Info                  CSI    00000065 [SR] Verify complete
    2014-12-23 14:36:34, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:36:34, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:43, Info                  CSI    00000069 [SR] Verify complete
    2014-12-23 14:36:45, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:36:45, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:52, Info                  CSI    0000006d [SR] Verify complete
    2014-12-23 14:36:53, Info                  CSI    0000006e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:36:53, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:36:59, Info                  CSI    00000071 [SR] Verify complete
    2014-12-23 14:37:01, Info                  CSI    00000072 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:01, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:37:07, Info                  CSI    00000075 [SR] Verify complete
    2014-12-23 14:37:09, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:09, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:37:24, Info                  CSI    00000079 [SR] Verify complete
    2014-12-23 14:37:25, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:25, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:37:30, Info                  CSI    0000007d [SR] Verify complete
    2014-12-23 14:37:32, Info                  CSI    0000007e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:32, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:37:38, Info                  CSI    00000081 [SR] Verify complete
    2014-12-23 14:37:39, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:39, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:37:43, Info                  CSI    00000085 [SR] Verify complete
    2014-12-23 14:37:44, Info                  CSI    00000086 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:44, Info                  CSI    00000087 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:37:46, Info                  CSI    00000089 [SR] Verify complete
    2014-12-23 14:37:47, Info                  CSI    0000008a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:47, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:37:55, Info                  CSI    0000008d [SR] Verify complete
    2014-12-23 14:37:55, Info                  CSI    0000008e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:37:55, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:01, Info                  CSI    00000093 [SR] Verify complete
    2014-12-23 14:38:02, Info                  CSI    00000094 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:02, Info                  CSI    00000095 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:10, Info                  CSI    00000098 [SR] Verify complete
    2014-12-23 14:38:10, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:10, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:15, Info                  CSI    0000009e [SR] Verify complete
    2014-12-23 14:38:15, Info                  CSI    0000009f [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:15, Info                  CSI    000000a0 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:22, Info                  CSI    000000a2 [SR] Verify complete
    2014-12-23 14:38:22, Info                  CSI    000000a3 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:22, Info                  CSI    000000a4 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:32, Info                  CSI    000000c6 [SR] Verify complete
    2014-12-23 14:38:32, Info                  CSI    000000c7 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:32, Info                  CSI    000000c8 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:38, Info                  CSI    000000cd [SR] Verify complete
    2014-12-23 14:38:38, Info                  CSI    000000ce [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:38, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:45, Info                  CSI    000000d1 [SR] Verify complete
    2014-12-23 14:38:46, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:46, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:52, Info                  CSI    000000d5 [SR] Verify complete
    2014-12-23 14:38:52, Info                  CSI    000000d6 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:38:52, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:38:59, Info                  CSI    000000db [SR] Verify complete
    2014-12-23 14:39:00, Info                  CSI    000000dc [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:00, Info                  CSI    000000dd [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:02, Info                  CSI    000000df [SR] Verify complete
    2014-12-23 14:39:03, Info                  CSI    000000e0 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:03, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:05, Info                  CSI    000000e3 [SR] Verify complete
    2014-12-23 14:39:05, Info                  CSI    000000e4 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:05, Info                  CSI    000000e5 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:08, Info                  CSI    000000e7 [SR] Verify complete
    2014-12-23 14:39:08, Info                  CSI    000000e8 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:08, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:12, Info                  CSI    000000eb [SR] Verify complete
    2014-12-23 14:39:12, Info                  CSI    000000ec [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:12, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:18, Info                  CSI    000000ef [SR] Verify complete
    2014-12-23 14:39:18, Info                  CSI    000000f0 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:18, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:21, Info                  CSI    000000f3 [SR] Verify complete
    2014-12-23 14:39:21, Info                  CSI    000000f4 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:21, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:26, Info                  CSI    000000f7 [SR] Verify complete
    2014-12-23 14:39:28, Info                  CSI    000000f8 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:28, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:39:43, Info                  CSI    00000101 [SR] Verify complete
    2014-12-23 14:39:44, Info                  CSI    00000102 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:39:44, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:40:02, Info                  CSI    00000119 [SR] Verify complete
    2014-12-23 14:40:02, Info                  CSI    0000011a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:40:02, Info                  CSI    0000011b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:40:24, Info                  CSI    0000011d [SR] Verify complete
    2014-12-23 14:40:24, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:40:24, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:40:40, Info                  CSI    00000121 [SR] Verify complete
    2014-12-23 14:40:40, Info                  CSI    00000122 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:40:40, Info                  CSI    00000123 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:40:43, Info                  CSI    00000125 [SR] Verify complete
    2014-12-23 14:40:44, Info                  CSI    00000126 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:40:44, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:40:46, Info                  CSI    00000129 [SR] Verify complete
    2014-12-23 14:40:46, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:40:46, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:40:51, Info                  CSI    0000012d [SR] Verify complete
    2014-12-23 14:40:51, Info                  CSI    0000012e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:40:51, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:02, Info                  CSI    00000142 [SR] Verify complete
    2014-12-23 14:41:02, Info                  CSI    00000143 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:02, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:05, Info                  CSI    00000146 [SR] Verify complete
    2014-12-23 14:41:05, Info                  CSI    00000147 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:05, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:10, Info                  CSI    0000014a [SR] Verify complete
    2014-12-23 14:41:10, Info                  CSI    0000014b [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:10, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:15, Info                  CSI    0000014e [SR] Verify complete
    2014-12-23 14:41:16, Info                  CSI    0000014f [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:16, Info                  CSI    00000150 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:25, Info                  CSI    00000152 [SR] Verify complete
    2014-12-23 14:41:26, Info                  CSI    00000153 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:26, Info                  CSI    00000154 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:35, Info                  CSI    00000157 [SR] Verify complete
    2014-12-23 14:41:36, Info                  CSI    00000158 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:36, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:39, Info                  CSI    0000015b [SR] Verify complete
    2014-12-23 14:41:39, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:39, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:49, Info                  CSI    0000015f [SR] Verify complete
    2014-12-23 14:41:49, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:49, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:55, Info                  CSI    00000163 [SR] Verify complete
    2014-12-23 14:41:55, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:55, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:41:58, Info                  CSI    00000167 [SR] Verify complete
    2014-12-23 14:41:58, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:41:58, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:42:14, Info                  CSI    00000175 [SR] Verify complete
    2014-12-23 14:42:14, Info                  CSI    00000176 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:42:14, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:42:26, Info                  CSI    00000185 [SR] Verify complete
    2014-12-23 14:42:26, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:42:26, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:42:51, Info                  CSI    00000189 [SR] Verify complete
    2014-12-23 14:42:52, Info                  CSI    0000018a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:42:52, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:43:06, Info                  CSI    0000018d [SR] Verify complete
    2014-12-23 14:43:06, Info                  CSI    0000018e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:43:06, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:43:23, Info                  CSI    00000191 [SR] Verify complete
    2014-12-23 14:43:23, Info                  CSI    00000192 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:43:23, Info                  CSI    00000193 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:43:30, Info                  CSI    00000195 [SR] Verify complete
    2014-12-23 14:43:31, Info                  CSI    00000196 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:43:31, Info                  CSI    00000197 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:43:38, Info                  CSI    00000199 [SR] Verify complete
    2014-12-23 14:43:38, Info                  CSI    0000019a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:43:38, Info                  CSI    0000019b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:43:44, Info                  CSI    0000019f [SR] Verify complete
    2014-12-23 14:43:44, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:43:44, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:43:59, Info                  CSI    000001a4 [SR] Verify complete
    2014-12-23 14:44:00, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:44:00, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:44:08, Info                  CSI    000001a8 [SR] Verify complete
    2014-12-23 14:44:08, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:44:08, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
    2014-12-23 14:44:16, Info                  CSI    000001ac [SR] Verify complete
    2014-12-23 14:44:16, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:44:16, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
    2014-12-23 14:44:27, Info                  CSI    000001b0 [SR] Verify complete
