Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue screen at end of 'Starting Windows'

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 1st, 2014, 12:30 pm

My Win 7 SP1 x64 computer blue screen crashes while 'Starting Windows'. I can boot into Safe Mode without problem but I've not been able to boot normally with any configuration I've tried using msconfig.

History:
Logged on with a non-administrator account I clicked on a link in an email from a site I use. Nothing happened so I immediately suspected a virus. I rebooted into Safe mode and ran Norton Security Suite full scan. Nothing found.

Ran a scan from Symantec bootable recover disk and it found nothing.

Restarted and have been blue screening ever since at the same spot in the boot process.

Last Known Good option didn't fix.

Startup Recovery fails every time when run when booted from the computer. When booted from System Recovery CD, says no problems found.

System Restore fails every time for any of the 3 available restore points regardless of where the system is booted. It fails saying a file is locked and to disable the antivirus and try again. I did not do that.

sfc /scannow has never reported an inconsistency either booted from the computer or from a System Recovery CD.

Tried to regenerate boot sector but /rebuildbcd said no OS installations found. Rebuilt BCD directory by renaming bcd and /rebuildbcd was successful. I later ran /rebuildbcd and said no OS installations found again.

Malware bytes found nothing.

Downloaded windbg and looked at minidump files. Bugcheck F4. Most were due to wininit.exe crashing.

Brought home Microsoft Diagnostics and Recovery Toolkit from work. 'System Sweeper' found a Trojan and supposedly successfully removed it. (I failed to note which trojan.) Regenerate boot sector tool said it was successful.

No change in sfc or 'Startup Repair' behaviors.

Memory.dmp now reporting bugcheck 0xc000021a. Winlogon_fatal_error.

I've resisted logging on with my admin account for fear something is still running but did log on with it to run a Windows Performance Analysis scan from Microsoft. I got a prompt to back up my encryption key. I am not encrypting anything so suspected a ransomware attack so I disabled the Encrypting File System service and rebooted.

Thanks for your help.

DDS.scr run from Safe Mode
DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by GeoffAdmin at 10:40:11 on 2014-03-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.6762 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mWinlogon: Userinit = userinit.exe,
BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe -update activex
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/do ... ysinfo.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B06B293F-21F4-4DCD-B345-337049B4AE61} : NameServer = 192.168.1.1,4.2.2.2
TCP: Interfaces\{B0898382-748D-4D89-B865-58F582114BF2} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe -k -rq
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GeoffAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\ruez1bl1.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\geoff\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-27 295424]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-18 1526488]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-10-5 87600]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20140221.002\IDSviA64.sys [2014-2-21 521944]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/19 17:34:15];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-9-19 146928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 203264]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-11-10 109352]
S2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2013-11-10 17416]
S2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2013-11-10 1830768]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-21 192512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-19 13336]
S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2010-7-27 68064]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-1 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-1 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
.
=============== Created Last 30 ================
.
2014-03-01 04:31:41 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2014-03-01 04:31:41 0 ----a-w- C:\Windows\SysWow64\smss.exe
2014-03-01 04:31:41 0 ----a-w- C:\Windows\SysWow64\services.exe
2014-03-01 04:31:41 0 ----a-w- C:\Windows\SysWow64\lsm.exe
2014-03-01 04:31:41 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2014-03-01 04:31:41 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2014-03-01 01:41:11 -------- d-----w- C:\Program Files (x86)\trend micro
2014-02-27 03:40:00 -------- d-----w- C:\symbols
2014-02-27 01:23:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-27 01:23:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 04:09:48 -------- d-----w- C:\Windows\Standalone System Sweeper
2014-02-25 05:38:46 -------- d-----w- C:\boot
2014-02-23 13:24:24 -------- d-----w- C:\Users\GeoffAdmin\AppData\Local\Hewlett-Packard_Company
2014-02-23 13:23:55 -------- d-----w- C:\Users\GeoffAdmin\AppData\Roaming\HP TCS
2014-02-22 23:19:06 -------- d-----w- C:\Windows\pss
2014-02-15 19:39:49 333424 ----a-r- C:\Users\GeoffAdmin\AppData\Roaming\Microsoft\Installer\{424ACECA-B0D4-4F64-94E4-511BA5DC31DE}\BOINCManagerShortc_A93DE976FB764046A81032A4C7BB0936.exe
2014-02-15 19:39:49 333424 ----a-r- C:\Users\GeoffAdmin\AppData\Roaming\Microsoft\Installer\{424ACECA-B0D4-4F64-94E4-511BA5DC31DE}\ARPPRODUCTICON.exe
2014-02-15 19:37:46 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-15 19:35:09 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-15 00:21:30 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-15 00:21:30 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 09:57:17 1882112 ----a-w- C:\Windows\System32\msxml3.dll
.
==================== Find3M ====================
.
2014-02-13 16:13:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-13 16:13:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-27 19:37:10 1083024 ----a-w- C:\Windows\boinc.scr
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 10:41:53.18 ===============
.
ATTACH.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/1/2009 1:51:47 PM
System Uptime: 3/1/2014 10:29:57 AM (0 hours ago)
.
Motherboard: MSI | | Indio
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2793/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 647.611 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.202 GiB free.
E: is CDROM ()
F: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP403: 2/15/2014 2:33:57 PM - Installed Java 7 Update 51 (64-bit)
RP404: 2/15/2014 2:36:49 PM - Installed Java 7 Update 51
RP405: 2/15/2014 2:39:21 PM - Installed BOINC.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Activate Norton Online Backup
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AmericasCardroom
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arkansas Topo Map
ATI Catalyst Registration
BioShock
BOINC
Bonjour
BovadaPoker
calibre
CameraHelperMsi
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Comcast Access
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DivX Setup
Eraser 6.0.8.2273
eReg
ffdshow [rev 610] [2006-12-01]
FLV.com FLV Converter 4.3
FreeArc 0.666
Full Flush Poker 8.2
Full Tilt Poker
Garmin BaseCamp
Garmin City Navigator North America 2008
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GEORGIA TOPO
Google Apps
Google Chrome
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Google+ Auto Backup
Hard Disk Scrubber 3.3 (Remove Only)
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.1.1.0
HitmanPro 3.7
HitmanPro.Alert
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
HP Advisor
HP Customer Experience Enhancements
HP Easy Backup
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
iCloud
inSSIDer 3
Intel(R) Rapid Storage Technology
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 51
Java 7 Update 51 (64-bit)
Java Auto Updater
Junk Mail filter update
Kentucky Topo Map
LabelPrint
Land Ownership
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
LightScribe System Software
Logitech SetPoint 6.32
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
LyricsSeeker plugins 2.3
Malwarebytes Anti-Malware version 1.75.0.1300
MapSource
MapSource - City Select North America v6 Update
MapSource - North American City Select v4.01
MapSource - US Topo 24K National Parks, East v2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Works
Missouri Topo Map
MobileMe Control Panel
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Trail Maps
Next Generation Visualisations
Norton Security Suite
OpenSource Flash Video Splitter (remove only)
Oracle VM VirtualBox 4.2.16
Picasa 3
PokerStars
PokerStars.net
PokerStove version 1.24
Power2Go
PowerDirector
PowerRecover
QuickTime
Realtek High Definition Audio Driver
Safari
ScrewDrivers Client v4 (ica only)
SE USA Topo Map
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Shareaza 2.7.1.0
Skype Click to Call
Skype™ 6.11
South Central USA Topo Map
TEXAS TOPO
Trail100k
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
US Planimetric SE
US State and County Borders
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WildTangent Games App (HP Games)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows XP Mode
XML Notepad 2007
ZSoft Uninstaller 2.5
.
==== Event Viewer Messages From Past Week ========
.
3/1/2014 8:48:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/1/2014 2:32:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/1/2014 10:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/1/2014 10:40:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 10:39:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/1/2014 10:39:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/1/2014 10:31:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/1/2014 10:30:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/1/2014 10:30:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/1/2014 10:30:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ctxusbm discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS VBoxDrv VBoxUSBMon vpcvmm Wanarpv6
3/1/2014 10:30:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a007c70d10, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030114-23852-01.
3/1/2014 10:18:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a002455650, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030114-23197-01.
2/28/2014 8:24:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a00d9b74e0, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022814-24117-01.
2/27/2014 9:42:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a002216890, 0x0000000000000001, 0xffffffffc0000001, 0x0000000000010760). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022714-23680-01.
2/27/2014 9:23:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a002238480, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022714-23602-01.
2/27/2014 10:10:39 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/26/2014 9:31:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/26/2014 8:03:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8006d149f0, 0xfffffa8006d14cd0, 0xfffff800031df7b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022614-24398-01.
2/24/2014 7:26:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800b24d810, 0xfffffa800b24daf0, 0xfffff800031867b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022414-23946-01.
2/23/2014 8:33:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800a306b30, 0xfffffa800a306e10, 0xfffff800031977b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022314-23680-01.
2/23/2014 5:16:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a000d423c0, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022314-23478-01.
2/23/2014 10:48:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a00022e7d0, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022314-24445-01.
2/22/2014 6:08:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800af889e0, 0xfffffa800af88cc0, 0xfffff8000318a7b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022214-23961-01.
2/22/2014 5:22:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800aebe920, 0xfffffa800aebec00, 0xfffff800031d07b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022214-23899-01.
2/22/2014 5:11:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2014 5:11:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/22/2014 5:11:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/22/2014 5:10:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a00db8d540, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022214-23883-01.
2/22/2014 5:10:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ctxusbm DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx VBoxDrv VBoxUSBMon vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2014 5:10:37 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2014 1:58:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a002420870, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022214-24601-01.
2/22/2014 1:46:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a00022e530, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022214-24133-01.
2/22/2014 1:38:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a002610f30, 0x0000000000000000, 0xffffffffc0000001, 0x0000000000010748). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022214-24913-01.
.
==== End Of File ===========================
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am
Advertisement
Register to Remove

Re: Blue screen at end of 'Starting Windows'

Unread postby Gary R » March 6th, 2014, 11:44 am

Its been a while since you posted asking for help, in that time things on your computer may have changed, if you still need help please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 7th, 2014, 8:25 pm

Nothing has changed. I just been waiting; I figured no response meant nobody knew how to help. Thanks.
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am

Re: Blue screen at end of 'Starting Windows'

Unread postby Gary R » March 8th, 2014, 1:48 am

OK, there's signs of some "minor" Malware on your machine, and we'll take care of that first. Whether it will resolve your problems is hard to say at this point, my guess is that it won't and we'll have to do some further exploration to see if we can find the cause.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Finally ...

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield: (don't include Code: Select all)
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • FRST.txt
  • Additions.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 8th, 2014, 8:28 am

TCRB failed. "Currently using Fallback Backup Method instead of Volume Shadow Service" followed by "Error! 10/12 Registry Files Backed up". Logs attached.

Should I proceed with your instructions or wait?

BTW, I think the encryption issue mentioned in my first post was a 'red herring'. After I posted I searched my hard drive for encrypted files (using Cipher) and the only files that were encrypted (and there were only 3) were in my temp folder. I deleted them.
You do not have the required permissions to view the files attached to this post.
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am

Re: Blue screen at end of 'Starting Windows'

Unread postby Gary R » March 8th, 2014, 2:23 pm

Yes, for the moment just follow the rest of my instructions, and post the 4 logs I asked for.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 8th, 2014, 3:48 pm

See attached.

In case you want to update your instructions:
Re: Adwcleaner
It (v3.020) no longer opens the log after the scan; you are left at the Adwcleaner screen with a prompt "Pending. Please uncheck elements you don't want to remove." You have to click the Report button if you want to view the log.

I took no action and closed the program.

The AdwCleaner[R0].txt log file is stored in the C:\AdwCleaner folder.
You do not have the required permissions to view the files attached to this post.
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am

Re: Blue screen at end of 'Starting Windows'

Unread postby Gary R » March 8th, 2014, 7:09 pm

OK, let's start trying to clean up your machine a little, and see if that enables us to make some progress.

Please post any logs I ask for rather than attach them (unless I ask you to do otherwise), this is a teaching forum, and attaching logs makes it more difficult for students to follow the topic.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

BovadaPoker
Full Flush Poker 8.2
Full Tilt Poker
PokerStars
PokerStars.net
PokerStove version 1.24
HitmanPro 3.7
HitmanPro.Alert
Shareaza 2.7.1.0


Many of these poker applications are badly written, and frequently cause problems. We can re-install any you feel you can't do without later, once we've eliminated them as a possible source of your issues.
HitmanPro is an extremely "abrasive" AV program, and has caused more BSOD problems to people's computers than any other program I know, it is highly likely that its use has caused at least some of the problems on your machine. There's also indication in your logs that it is faulting.
Use of P2P programs is the quickest way to contract an infection that I know of.

Reboot your computer once all these programs have been uninstalled.

Next ....

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ....

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include Code: Select all)
Code: Select all
HKU\S-1-5-21-238458004-3021794996-818495646-1001\...\Run: [CPN Notifier] - C:\Program Files (x86)\Lock Poker\PokerNotifier.exe
HKU\S-1-5-21-238458004-3021794996-818495646-1001\...\MountPoints2: {7016fa25-96a5-11df-9210-40618633fe15} - G:\LaunchU3.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {70D5954A-12E8-4C93-B7FC-851AFB79B85F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {70D5954A-12E8-4C93-B7FC-851AFB79B85F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {70D5954A-12E8-4C93-B7FC-851AFB79B85F} URL = 
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
BHO-x32: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SafeSearch.xml
AlternateDataStreams: C:\Program Files (x86)\Lock Poker:MID
AlternateDataStreams: C:\Users\geoff\Code:Shareaza.GUID
AlternateDataStreams: C:\Users\geoff\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\GeoffAdmin\Downloads:Shareaza.GUID
C:\Users\geoff\AppData\Local\{B67A3A4E-802A-4834-BE81-F86AAB2F8159}
C:\Users\geoff\AppData\Local\{B0F4A322-066D-45C6-858E-EEF0181FDB0B}
C:\Users\geoff\AppData\Local\{814B5514-0A01-40DF-B13B-A8C8A7CF8F70}
C:\Users\geoff\AppData\Local\{9A634C7B-67E0-400F-A47E-85CE4ACA34D2}
C:\Users\geoff\AppData\Local\{09FDCC0D-A605-46CC-8219-59BCFEA2C3F0}
C:\Users\geoff\AppData\Local\{67BA0B76-89A1-460B-8554-3EB5DC8D0C5B}
C:\Users\geoff\AppData\Local\{92260675-5EDB-400B-AB34-AA7F3A0AEEAB}
C:\Users\geoff\AppData\Local\{2194A36C-5492-4EF5-A588-7E93E5220CF7}
C:\Users\geoff\AppData\Local\{977C9383-3F76-439F-BEEE-41F3D33DB1B5}
C:\Users\geoff\AppData\Local\{3A7EEE23-69AE-408C-8C70-D9ADF1F4C4B1}
C:\Users\geoff\AppData\Local\{D165DA32-3ADD-4F4A-A7EB-E0E8F5438482}
C:\Users\geoff\AppData\Local\{968115E9-C897-498A-AF0A-29DDEFBA88A1}
C:\Users\geoff\AppData\Local\{BAED8697-94FB-4170-A602-39AB8AC5756E}
C:\Users\geoff\AppData\Local\{EB671266-C25C-4972-9F11-96D143BB61A7}
C:\Users\geoff\AppData\Local\{9B3FA984-BDB2-4E30-8776-8B7EA0D56F27}
C:\Users\geoff\AppData\Local\{8ACE960D-EA6B-46F9-BD80-508F3DDC8269}
C:\Users\geoff\AppData\Local\{A61BA76F-BC4E-493A-840E-6E2DC5D6FE3E}
C:\Users\geoff\AppData\Local\{15B9705E-BC35-4E3A-88A2-9F5AED3E4F27}
C:\Users\geoff\AppData\Local\{A872E65A-0C5A-477E-95EE-57BBAF7DE865}
C:\Users\geoff\AppData\Local\{E3621028-BA66-4DEE-86AA-FEDF0CDBFA48}
C:\Users\geoff\AppData\Local\{EEAEB6D2-9704-4CC1-A834-870114CB64A9}
C:\Users\geoff\AppData\Local\{C5D1B406-CFBE-40C4-9A87-3889A5608228}
C:\Users\geoff\AppData\Local\{9216D806-C4A8-4EC1-B3FB-BB218AB0F6AD}
C:\Users\geoff\AppData\Local\{10E83962-0FB8-4C9A-87CF-203D42FE9FB4}
C:\Users\geoff\AppData\Local\{7190F852-9724-4711-B84B-BF2AF4114287}
C:\Users\geoff\AppData\Local\{7DADDD29-C308-4E1A-8933-E6B28870FBAD}
C:\Users\geoff\AppData\Local\{051E8001-D7C0-4C97-9370-B3F3D5921E63}
C:\Users\geoff\AppData\Local\{3EBDDD78-B97E-4D6B-961E-7B326AFF1C36}
C:\Users\geoff\AppData\Local\{44751D69-5C3B-40A3-A896-E813D2BAF111}
C:\Users\geoff\AppData\Local\{E1386C77-0760-47DF-821C-14C6B83FE810}
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1001\Software\Trolltech"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1012\Software\Trolltech"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe.

Next ...

I'd like you to attach the following dump files for me ...

C:\Windows\Minidump\030714-24492-01.dmp
C:\Windows\Minidump\030114-23852-01.dmp
C:\Windows\Minidump\030114-23197-01.dmp

The forum software does not support the .dmp file type, so rename them to ...

C:\Windows\Minidump\030714-24492-01.txt
C:\Windows\Minidump\030114-23852-01.txt
C:\Windows\Minidump\030114-23197-01.txt

... so that they will attach.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • Fixlog.txt
  • The attached dmp files I asked for.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 8th, 2014, 9:20 pm

AdwCleaner did not display the log after the reboot, maybe because I'm booting into Safe mode each time. I rebooted again. When grabbing its log I see there are two; AdwCleaner[S0].txt is below. AdwCleaner[R1].txt's timestamp indicates it was generated from my first reboot; let me know if you want it too.

# AdwCleaner v3.020 - Report created 08/03/2014 at 19:35:29
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : GeoffAdmin - HP
# Running from : C:\Users\geoff\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\LyricsSeeker
Folder Deleted : C:\Users\geoff\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\hcadmin\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\geoff\AppData\Roaming\Mozilla\Firefox\Profiles\uiduihh7.default-1364753419598\StumbleUpon
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\geoff\AppData\Roaming\Mozilla\Firefox\Profiles\uiduihh7.default-1364753419598\prefs.js ]


[ File : C:\Users\janet\AppData\Roaming\Mozilla\Firefox\Profiles\i4koclgm.default\prefs.js ]


[ File : C:\Users\KJ\AppData\Roaming\Mozilla\Firefox\Profiles\ap92hnmh.default\prefs.js ]


[ File : C:\Users\GeoffAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\ruez1bl1.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\janet\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\KJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\GeoffAdmin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\hcadmin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4146 octets] - [08/03/2014 13:52:58]
AdwCleaner[R1].txt - [3772 octets] - [08/03/2014 19:28:41]
AdwCleaner[S0].txt - [3628 octets] - [08/03/2014 19:35:29]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3688 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01
Ran by GeoffAdmin at 2014-03-08 19:49:36 Run:1
Running from C:\Users\geoff\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-238458004-3021794996-818495646-1001\...\Run: [CPN Notifier] - C:\Program Files (x86)\Lock Poker\PokerNotifier.exe
HKU\S-1-5-21-238458004-3021794996-818495646-1001\...\MountPoints2: {7016fa25-96a5-11df-9210-40618633fe15} - G:\LaunchU3.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {70D5954A-12E8-4C93-B7FC-851AFB79B85F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {70D5954A-12E8-4C93-B7FC-851AFB79B85F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {70D5954A-12E8-4C93-B7FC-851AFB79B85F} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
BHO-x32: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SafeSearch.xml
AlternateDataStreams: C:\Program Files (x86)\Lock Poker:MID
AlternateDataStreams: C:\Users\geoff\Code:Shareaza.GUID
AlternateDataStreams: C:\Users\geoff\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\GeoffAdmin\Downloads:Shareaza.GUID
C:\Users\geoff\AppData\Local\{B67A3A4E-802A-4834-BE81-F86AAB2F8159}
C:\Users\geoff\AppData\Local\{B0F4A322-066D-45C6-858E-EEF0181FDB0B}
C:\Users\geoff\AppData\Local\{814B5514-0A01-40DF-B13B-A8C8A7CF8F70}
C:\Users\geoff\AppData\Local\{9A634C7B-67E0-400F-A47E-85CE4ACA34D2}
C:\Users\geoff\AppData\Local\{09FDCC0D-A605-46CC-8219-59BCFEA2C3F0}
C:\Users\geoff\AppData\Local\{67BA0B76-89A1-460B-8554-3EB5DC8D0C5B}
C:\Users\geoff\AppData\Local\{92260675-5EDB-400B-AB34-AA7F3A0AEEAB}
C:\Users\geoff\AppData\Local\{2194A36C-5492-4EF5-A588-7E93E5220CF7}
C:\Users\geoff\AppData\Local\{977C9383-3F76-439F-BEEE-41F3D33DB1B5}
C:\Users\geoff\AppData\Local\{3A7EEE23-69AE-408C-8C70-D9ADF1F4C4B1}
C:\Users\geoff\AppData\Local\{D165DA32-3ADD-4F4A-A7EB-E0E8F5438482}
C:\Users\geoff\AppData\Local\{968115E9-C897-498A-AF0A-29DDEFBA88A1}
C:\Users\geoff\AppData\Local\{BAED8697-94FB-4170-A602-39AB8AC5756E}
C:\Users\geoff\AppData\Local\{EB671266-C25C-4972-9F11-96D143BB61A7}
C:\Users\geoff\AppData\Local\{9B3FA984-BDB2-4E30-8776-8B7EA0D56F27}
C:\Users\geoff\AppData\Local\{8ACE960D-EA6B-46F9-BD80-508F3DDC8269}
C:\Users\geoff\AppData\Local\{A61BA76F-BC4E-493A-840E-6E2DC5D6FE3E}
C:\Users\geoff\AppData\Local\{15B9705E-BC35-4E3A-88A2-9F5AED3E4F27}
C:\Users\geoff\AppData\Local\{A872E65A-0C5A-477E-95EE-57BBAF7DE865}
C:\Users\geoff\AppData\Local\{E3621028-BA66-4DEE-86AA-FEDF0CDBFA48}
C:\Users\geoff\AppData\Local\{EEAEB6D2-9704-4CC1-A834-870114CB64A9}
C:\Users\geoff\AppData\Local\{C5D1B406-CFBE-40C4-9A87-3889A5608228}
C:\Users\geoff\AppData\Local\{9216D806-C4A8-4EC1-B3FB-BB218AB0F6AD}
C:\Users\geoff\AppData\Local\{10E83962-0FB8-4C9A-87CF-203D42FE9FB4}
C:\Users\geoff\AppData\Local\{7190F852-9724-4711-B84B-BF2AF4114287}
C:\Users\geoff\AppData\Local\{7DADDD29-C308-4E1A-8933-E6B28870FBAD}
C:\Users\geoff\AppData\Local\{051E8001-D7C0-4C97-9370-B3F3D5921E63}
C:\Users\geoff\AppData\Local\{3EBDDD78-B97E-4D6B-961E-7B326AFF1C36}
C:\Users\geoff\AppData\Local\{44751D69-5C3B-40A3-A896-E813D2BAF111}
C:\Users\geoff\AppData\Local\{E1386C77-0760-47DF-821C-14C6B83FE810}
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1001\Software\Trolltech"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1012\Software\Trolltech"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
*****************

HKU\S-1-5-21-238458004-3021794996-818495646-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CPN Notifier => Value deleted successfully.
HKU\S-1-5-21-238458004-3021794996-818495646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7016fa25-96a5-11df-9210-40618633fe15} => Key deleted successfully.
HKCR\CLSID\{7016fa25-96a5-11df-9210-40618633fe15} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D5954A-12E8-4C93-B7FC-851AFB79B85F} => Key deleted successfully.
HKCR\CLSID\{70D5954A-12E8-4C93-B7FC-851AFB79B85F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{70D5954A-12E8-4C93-B7FC-851AFB79B85F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{70D5954A-12E8-4C93-B7FC-851AFB79B85F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D5954A-12E8-4C93-B7FC-851AFB79B85F} => Key deleted successfully.
HKCR\CLSID\{70D5954A-12E8-4C93-B7FC-851AFB79B85F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627} => Key not found.
HKCR\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627} => Key not found.
HKCR\Wow6432Node\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"C:\Program Files (x86)\mozilla firefox\searchplugins\SafeSearch.xml" => not found.
C:\Program Files (x86)\Lock Poker => ":MID" ADS removed successfully.
"C:\Users\geoff\Code" => ":Shareaza.GUID" ADS not found.
"C:\Users\geoff\Downloads" => ":Shareaza.GUID" ADS not found.
"C:\Users\GeoffAdmin\Downloads" => ":Shareaza.GUID" ADS not found.
C:\Users\geoff\AppData\Local\{B67A3A4E-802A-4834-BE81-F86AAB2F8159} => Moved successfully.
C:\Users\geoff\AppData\Local\{B0F4A322-066D-45C6-858E-EEF0181FDB0B} => Moved successfully.
C:\Users\geoff\AppData\Local\{814B5514-0A01-40DF-B13B-A8C8A7CF8F70} => Moved successfully.
C:\Users\geoff\AppData\Local\{9A634C7B-67E0-400F-A47E-85CE4ACA34D2} => Moved successfully.
C:\Users\geoff\AppData\Local\{09FDCC0D-A605-46CC-8219-59BCFEA2C3F0} => Moved successfully.
C:\Users\geoff\AppData\Local\{67BA0B76-89A1-460B-8554-3EB5DC8D0C5B} => Moved successfully.
C:\Users\geoff\AppData\Local\{92260675-5EDB-400B-AB34-AA7F3A0AEEAB} => Moved successfully.
C:\Users\geoff\AppData\Local\{2194A36C-5492-4EF5-A588-7E93E5220CF7} => Moved successfully.
C:\Users\geoff\AppData\Local\{977C9383-3F76-439F-BEEE-41F3D33DB1B5} => Moved successfully.
C:\Users\geoff\AppData\Local\{3A7EEE23-69AE-408C-8C70-D9ADF1F4C4B1} => Moved successfully.
C:\Users\geoff\AppData\Local\{D165DA32-3ADD-4F4A-A7EB-E0E8F5438482} => Moved successfully.
C:\Users\geoff\AppData\Local\{968115E9-C897-498A-AF0A-29DDEFBA88A1} => Moved successfully.
C:\Users\geoff\AppData\Local\{BAED8697-94FB-4170-A602-39AB8AC5756E} => Moved successfully.
C:\Users\geoff\AppData\Local\{EB671266-C25C-4972-9F11-96D143BB61A7} => Moved successfully.
C:\Users\geoff\AppData\Local\{9B3FA984-BDB2-4E30-8776-8B7EA0D56F27} => Moved successfully.
C:\Users\geoff\AppData\Local\{8ACE960D-EA6B-46F9-BD80-508F3DDC8269} => Moved successfully.
C:\Users\geoff\AppData\Local\{A61BA76F-BC4E-493A-840E-6E2DC5D6FE3E} => Moved successfully.
C:\Users\geoff\AppData\Local\{15B9705E-BC35-4E3A-88A2-9F5AED3E4F27} => Moved successfully.
C:\Users\geoff\AppData\Local\{A872E65A-0C5A-477E-95EE-57BBAF7DE865} => Moved successfully.
C:\Users\geoff\AppData\Local\{E3621028-BA66-4DEE-86AA-FEDF0CDBFA48} => Moved successfully.
C:\Users\geoff\AppData\Local\{EEAEB6D2-9704-4CC1-A834-870114CB64A9} => Moved successfully.
C:\Users\geoff\AppData\Local\{C5D1B406-CFBE-40C4-9A87-3889A5608228} => Moved successfully.
C:\Users\geoff\AppData\Local\{9216D806-C4A8-4EC1-B3FB-BB218AB0F6AD} => Moved successfully.
C:\Users\geoff\AppData\Local\{10E83962-0FB8-4C9A-87CF-203D42FE9FB4} => Moved successfully.
C:\Users\geoff\AppData\Local\{7190F852-9724-4711-B84B-BF2AF4114287} => Moved successfully.
C:\Users\geoff\AppData\Local\{7DADDD29-C308-4E1A-8933-E6B28870FBAD} => Moved successfully.
C:\Users\geoff\AppData\Local\{051E8001-D7C0-4C97-9370-B3F3D5921E63} => Moved successfully.
C:\Users\geoff\AppData\Local\{3EBDDD78-B97E-4D6B-961E-7B326AFF1C36} => Moved successfully.
C:\Users\geoff\AppData\Local\{44751D69-5C3B-40A3-A896-E813D2BAF111} => Moved successfully.
C:\Users\geoff\AppData\Local\{E1386C77-0760-47DF-821C-14C6B83FE810} => Moved successfully.

========= Reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Trolltech (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1001\Software\Trolltech" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1001\Software\Trolltech (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1012\Software\Trolltech" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-238458004-3021794996-818495646-1012\Software\Trolltech (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog ====
You do not have the required permissions to view the files attached to this post.
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am

Re: Blue screen at end of 'Starting Windows'

Unread postby Gary R » March 9th, 2014, 5:00 am

OK, the "fix" appears to have run successfully, by which I mean that the things scripted for removal appear to have been removed ....

Are you able to boot into normal mode now ?

If not, then please do the following for me ...

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: (do not include Code: Select all)
Code: Select all
:filefind
ntkrnlmp.exe
smss.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 9th, 2014, 8:57 am

I am unable to boot normally.

The log is interesting--a zero byte file in the syswow64 folder. My 64 bit laptop does not have the same file.

SystemLook 04.09.10 by jpshortstuff
Log created at 08:30 on 09/03/2014 by GeoffAdmin
Administrator - Elevation successful

========== filefind ==========

Searching for "ntkrnlmp.exe"
No files found.

Searching for "smss.exe"
C:\Windows\System32\smss.exe --a---- 112640 bytes [01:16 11/09/2013] [00:59 02/08/2013] F0970A4BC8395659C22BF53D0FADF16F
C:\Windows\SysWOW64\smss.exe --a---- 0 bytes [04:31 01/03/2014] [04:31 01/03/2014] D41D8CD98F00B204E9800998ECF8427E
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe --a---- 112640 bytes [23:19 13/07/2009] [01:39 14/07/2009] 1911A3356FA3F77CCC825CCBAC038C2A
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_0838504e32dc743c\smss.exe --a---- 112640 bytes [18:15 10/04/2013] [03:19 19/03/2013] FA64733BD65F52712F0545F56FDB4BE6
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_08a94e494c0cfd0a\smss.exe --a---- 112640 bytes [18:15 10/04/2013] [03:20 19/03/2013] 7180204786A9DED8723B2D8CF3CDD388
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe --a---- 112640 bytes [18:15 10/04/2013] [03:06 19/03/2013] F0371DE302FFFF8F086661611BE60848
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe --a---- 112640 bytes [01:16 11/09/2013] [00:59 02/08/2013] F0970A4BC8395659C22BF53D0FADF16F
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe --a---- 112640 bytes [18:15 10/04/2013] [02:57 19/03/2013] 498E2A20E145199709CD100CDBA8603D
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a\smss.exe --a---- 112640 bytes [03:04 14/08/2013] [02:50 08/07/2013] E65601CF4BC0CF3718AFBE56A9AD846F
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe --a---- 112640 bytes [01:16 11/09/2013] [05:06 02/08/2013] CB5DA3E44456D1084BCD87F5B1B3152B
C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe --a---- 112640 bytes [09:01 09/10/2013] [01:04 29/08/2013] B2B31D4C79EFD883097FA24D02E79C12

-= EOF =-
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am

Re: Blue screen at end of 'Starting Windows'

Unread postby Gary R » March 9th, 2014, 10:25 am

There should not be a smss.exe in the syswow64 folder, it is run from System32.

Please try doing the following ....

First .....

If you haven't already done so, BACK UP YOUR PERSONAL FILES AND FOLDERS.

Next .....

Reboot your computer into Last known good configuration by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the option, to run Windows in Last known good configuration, then press Enter.
  • Choose your usual account.

If that doesn't allow you to boot into normal mode ....

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include Code: Select all)
Code: Select all
C:\Windows\SysWOW64\smss.exe

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe.

Try again to see if you can boot into Normal Mode.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 9th, 2014, 3:02 pm

Last Known Good Configuration did not work--still blue screened as same spot.

Ran FRST64 as directed:

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01
Ran by GeoffAdmin at 2014-03-09 15:25:16 Run:2
Running from C:\Users\geoff\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
C:\Windows\SysWOW64\smss.exe
*****************

C:\Windows\SysWOW64\smss.exe => Moved successfully.

==== End of Fixlog ====

Rebooted. Still unable to boot normally.

Looked in SYSWOW64 folder for other zero byte files. Found additional 0 byte executable files that should not be there:
csrss.exe
lsass.exe
lsm.exe
services.exe
winlogon.exe

To see if I could find a reference to these files I searched the HKLM registry for syswow64\[0 byte file name] string (e.g. 'syswow64\csrss') for each file but did not get any hits.

Then I noticed the timestamps. They are all timestamped 2/28/14 @ 11:31 PM which was after my problem started. So they might be another unrelated oddity caused by some tool I was using.
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am

Re: Blue screen at end of 'Starting Windows'

Unread postby Gary R » March 10th, 2014, 2:41 am

It's highly unlikely that any system file will be the cause of your problem, I just had to check that the files indicated by widows debugger as the source of your problem, were not in fact the ones actually creating it, and I'm satisfied they're not.

The error code in your dump logs suggests 2 possible culprits for your problems, the first is that you're using a non-standard GINA (Graphical Identification and Authentication) and it's that that's causing the problem, the second (and more likely) is that you have a faulting 3rd party driver.

The first is fairly easy to check for, the 2nd can be a whole lot more difficult to find.

So we'll try the easy one first ...

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: (don't include Code: Select all)
Code: Select all
:Reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue screen at end of 'Starting Windows'

Unread postby PokerFan » March 10th, 2014, 7:37 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 19:34 on 10/03/2014 by GeoffAdmin
Administrator - Elevation successful

========== Reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"="1"
"Shell"="explorer.exe"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"Userinit"="C:\Windows\system32\userinit.exe,"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"AutoRestartShell"= 0x0000000001 (1)
"Background"="0 0 0"
"CachedLogonsCount"="10"
"DebugServerCommand"="no"
"ForceUnlockLogon"= 0x0000000000 (0)
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PasswordExpiryWarning"= 0x0000000005 (5)
"PowerdownAfterShutdown"="0"
"ShutdownWithoutLogon"="0"
"WinStationsDisabled"="0"
"DisableCAD"= 0x0000000001 (1)
"scremoveoption"="0"
"ShutdownFlags"= 0x0000000027 (39)
"AutoAdminLogon"="0"
"DefaultUserName"="geoff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless Group Policy"
"DisplayName"="@wlgpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessWLANPolicyEx"
"GenerateGroupPolicy"="GenerateWLANPolicy"
"DllName"="wlgpclnt.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExEnviron"
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"="@gpprefcl.dll,-1"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"="@gpprefcl.dll,-2"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"="@gpprefcl.dll,-3"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"="fdeploy.dll"
"NoMachinePolicy"= 0x0000000001 (1)
"NoSlowLink"= 0x0000000001 (1)
"PerUserLocalSettings"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000000 (0)
"NoBackgroundPolicy"= 0x0000000000 (0)
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"="(Folder Redirection,Application)"
"DisplayName"="@fdeploy.dll,-261"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DisplayName"="@%SystemRoot%\System32\dskquota.dll,-100"
"NoMachinePolicy"= 0x0000000000 (0)
"NoUserPolicy"= 0x0000000001 (1)
"NoSlowLink"= 0x0000000001 (1)
"NoBackgroundPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"PerUserLocalSettings"= 0x0000000000 (0)
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000000 (0)
"DllName"="%SystemRoot%\System32\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"="@gpprefcl.dll,-4"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DisplayName"="@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"DllName"="gpscript.dll"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"NoSlowLink"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"NoGPOListChanges"= 0x0000000001 (1)
"NotifyLinkTransition"= 0x0000000001 (1)
"DisplayName"="@gpscript.dll,-1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@="Remote Desktop USB Redirection"
"DllName"="%SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"= 0x0000000001 (1)
"NoUserPolicy"= 0x0000000001 (1)
"DisplayName"="@%SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"DllName"="C:\Windows\System32\iedkcs32.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\System32\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"NoMachinePolicy"= 0x0000000001 (1)
"DisplayName"="@gpprefcl.dll,-5"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"NoBackgroundPolicy"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"="@gpprefcl.dll,-6"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"NoUserPolicy"= 0x0000000001 (1)
"DisplayName"="@gpprefcl.dll,-7"
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}]
@="Remote Desktop Protocol Extension"
"DllName"="%SystemRoot%\System32\RdpGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"= 0x0000000001 (1)
"NoUserPolicy"= 0x0000000001 (1)
"DisplayName"="@%SystemRoot%\System32\RdpGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"="@gpprefcl.dll,-8"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"="@gpprefcl.dll,-9"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"="@gpprefcl.dll,-10"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="%SystemRoot%\System32\srchadmin.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"NoSlowLink"= 0x0000000000 (0)
"NoGPOListChanges"= 0x0000000001 (1)
"NoUserPolicy"= 0x0000000000 (0)
"NoMachinePolicy"= 0x0000000000 (0)
"PerUserLocalSettings"= 0x0000000000 (0)
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@="Internet Explorer User Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\Windows\System32\iedkcs32.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\System32\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@="Security"
"DisplayName"="@(runtime.system32)\scecli.dll,-7650"
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"= 0x0000000001 (1)
"DllName"="scecli.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"MaxNoGPOListChangesInterval"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@="Deployed Printer Connections"
"DisplayName"="@%systemroot%\system32\gpprnext.dll,-1"
"DllName"="%systemroot%\system32\gpprnext.dll"
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"= 0x0000000000 (0)
"NoBackgroundPolicy"= 0x0000000000 (0)
"NoGPOListChanges"= 0x0000000000 (0)
"NoMachinePolicy"= 0x0000000000 (0)
"NoSlowLink"= 0x0000000001 (1)
"NotifyLinkTransition"= 0x0000000000 (0)
"NoUserPolicy"= 0x0000000000 (0)
"PerUserLocalSettings"= 0x0000000000 (0)
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"="@gpprefcl.dll,-11"
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@="Internet Explorer Branding"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="C:\Windows\System32\iedkcs32.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"= 0x0000000001 (1)
"NoMachinePolicy"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\System32\iedkcs32.dll,-3014"
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"="@gpprefcl.dll,-12"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"="@gpprefcl.dll,-13"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"="@gpprefcl.dll,-14"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"="@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"="dot3gpclnt.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"="@gpprefcl.dll,-16"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"="@gpprefcl.dll,-17"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="%SystemRoot%\System32\cscobj.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"NoSlowLink"= 0x0000000000 (0)
"NoGPOListChanges"= 0x0000000000 (0)
"NoUserPolicy"= 0x0000000000 (0)
"NoMachinePolicy"= 0x0000000000 (0)
"PerUserLocalSettings"= 0x0000000000 (0)
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"RequiresSucessfulRegistry"= 0x0000000000 (0)
"DllName"="appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"EventSources"="(Application Management,Application) (MsiInstaller,Application)"
"NoUserPolicy"= 0x0000000000 (0)
"DisplayName"="@appmgmts.dll,-3252"
"PerUserLocalSettings"= 0x0000000001 (1)
"NoBackgroundPolicy"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@="TCPIP"
"DisplayName"="@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"RequiresSuccessfulRegistry"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@="Internet Explorer Machine Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\Windows\System32\iedkcs32.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"= 0x0000000001 (1)
"DisplayName"="@C:\Windows\System32\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"="%SystemRoot%\System32\polstore.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000000 (0)
"DisplayName"="@C:\Windows\system32\polstore.dll,-5012"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyInternet"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"NoMachinePolicy"= 0x0000000001 (1)
"DisplayName"="@gpprefcl.dll,-18"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"="@gpprefcl.dll,-19"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"="@gpprefcl.dll,-20"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"="@gpprefcl.dll,-21"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="auditcse.dll"
"NoUserPolicy"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)
"MaxNoGPOListChangesInterval"= 0x00000003c0 (960)
"ForceRefreshFG"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"="gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"NoMachinePolicy"= 0x0000000001 (1)
"DisplayName"="@gpprefcl.dll,-15"
"PerUserLocalSettings"= 0x0000000001 (1)
"EnableAsynchronousProcessing"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@="Enterprise QoS"
"DisplayName"="@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"="gptext.dll"
"RequiresSuccessfulRegistry"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@="CP"
"DisplayName"="@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"="gptext.dll"
"NoUserPolicy"= 0x0000000001 (1)
"NoGPOListChanges"= 0x0000000001 (1)
"RequiresSuccessfulRegistry"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
"DLLName"="c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll"
"Asynchronous"= 0x0000000000 (0)
"Startup"="OnStartup"
"Logon"="OnLogon"
"StartShell"="OnStartShell"
"Logoff"="OnLogoff"
"Shutdown"="OnShutdown"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\Event]
"Logon"="LBTWLgn_LOGON"
"StartShell"="LBTWLgn_STARTSHELL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]
(No values found)


-= EOF =-
PokerFan
Active Member
 
Posts: 10
Joined: March 1st, 2014, 11:35 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware