First step went well. I will post fixlog.txt in a moment.
My computer has new windows updates pending. Should I allow them to install?
Upon restarting the computer and running a FRST scan from my desktop, I got the same result as the previous attempt, i.e:
Run as administrator and scan. After a few minutes a message appears: "Scan completed. The "FRST.txt" is saved in the same directory FRST tool is run." I click on OK and the following appears: "Cannot find the C:\Users\John\Desktop\FRST.txt file. Do you want to create a new file?" "Yes, No, Close". At the same time another box appears telling me where Addition.txt is found. If I click on Yes, the first message disappears but no txt file appears on my desktop. Clicking on the OK button in the box for Addition.txt results in the same not found/create? dialog and on clicking "Yes" again no txt file is created.
I was prepared to report this but thought I should try running the FRST scan using the exe file on the USB flashdrive, and it worked. Those attached logs are from the flash drive.
When I reopened my mail program to use the link to get back here my mail program froze with a spinning circle and not responding message. I ended that process using the Task List. and tried to restart the computer and I now have a blank screen the color of my desktop with only the mouse cursor showing. I think my only choice from here is to shut off the power, but I think I'll just let it stew until I hear back from you. I am posting from my laptop. phew! - the logs:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2014
Ran by SYSTEM at 2014-12-10 08:13:44 Run:1
Running from j:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
BootExecute: autocheck autochk * SsiEfr.exesdnclean.exe
S1 netfilter; system32\drivers\netfilter.sys [X]
2014-12-08 16:03 - 2013-03-07 08:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-08 16:01 - 2009-08-24 09:59 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-08 16:01 - 2007-02-27 08:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
C:\windows\system32\drivers\netfilter.sys
*****************
HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.
netfilter => Service deleted successfully.
C:\Program Files\Spybot - Search & Destroy 2 => Moved successfully.
C:\Program Files\SpywareBlaster => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
"C:\windows\system32\drivers\netfilter.sys" => File/Directory not found.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by John (administrator) on SIGLERCENTRAL on 10-12-2014 08:25:19
Running from K:\
Loaded Profile: John (Available profiles: IUSR_NMPR & John)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Duality Software) C:\Program Files\DS Clock\dsetime.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-23] (AVAST Software)
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\...\Policies\Explorer: [NoStrCmpLogical] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL =
http://www.gateway.com/g/startpage.html ... P&M=GM5420HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearchHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
https://my.yahoo.com/?mkg=015HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Internet Explorer\Main,Search Page =
https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://www.yahoo.com?fr=hp-avast&type=avastbclSearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKLM -> {138235B3-FA12-4084-A20C-4EB5DA65EAE7} URL =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.certified-toolbar.com?si= ... id=2937&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {138235B3-FA12-4084-A20C-4EB5DA65EAE7} URL =
http://search.certified-toolbar.com?si= ... id=2937&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {4087ADE5-5F1A-4EBF-8D7F-D54860D0DB64} URL =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {94533161-89D6-4D04-96C5-D5E2FBC84855} URL =
http://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.systemrequirementslab.co ... 5.15.0.cabDPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}
http://download.abacast.com/download/fi ... tup162.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-28]
Chrome:
=======
CHR HomePage: Default ->
https://www.yahoo.com?fr=hp-avast&type=avastbclCHR StartupUrls: Default -> "https://twitter.com/"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-07]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [195032 2006-11-18] (Intel(R) Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-10-29] () [File not signed]
R2 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [36312 2006-11-18] (Intel(R) Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [81880 2006-11-18] (Intel(R) Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [32216 2006-11-18] ()
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [174552 2006-11-18] (Intel(R) Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [2794234 2009-02-15] (INCA Internet Co., Ltd.) [File not signed]
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [550872 2006-11-18] (Intel(R) Corporation)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5504 2006-12-18] (Intel Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R2 nmsgopro; C:\Windows\System32\DRIVERS\nmsgopro.sys [28672 2006-09-27] (Gteko Ltd.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [7424 2006-10-19] (Gteko Ltd.)
S3 Point32; C:\Windows\System32\DRIVERS\point32k.sys [24064 2006-11-07] (Microsoft Corporation) [File not signed]
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [38422 2005-08-16] (Generic) [File not signed]
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [18904 2006-11-18] ()
R3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbda.sys [155648 2007-05-22] (ViXS Systems Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
U3 DFSR; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SDDMI2; \??\C:\Windows\system32\DDMI2.sys [X]
S3 STHDA; system32\drivers\stwrt.sys [X]
U4 UmRdpService; No ImagePath
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-09 21:24 - 2014-12-10 08:25 - 00000000 ___DC () C:\FRST
2014-12-08 19:12 - 2014-12-08 19:12 - 00602112 _____ (OldTimer Tools) C:\Users\John\Desktop\OTL.exe
2014-12-08 19:03 - 2014-12-08 19:03 - 00002464 _____ () C:\Windows\PFRO.log
2014-12-08 10:00 - 2014-12-08 10:00 - 00033488 _____ () C:\Users\John\Documents\temp.txt
2014-12-08 09:11 - 2014-12-08 09:11 - 02153472 _____ () C:\Users\John\Desktop\adwcleaner_4.104.exe
2014-12-08 09:11 - 2014-12-08 09:11 - 01111040 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-12-04 10:05 - 2014-12-04 10:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-12-03 12:18 - 2014-12-03 12:18 - 00000000 ____D () C:\Users\Public\Documents\VP3DLlaptop
2014-12-02 20:32 - 2014-12-02 20:25 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141202-203215.backup
2014-11-30 17:45 - 2014-11-30 17:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Systweak
2014-11-25 14:11 - 2014-11-25 13:56 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141125-141140.backup
2014-11-25 13:53 - 2014-12-02 20:23 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-23 17:41 - 2014-11-23 17:41 - 00000763 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-11-23 17:41 - 2014-11-23 17:41 - 00000763 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-11-23 17:41 - 2014-11-23 17:41 - 00000000 ____D () C:\Users\John\AppData\Roaming\Opera Software
2014-11-23 17:40 - 2014-12-03 10:13 - 00000000 ____D () C:\Program Files\Opera
2014-11-23 17:39 - 2014-11-23 17:39 - 00075552 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-11-23 15:51 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-23 12:32 - 2014-11-23 12:32 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-23 12:32 - 2014-11-23 12:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-23 11:54 - 2014-12-10 08:06 - 00014806 _____ () C:\Windows\system32\debug.log
2014-11-18 09:14 - 2014-12-10 08:18 - 00551003 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 13:40 - 2014-11-17 13:40 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-17 13:11 - 2014-11-17 13:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\MPC-HC
2014-11-16 14:20 - 2014-11-16 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2014-11-16 14:18 - 2014-11-16 14:20 - 00000000 ____D () C:\Windows\system32\C2MP
2014-11-12 08:13 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:13 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:13 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:13 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:12 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:12 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:12 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:11 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:11 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:09 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:09 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:09 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:09 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:09 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:03 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 07:59 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:59 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:59 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:59 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:59 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:59 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:59 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 07:59 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:59 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:59 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 07:59 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 07:59 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 07:45 - 2014-11-12 07:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVAST Software
2014-11-11 18:58 - 2014-11-11 20:09 - 00000000 ____D () C:\Users\John\AppData\Local\AvgSetupLog
2014-11-11 18:58 - 2014-11-11 18:58 - 00000000 ____D () C:\Users\John\AppData\Local\Avg
2014-11-10 10:33 - 2014-11-10 10:33 - 00089151 _____ () C:\Users\John\Documents\bookmarks.html
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 08:23 - 2007-03-27 10:45 - 00000041 _____ () C:\Windows\Filzip.ini
2014-12-10 08:19 - 2006-11-02 05:33 - 00784776 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 08:15 - 2014-05-07 17:47 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 08:15 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 08:15 - 2006-11-02 07:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 08:15 - 2006-11-02 07:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 08:06 - 2006-11-02 08:01 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-10 08:01 - 2013-12-22 23:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 22:10 - 2014-05-07 17:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-09 21:44 - 2008-08-12 07:46 - 00000000 ____D () C:\Users\Public\Documents\Excel
2014-12-09 21:44 - 2007-03-27 14:02 - 00008992 _____ () C:\Windows\John8.xlb
2014-12-09 17:01 - 2013-11-15 14:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 17:01 - 2013-11-15 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 16:24 - 2014-09-05 16:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-12-08 19:01 - 2014-03-13 08:43 - 00000079 _____ () C:\Windows\wininit.ini
2014-12-08 18:57 - 2007-03-22 15:39 - 00000000 ____D () C:\Program Files\Java
2014-12-08 15:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-07 15:12 - 2014-05-20 10:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-07 13:52 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Speech
2014-12-07 13:31 - 2014-05-20 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 13:31 - 2014-05-20 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-07 13:08 - 2008-02-18 13:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-07 13:08 - 2008-01-11 09:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-07 12:38 - 2007-02-23 21:05 - 00000000 ____D () C:\Users\John\Finance
2014-12-02 10:53 - 2006-11-02 07:47 - 00400152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-27 13:23 - 2006-11-02 05:23 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141202-202508.backup
2014-11-26 21:17 - 2014-10-10 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-11-26 21:17 - 2011-06-28 13:52 - 00000000 ____D () C:\ProgramData\DivX
2014-11-26 21:17 - 2007-02-22 23:14 - 00000000 ____D () C:\Program Files\DivX
2014-11-26 21:17 - 2006-12-18 12:12 - 00000000 ___HD () C:\Users\IUSR_NMPR
2014-11-26 21:16 - 2014-10-10 13:53 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-11-26 11:23 - 2014-10-10 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-11-25 18:08 - 2007-02-22 14:26 - 00000000 ____D () C:\Internet
2014-11-25 14:11 - 2006-11-02 05:23 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141127-132355.backup
2014-11-25 12:31 - 2007-02-20 13:14 - 00095744 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-25 11:39 - 2008-07-03 09:35 - 00000000 ____D () C:\Users\John\Download
2014-11-24 12:31 - 2008-10-04 08:01 - 00000000 ____D () C:\Users\Public\Documents\Textfiles
2014-11-23 17:41 - 2014-02-24 16:00 - 00000000 ____D () C:\Users\John\AppData\Local\Opera Software
2014-11-23 17:03 - 2009-11-03 11:13 - 00000000 ____D () C:\ProgramData\avg9
2014-11-23 12:32 - 2014-04-24 05:13 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-23 12:18 - 2007-02-20 13:09 - 00000000 ____D () C:\Users\John
2014-11-23 12:18 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-23 12:17 - 2014-10-10 13:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\LavFilters
2014-11-23 12:17 - 2014-10-10 13:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\CDXReader
2014-11-23 12:17 - 2014-03-27 06:56 - 00000000 ____D () C:\Users\Public\Laptop
2014-11-23 12:17 - 2011-12-30 13:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\dvdcss
2014-11-23 12:17 - 2011-08-30 11:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\Winamp
2014-11-23 12:17 - 2011-06-28 13:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\IrfanView
2014-11-23 12:17 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-11-23 12:17 - 2006-11-02 05:22 - 52166656 _____ () C:\Windows\system32\config\software_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 20447232 _____ () C:\Windows\system32\config\system_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 00098304 _____ () C:\Windows\system32\config\sam_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-11-23 12:16 - 2014-05-07 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-23 12:16 - 2013-05-30 06:49 - 00000000 ____D () C:\Users\John\AppData\Local\File Renamer Basic
2014-11-23 12:16 - 2007-02-24 23:42 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Games
2014-11-23 12:16 - 2006-12-18 12:12 - 00000000 ___RD () C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 12:16 - 2006-12-18 12:12 - 00000000 ___RD () C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-11-21 06:14 - 2014-05-20 10:02 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-05-20 10:02 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2011-01-29 08:54 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 11:01 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-11-16 14:21 - 2007-02-24 20:00 - 00000000 ____D () C:\Windows\pss
2014-11-14 09:25 - 2010-04-18 10:14 - 00000000 ____D () C:\Program Files\SopCast
2014-11-12 22:36 - 2007-03-02 09:52 - 00000000 ____D () C:\Users\John\Documents\Textfiles
2014-11-12 11:33 - 2007-02-23 13:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Talkback
2014-11-12 10:52 - 2006-11-02 05:23 - 00449970 ____R () C:\Windows\system32\Drivers\etc\hosts.20141125-135618.backup
2014-11-12 09:56 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:38 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 08:11 - 2014-05-07 17:48 - 00001919 _____ () C:\Users\Public\Desktop\Chrome.lnk
2014-11-12 08:08 - 2013-07-24 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 08:03 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-12 07:39 - 2014-09-05 14:51 - 00000000 ____D () C:\Users\John\AppData\Roaming\XnView
2014-11-12 07:39 - 2014-07-23 14:23 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download App
2014-11-12 07:39 - 2014-07-02 09:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-11-12 07:39 - 2014-02-28 10:21 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-12 07:39 - 2013-09-14 12:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\MediaMonkey
2014-11-12 07:39 - 2013-06-11 18:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-12 07:39 - 2013-03-05 11:41 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-12 07:39 - 2011-07-24 14:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-12 07:39 - 2011-02-10 21:17 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVG10
2014-11-12 07:39 - 2009-04-03 13:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Thunderbird
2014-11-12 07:39 - 2007-08-02 14:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-12 07:39 - 2007-02-20 13:10 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-12 07:39 - 2007-02-20 13:10 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 07:38 - 2014-09-05 14:57 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-12 07:38 - 2014-08-29 16:53 - 00000000 ____D () C:\Program Files\PopMan
2014-11-12 07:38 - 2014-07-02 10:50 - 00000000 ____D () C:\Program Files\Just Great Software
2014-11-12 07:38 - 2014-02-24 22:48 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2014-11-12 07:38 - 2014-02-24 22:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2014-11-12 07:38 - 2011-01-03 22:52 - 00000000 ____D () C:\Program Files\Celeris
2014-11-12 07:38 - 2008-08-08 20:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-12 07:38 - 2006-12-18 12:20 - 00000000 ____D () C:\Program Files\Google
2014-11-11 21:19 - 2007-02-21 11:12 - 00001356 ____R () C:\Users\John\AppData\Local\d3d9caps.dat
2014-11-11 18:58 - 2007-03-20 11:39 - 00000000 ____D () C:\Users\John\AppData\Local\Help
2014-11-10 13:03 - 2011-02-10 20:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-10 12:42 - 2006-11-02 06:18 - 00000000 ___RD () C:\Windows\Web
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-10 08:20
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2014
Ran by John at 2014-12-10 08:25:55
Running from K:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Championship Spades All-Stars 7.50 (HKLM\...\ChampSpades) (Version: 7.50 - DreamQuest)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.02.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.02.02 - AlcorMicro) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Doom 3 (HKLM\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.3 - Activision)
Doom 3 (Version: 1.3 - Activision) Hidden
Download App (HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\...\Download App) (Version: 1.7.0 - CBS Interactive)
DS Clock (HKLM\...\DS Clock_is1) (Version: 2.4 - Duality Software)
EditPad Lite 7.3.1 (HKLM\...\EditPad Lite) (Version: 7.3.1 - Just Great Software)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.009 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) Viiv(TM) Software (HKLM\...\Intel(R) Configuration Center) (Version: 1.6.429.0 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Links 2001 (HKLM\...\Links 2001 2.0) (Version: - )
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 26.0.1656.32 (HKLM\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
PopMan 1.3.1 (HKLM\...\PopMan-CH-Software_is1) (Version: - CH-Software)
SopCast 3.2.9 (HKLM\...\SopCast) (Version: 3.2.9 -
www.sopcast.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Pool 3 DL (HKLM\...\{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}) (Version: 3.3.1.1 - Celeris)
Virtual Pool 4 (HKLM\...\{E801BD2A-AB6B-4B8F-9599-B164AC726EC8}) (Version: 4.1.2.9 - Celeris)
Virtual Pool 4 Online (HKLM\...\{C074AFB2-07DF-46DF-96CD-38CEC2793AF7}) (Version: 4.3.8.3 - Celeris)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-12-2014 20:11:45 Scheduled Checkpoint
03-12-2014 18:11:01 Scheduled Checkpoint
04-12-2014 19:12:18 Scheduled Checkpoint
05-12-2014 19:50:02 Scheduled Checkpoint
06-12-2014 18:24:05 Scheduled Checkpoint
07-12-2014 16:27:48 Scheduled Checkpoint
07-12-2014 18:04:57 Removed Adobe Reader XI (11.0.08).
08-12-2014 18:15:48 Scheduled Checkpoint
08-12-2014 23:57:01 Removed Java 8 Update 11
09-12-2014 12:23:44 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2014-12-02 20:32 - 00450028 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1
www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com127.0.0.1 008k.com
127.0.0.1
www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com127.0.0.1 032439.com
127.0.0.1
www.0scan.com127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1
www.1000gratisproben.com127.0.0.1 1001namen.com
127.0.0.1
www.1001namen.com127.0.0.1 100888290cs.com
127.0.0.1
www.100888290cs.com127.0.0.1
www.100sexlinks.com127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1
www.10sek.com127.0.0.1
www.1-2005-search.com127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1
www.123fporn.info127.0.0.1 123haustiereundmehr.com
127.0.0.1
www.123haustiereundmehr.comThere are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {15A1CF78-CBE9-4147-BFF5-9440CE66C339} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {1DC0B424-4F32-4C56-92F6-76FD16FA7B9D} - System32\Tasks\Opera scheduled Autoupdate 1416782460 => C:\Program Files\Opera\launcher.exe [2014-11-25] (Opera Software)
Task: {2733DA8B-E7D1-40C8-9BBC-9CC5DB2A8CE9} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {3B82867E-F1CC-4A60-9872-2EBB4FC015E8} - System32\Tasks\Your File Updater => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {4C9F52D4-AF85-4990-BF68-248326A1B634} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - John => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {725C8562-BB45-4E55-9D50-3C43BE706E11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {7ECC95E3-0595-4654-AA19-4F61F81B821D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {851F01C9-5B14-4577-A9B6-33BFDF2D3AE6} - System32\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627} => C:\Windows\msb.exe
Task: {94352A4C-F333-44E2-8CDC-C1F1EC18CCFD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4278196236-3910043076-1921008887-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A27935DF-0070-4086-93DA-803537D71B61} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\John\AppData\Local\Temp\c.exe <==== ATTENTION
Task: {AF02248A-845E-4965-8B72-FD8009C8A41D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {AFFC1BA0-473F-413D-806D-B5DFBA45953D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B0D63523-2B22-493C-811D-7C6E48B20AD6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4278196236-3910043076-1921008887-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {EAC2B775-C7CE-4EA7-A07A-79AF00A8919C} - \GPUP No Task File <==== ATTENTION
Task: {EC86AAE5-8F51-4094-906A-7F7EA623D01D} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {FBF23735-619F-4BD6-9118-D058E137276C} - System32\Tasks\Java check => C:\Program Files\Java\jre6\bin\jucheck.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{E57A22E8-06A3-46E2-A6A3-C443A62D321E}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2014-12-10 07:52 - 2014-12-10 07:52 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14121000\algo.dll
2007-02-27 13:34 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2007-05-18 08:00 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\ZLhp1020.DLL
2011-09-15 10:04 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2006-12-18 12:50 - 2006-12-12 10:04 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2014-02-28 11:04 - 2014-11-23 12:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-10-29 12:03 - 2006-10-29 12:03 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: avg8emc => 2
MSCONFIG\Services: avg8wd => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download App.lnk => C:\Windows\pss\Download App.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ccleaner => "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
MSCONFIG\startupreg: CCUTRAYICON => "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
MSCONFIG\startupreg: Codec Settings UAC Manager => "C:\Windows\system32\C2MP\CodecUACManager.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: NMSSupport => "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PopMan => C:\Program Files\PopMan\PopMan.exe -minimize
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-4278196236-3910043076-1921008887-500 - Administrator - Disabled)
Guest (S-1-5-21-4278196236-3910043076-1921008887-501 - Limited - Enabled)
IUSR_NMPR (S-1-5-21-4278196236-3910043076-1921008887-1000 - Limited - Enabled) => C:\Users\IUSR_NMPR
John (S-1-5-21-4278196236-3910043076-1921008887-1001 - Administrator - Enabled) => C:\Users\John
==================== Faulty Device Manager Devices =============
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2014 08:24:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 7.12.2014.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b84
Start Time: 01d0147c754d2d8f
Termination Time: 7
Error: (12/10/2014 08:02:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 6.0.6000.16386 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a58
Start Time: 01d014792bb2e41e
Termination Time: 28
Error: (12/09/2014 10:47:08 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\security.cpp78800706e5
Error: (12/09/2014 00:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f78
Start Time: 01d013d474452698
Termination Time: 13
Error: (12/09/2014 07:23:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service getPlusHelper since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (12/09/2014 05:59:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5c4
Start Time: 01d0139e9f9edbc1
Termination Time: 13
Error: (12/08/2014 10:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: be4
Start Time: 01d01362455a9b4e
Termination Time: 5
Error: (12/08/2014 07:33:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 670
Start Time: 01d01347436010a6
Termination Time: 16
Error: (12/08/2014 07:29:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: da8
Start Time: 01d01346d1c7a0c6
Termination Time: 11
Error: (12/08/2014 07:26:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5b4
Start Time: 01d013467c16cc29
Termination Time: 7
System errors:
=============
Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:20:28 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)
Microsoft Office Sessions:
=========================
Error: (12/10/2014 08:24:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe7.12.2014.1b8401d0147c754d2d8f7
Error: (12/10/2014 08:02:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad.exe6.0.6000.16386a5801d014792bb2e41e28
Error: (12/09/2014 10:47:08 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\security.cpp78800706e5
Error: (12/09/2014 00:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0f7801d013d47445269813
Error: (12/09/2014 07:23:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service getPlusHelper since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (12/09/2014 05:59:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.05c401d0139e9f9edbc113
Error: (12/08/2014 10:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0be401d01362455a9b4e5
Error: (12/08/2014 07:33:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.067001d01347436010a616
Error: (12/08/2014 07:29:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0da801d01346d1c7a0c611
Error: (12/08/2014 07:26:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.05b401d013467c16cc297
CodeIntegrity Errors:
===================================
Date: 2014-12-10 08:25:49.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:25:48.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:25:48.515
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:25:48.056
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:25:47.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:25:46.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:25:46.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:25:46.061
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:21:50.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-12-10 08:21:50.475
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 47%
Total physical RAM: 2020.99 MB
Available physical RAM: 1056.78 MB
Total Pagefile: 4283.25 MB
Available Pagefile: 3369.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:288.38 GB) (Free:139.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.71 GB) (Free:3.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (NFSHS) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive i: () (Fixed) (Total:111.78 GB) (Free:98.29 GB) NTFS
Drive k: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FF7CFDA7)
Partition 1: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=288.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: E509E509)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 250 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================