    2014-12-23 14:44:27, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:44:27, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:44:32, Info                  CSI    000001b4 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2014-12-23 14:44:37, Info                  CSI    000001b6 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2014-12-23 14:44:37, Info                  CSI    000001b7 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
    2014-12-23 14:44:39, Info                  CSI    000001b9 [SR] Verify complete
    2014-12-23 14:44:39, Info                  CSI    000001ba [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:44:39, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
    2014-12-23 14:44:49, Info                  CSI    000001bd [SR] Verify complete
    2014-12-23 14:44:50, Info                  CSI    000001be [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:44:50, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
    2014-12-23 14:45:00, Info                  CSI    000001c1 [SR] Verify complete
    2014-12-23 14:45:01, Info                  CSI    000001c2 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:45:01, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:45:17, Info                  CSI    000001c6 [SR] Verify complete
    2014-12-23 14:45:17, Info                  CSI    000001c7 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:45:17, Info                  CSI    000001c8 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:45:23, Info                  CSI    000001ca [SR] Verify complete
    2014-12-23 14:45:23, Info                  CSI    000001cb [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:45:23, Info                  CSI    000001cc [SR] Beginning Verify and Repair transaction
    2014-12-23 14:45:29, Info                  CSI    000001cf [SR] Verify complete
    2014-12-23 14:45:29, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:45:29, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:45:36, Info                  CSI    000001d4 [SR] Verify complete
    2014-12-23 14:45:37, Info                  CSI    000001d5 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:45:37, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:45:43, Info                  CSI    000001d8 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2014-12-23 14:45:43, Info                  CSI    000001da [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2014-12-23 14:45:43, Info                  CSI    000001de [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2014-12-23 14:45:43, Info                  CSI    000001e0 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2014-12-23 14:45:45, Info                  CSI    000001e7 [SR] Verify complete
    2014-12-23 14:45:46, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:45:46, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:45:56, Info                  CSI    000001eb [SR] Verify complete
    2014-12-23 14:45:56, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:45:56, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
    2014-12-23 14:46:04, Info                  CSI    000001ef [SR] Verify complete
    2014-12-23 14:46:04, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:46:04, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:46:06, Info                  CSI    000001f3 [SR] Verify complete
    2014-12-23 14:46:06, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:46:06, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:46:16, Info                  CSI    000001f7 [SR] Verify complete
    2014-12-23 14:46:20, Info                  CSI    000001f8 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:46:20, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:46:58, Info                  CSI    000001fb [SR] Verify complete
    2014-12-23 14:46:59, Info                  CSI    000001fc [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:46:59, Info                  CSI    000001fd [SR] Beginning Verify and Repair transaction
    2014-12-23 14:47:38, Info                  CSI    000001ff [SR] Verify complete
    2014-12-23 14:47:39, Info                  CSI    00000200 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:47:39, Info                  CSI    00000201 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:48:34, Info                  CSI    00000203 [SR] Verify complete
    2014-12-23 14:48:34, Info                  CSI    00000204 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:48:34, Info                  CSI    00000205 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:48:40, Info                  CSI    00000207 [SR] Verify complete
    2014-12-23 14:48:41, Info                  CSI    00000208 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:48:41, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:48:48, Info                  CSI    0000020b [SR] Verify complete
    2014-12-23 14:48:48, Info                  CSI    0000020c [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:48:48, Info                  CSI    0000020d [SR] Beginning Verify and Repair transaction
    2014-12-23 14:49:24, Info                  CSI    00000218 [SR] Verify complete
    2014-12-23 14:49:25, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:49:25, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
    2014-12-23 14:49:45, Info                  CSI    0000021d [SR] Verify complete
    2014-12-23 14:49:47, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:49:47, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:50:11, Info                  CSI    00000221 [SR] Verify complete
    2014-12-23 14:50:13, Info                  CSI    00000222 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:50:13, Info                  CSI    00000223 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:50:54, Info                  CSI    00000225 [SR] Verify complete
    2014-12-23 14:50:55, Info                  CSI    00000226 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:50:55, Info                  CSI    00000227 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:51:27, Info                  CSI    00000229 [SR] Verify complete
    2014-12-23 14:51:28, Info                  CSI    0000022a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:51:28, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:51:39, Info                  CSI    0000022d [SR] Verify complete
    2014-12-23 14:51:41, Info                  CSI    0000022e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:51:41, Info                  CSI    0000022f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:51:56, Info                  CSI    00000232 [SR] Verify complete
    2014-12-23 14:51:56, Info                  CSI    00000233 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:51:56, Info                  CSI    00000234 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:52:05, Info                  CSI    0000023a [SR] Verify complete
    2014-12-23 14:52:05, Info                  CSI    0000023b [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:52:05, Info                  CSI    0000023c [SR] Beginning Verify and Repair transaction
    2014-12-23 14:52:19, Info                  CSI    00000243 [SR] Verify complete
    2014-12-23 14:52:20, Info                  CSI    00000244 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:52:20, Info                  CSI    00000245 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:52:29, Info                  CSI    00000254 [SR] Verify complete
    2014-12-23 14:52:30, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:52:30, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:52:36, Info                  CSI    00000258 [SR] Verify complete
    2014-12-23 14:52:36, Info                  CSI    00000259 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:52:36, Info                  CSI    0000025a [SR] Beginning Verify and Repair transaction
    2014-12-23 14:52:41, Info                  CSI    0000025f [SR] Verify complete
    2014-12-23 14:52:41, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:52:41, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:52:46, Info                  CSI    00000263 [SR] Verify complete
    2014-12-23 14:52:46, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:52:46, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:52:55, Info                  CSI    0000028a [SR] Verify complete
    2014-12-23 14:52:56, Info                  CSI    0000028b [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:52:56, Info                  CSI    0000028c [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:00, Info                  CSI    0000028e [SR] Verify complete
    2014-12-23 14:53:00, Info                  CSI    0000028f [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:00, Info                  CSI    00000290 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:05, Info                  CSI    00000292 [SR] Verify complete
    2014-12-23 14:53:05, Info                  CSI    00000293 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:05, Info                  CSI    00000294 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:10, Info                  CSI    00000296 [SR] Verify complete
    2014-12-23 14:53:11, Info                  CSI    00000297 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:11, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:22, Info                  CSI    000002a9 [SR] Verify complete
    2014-12-23 14:53:22, Info                  CSI    000002aa [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:22, Info                  CSI    000002ab [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:35, Info                  CSI    000002b9 [SR] Verify complete
    2014-12-23 14:53:35, Info                  CSI    000002ba [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:35, Info                  CSI    000002bb [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:41, Info                  CSI    000002bd [SR] Verify complete
    2014-12-23 14:53:41, Info                  CSI    000002be [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:41, Info                  CSI    000002bf [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:45, Info                  CSI    000002c2 [SR] Verify complete
    2014-12-23 14:53:46, Info                  CSI    000002c3 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:46, Info                  CSI    000002c4 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:53:55, Info                  CSI    000002c6 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
    2014-12-23 14:53:56, Info                  CSI    000002ca [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
    2014-12-23 14:53:57, Info                  CSI    000002cd [SR] Verify complete
    2014-12-23 14:53:57, Info                  CSI    000002ce [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:53:57, Info                  CSI    000002cf [SR] Beginning Verify and Repair transaction
    2014-12-23 14:54:01, Info                  CSI    000002d1 [SR] Verify complete
    2014-12-23 14:54:01, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:54:01, Info                  CSI    000002d3 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:54:09, Info                  CSI    000002d5 [SR] Verify complete
    2014-12-23 14:54:10, Info                  CSI    000002d6 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:54:10, Info                  CSI    000002d7 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:54:14, Info                  CSI    000002d9 [SR] Verify complete
    2014-12-23 14:54:14, Info                  CSI    000002da [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:54:14, Info                  CSI    000002db [SR] Beginning Verify and Repair transaction
    2014-12-23 14:54:22, Info                  CSI    000002df [SR] Verify complete
    2014-12-23 14:54:22, Info                  CSI    000002e0 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:54:22, Info                  CSI    000002e1 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:54:31, Info                  CSI    000002fb [SR] Verify complete
    2014-12-23 14:54:32, Info                  CSI    000002fc [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:54:32, Info                  CSI    000002fd [SR] Beginning Verify and Repair transaction
    2014-12-23 14:54:59, Info                  CSI    000002ff [SR] Verify complete
    2014-12-23 14:54:59, Info                  CSI    00000300 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:54:59, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:10, Info                  CSI    00000303 [SR] Verify complete
    2014-12-23 14:55:11, Info                  CSI    00000304 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:11, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:16, Info                  CSI    00000307 [SR] Verify complete
    2014-12-23 14:55:16, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:16, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:21, Info                  CSI    0000030c [SR] Verify complete
    2014-12-23 14:55:22, Info                  CSI    0000030d [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:22, Info                  CSI    0000030e [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:35, Info                  CSI    00000310 [SR] Verify complete
    2014-12-23 14:55:36, Info                  CSI    00000311 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:36, Info                  CSI    00000312 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:42, Info                  CSI    00000314 [SR] Verify complete
    2014-12-23 14:55:42, Info                  CSI    00000315 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:42, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:47, Info                  CSI    00000318 [SR] Verify complete
    2014-12-23 14:55:48, Info                  CSI    00000319 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:48, Info                  CSI    0000031a [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:53, Info                  CSI    0000031d [SR] Verify complete
    2014-12-23 14:55:53, Info                  CSI    0000031e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:53, Info                  CSI    0000031f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:55:58, Info                  CSI    00000321 [SR] Verify complete
    2014-12-23 14:55:58, Info                  CSI    00000322 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:55:58, Info                  CSI    00000323 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:05, Info                  CSI    00000325 [SR] Verify complete
    2014-12-23 14:56:06, Info                  CSI    00000326 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:56:06, Info                  CSI    00000327 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:12, Info                  CSI    0000032c [SR] Verify complete
    2014-12-23 14:56:12, Info                  CSI    0000032d [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:56:12, Info                  CSI    0000032e [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:20, Info                  CSI    00000331 [SR] Verify complete
    2014-12-23 14:56:21, Info                  CSI    00000332 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:56:21, Info                  CSI    00000333 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:26, Info                  CSI    00000335 [SR] Verify complete
    2014-12-23 14:56:26, Info                  CSI    00000336 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:56:26, Info                  CSI    00000337 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:36, Info                  CSI    00000339 [SR] Verify complete
    2014-12-23 14:56:36, Info                  CSI    0000033a [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:56:36, Info                  CSI    0000033b [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:43, Info                  CSI    0000033d [SR] Verify complete
    2014-12-23 14:56:44, Info                  CSI    0000033e [SR] Verifying 100 (0x0000000000000064) components
    2014-12-23 14:56:44, Info                  CSI    0000033f [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:51, Info                  CSI    00000341 [SR] Verify complete
    2014-12-23 14:56:51, Info                  CSI    00000342 [SR] Verifying 2 components
    2014-12-23 14:56:51, Info                  CSI    00000343 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:51, Info                  CSI    00000345 [SR] Verify complete
    2014-12-23 14:56:51, Info                  CSI    00000346 [SR] Repairing 5 components
    2014-12-23 14:56:51, Info                  CSI    00000347 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:51, Info                  CSI    00000349 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2014-12-23 14:56:52, Info                  CSI    0000034b [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2014-12-23 14:56:52, Info                  CSI    0000034c [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
    2014-12-23 14:56:52, Info                  CSI    0000034e [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2014-12-23 14:56:52, Info                  CSI    00000350 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2014-12-23 14:56:52, Info                  CSI    00000354 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
    2014-12-23 14:56:52, Info                  CSI    00000357 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2014-12-23 14:56:52, Info                  CSI    00000359 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2014-12-23 14:56:53, Info                  CSI    0000035d [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
    2014-12-23 14:56:53, Info                  CSI    00000360 [SR] Repair complete
    2014-12-23 14:56:53, Info                  CSI    00000361 [SR] Committing transaction
    2014-12-23 14:56:53, Info                  CSI    00000362 [SR] Cannot commit interactively, there are boot critical components being repaired
    2014-12-23 14:56:53, Info                  CSI    00000363 [SR] Repairing 5 components
    2014-12-23 14:56:53, Info                  CSI    00000364 [SR] Beginning Verify and Repair transaction
    2014-12-23 14:56:53, Info                  CSI    00000366 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2014-12-23 14:56:53, Info                  CSI    00000368 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2014-12-23 14:56:53, Info                  CSI    00000369 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
    2014-12-23 14:56:53, Info                  CSI    0000036b [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2014-12-23 14:56:53, Info                  CSI    0000036d [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2014-12-23 14:56:53, Info                  CSI    00000371 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
    2014-12-23 14:56:53, Info                  CSI    00000374 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
    2014-12-23 14:56:53, Info                  CSI    00000376 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
    2014-12-23 14:56:54, Info                  CSI    0000037a [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
    2014-12-23 14:56:54, Info                  CSI    0000037d [SR] Repair complete

    • 0

    #12
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts
    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 23/12/2014 3:22:42 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 23/12/2014 8:13:16 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 23/12/2014 8:11:19 PM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
     
    Log: 'System' Date/Time: 23/12/2014 8:11:16 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
     
    Log: 'System' Date/Time: 23/12/2014 8:11:16 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
     
    Log: 'System' Date/Time: 23/12/2014 8:10:47 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 23/12/2014 8:10:36 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
     
    Log: 'System' Date/Time: 23/12/2014 8:07:58 PM
    Type: Error Category: 0
    Event: 15021 Source: Microsoft-Windows-HttpEvent
    An error occured while using SSL configuration for socket address 0.0.0.0:4482.  The error status code is contained within the returned data.
     
    Log: 'System' Date/Time: 23/12/2014 7:24:47 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
     
    Log: 'System' Date/Time: 23/12/2014 7:24:07 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 23/12/2014 7:24:06 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 23/12/2014 7:24:02 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 23/12/2014 7:21:23 PM
    Type: Error Category: 0
    Event: 15021 Source: Microsoft-Windows-HttpEvent
    An error occured while using SSL configuration for socket address 0.0.0.0:4482.  The error status code is contained within the returned data.
     
    Log: 'System' Date/Time: 23/12/2014 7:17:20 PM
    Type: Error Category: 0
    Event: 2001 Source: Microsoft Antimalware
    Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.191.464.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.11302.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 23/12/2014 8:05:07 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped. 
     
    Log: 'System' Date/Time: 23/12/2014 8:05:03 PM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
     
    Log: 'System' Date/Time: 23/12/2014 7:19:15 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped. 
     
    Log: 'System' Date/Time: 23/12/2014 7:19:09 PM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 

    • 0

    #13
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts
    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 23/12/2014 3:23:27 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 23/12/2014 8:08:50 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
     
    Log: 'Application' Date/Time: 23/12/2014 8:00:42 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application WINWORD.EXE, version 12.0.6713.5000, time stamp 0x546c1c8e, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x49e036f1, exception code 0xc0000005, fault offset 0x71d674b2, process id 0x1abc, application start time 0x01d01eeae7e24948.
     
    Log: 'Application' Date/Time: 23/12/2014 7:30:08 PM
    Type: Error Category: 0
    Event: 11921 Source: MsiInstaller
    Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.
     
    Log: 'Application' Date/Time: 23/12/2014 7:24:45 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 23/12/2014 8:11:19 PM
    Type: Warning Category: 0
    Event: 1015 Source: MsiInstaller
    Failed to connect to server. Error: 0x8007041D
     
    Log: 'Application' Date/Time: 23/12/2014 8:10:39 PM
    Type: Warning Category: 0
    Event: 1001 Source: MsiInstaller
    Detection of product '{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}', feature 'NA32' failed during request for component '{0F38ADD9-07D7-45EB-9E18-B411B4AADEBC}'
     
    Log: 'Application' Date/Time: 23/12/2014 8:10:39 PM
    Type: Warning Category: 0
    Event: 1004 Source: MsiInstaller
    Detection of product '{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}', feature 'NA32', component '{A422B434-E886-4A2F-9D55-B47983039FB8}' failed.  The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\DisplayName_Localized' does not exist.
     
    Log: 'Application' Date/Time: 23/12/2014 8:04:21 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-232412378-3118420049-1387226345-1000:
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\CA
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\trust
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Root
    Process 1244 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\My
     
     
    Log: 'Application' Date/Time: 23/12/2014 7:24:51 PM
    Type: Warning Category: 0
    Event: 1001 Source: MsiInstaller
    Detection of product '{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}', feature 'NA32' failed during request for component '{0F38ADD9-07D7-45EB-9E18-B411B4AADEBC}'
     
    Log: 'Application' Date/Time: 23/12/2014 7:24:51 PM
    Type: Warning Category: 0
    Event: 1004 Source: MsiInstaller
    Detection of product '{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}', feature 'NA32', component '{A422B434-E886-4A2F-9D55-B47983039FB8}' failed.  The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\DisplayName_Localized' does not exist.
     
    Log: 'Application' Date/Time: 23/12/2014 7:18:30 PM
    Type: Warning Category: 0
    Event: 0 Source: PostgreSQL
    The event description cannot be found.
     
    Log: 'Application' Date/Time: 23/12/2014 7:18:30 PM
    Type: Warning Category: 0
    Event: 0 Source: PostgreSQL
    The event description cannot be found.
     
    Log: 'Application' Date/Time: 23/12/2014 7:18:30 PM
    Type: Warning Category: 0
    Event: 0 Source: PostgreSQL
    The event description cannot be found.
     
    Log: 'Application' Date/Time: 23/12/2014 7:17:05 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-232412378-3118420049-1387226345-1000:
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\CA
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\trust
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Root
    Process 4140 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\My

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    I am seeing a lot of errors that will slow it down.  The installer service hung while trying to install something from nero.  

     

    First try this:

     

    Copy the next lines:

     

    sc config msiserver start= demand
    Net stop msiserver
    MSIExec /unregister
    MSIExec /regserver
    regsvr32.exe /s %windir%\system32\msi.dll
    Net start msiserver

     

    Start, All Programs, Accessories, right click on Command Prompt and Run As Admin.  Continue.  You should get a black command window.

     

    Right click and Paste or Edit then Paste and the copied lines should appear.  Hit Enter.  Do you get any error messages or does the msiserver start?

     

    If it gave you errors then try the Installer Cleanup Utility:

     

    http://www.majorgeek...up_utility.html

     

     

     

    Download by clicking on one of the Download links below Download Locations.  The download should start automatically.  You do not need to fill out any forms or click on anything else.  Once you get msicuu2.exe downloaded, right click on it and Run As Admin.  In the list it shows you find anything from Nero and Remove.

     

    Your Samsung printer has a service 

    S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-10-24] (Samsung Electronics Co., Ltd.) which is not starting correctly.  You should uninstall the printer, 

    Download a new software package from Samsung and reinstall it.

     

    Then 

     

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Also let's run Process Explorer:
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

    • 0

    #15
    bkp

    bkp

      Member

    • Topic Starter
    • Member
    • PipPip
    • 87 posts
    If you get Avast then you can run their really good boot-time scan.  It takes about 6 hours so I usually let it run at night while I sleep.  (Don't run it if the PC is overheating).
     
    having issues in red?
     
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan. having problem finding where to change to boot-time scan???? Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP