Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Localhost Blocked, Browsers Not Working


  • Please log in to reply
5 replies to this topic

#1 randys42

randys42

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 11 May 2014 - 08:50 AM

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/485493/localhost-blocked-lan-connected/ - Hamluis.

 

 

This seems to be the only topic that deals with Localhost blocked. The previous poster had the same problem that I have now. I have internet connectivity: I can ping and run tracert anywhere but can't use my browser or get updates. I ran Farbar scanner and got these results:

My firewall is also not running but I am concerned about getting back online first. I will address the firewall in another thread. First I want to see if there are any threads already started.
 

I ran these commands before running the scan:

 
netsh int ip reset reset.log
netsh winsock reset catalog
 

 

Farbar Service Scanner Version: 03-05-2014
Ran by Randy (administrator) on 11-05-2014 at 09:37:49
Running from "C:\Users\Randy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Firewall Disabled Policy: 
==================
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

TIA,

 

Randy


Edited by hamluis, 11 May 2014 - 12:22 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:46 PM

Posted 11 May 2014 - 08:32 PM

Welcome aboard p22002758.gif

 

NOTE 1. Use another working computer to download necessary tools. Use USB flash drive to transfer them from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 randys42

randys42
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 May 2014 - 10:20 AM

I apologize for the delay in responding. I have a fractured vertabra and I can't sit upright very long. 
 
Regarding using another computer; My affected PC is on a home network. I am remoting into another computer and getting out that way. (TCP is out but IP isn't). 
 
The problems began after I had to replace memory. I had to replace 6GB of my 14GB. After installing the new memory, the system began crashing. CHKDSK had to run a number of times and there were index errors. I saw some orphaned files. I had a number of problems:
 
1. DHCP
2. Firewall wouldn't start Diagnostic Service wouldn't start. I was able to fix a number of the errors. There were permission problems. The system accounts BFE and MPSSVC were gone. I corrected those. DHCP works, the firewall works. But permissions are still off. For example the HOSTS file can't be updated by any other users assigned to its permissions. I am not using that file but other files that are used have the same security problems. 
 
Since removing the memory, the system doesn't crash.. 
 
I question I can't find an answer to: I see a lot of the character "@" preceding %systemroot%. That character doesn't seem to be able to be used in Google searches. A search on @%systemroot% returns only %systemroot% results. I can't tell if that is normal or not. 
 
Thank you for trying to help me. I usually can solve problems but this is a little deeper than where my knowledge goes. 
 
Randy Schirmer
 
*****************************************************
 
Security Check displays error during Preparing stage:
 
Occurs during Preparing stage:
 
Line -1
Variable must be of type "object"
-----------------
 
Result of the Security Check:
 
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spyder3Pro     
 Adobe Reader XI  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 
 
 
 
 
FarBar:
 
Farbar Service Scanner Version: 03-05-2014
Ran by Randy (administrator) on 18-05-2014 at 09:53:18
Running from "C:\Users\Randy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
*****************************************************
 
MiniToolBox Output:
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Randy (administrator) on 18-05-2014 at 10:39:26
Running from "C:\Users\Randy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Randy-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C8-9C-DC-D0-0E-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4c05:eb1:5f5f:7f00%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 0.0.0.0
   Lease Obtained. . . . . . . . . . : Saturday, May 17, 2014 9:20:36 AM
   Lease Expires . . . . . . . . . . : Monday, May 19, 2014 8:43:01 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 298360028
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-53-D7-C0-C8-9C-DC-D0-0E-F0
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3c25:3432:3f57:fefb(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c25:3432:3f57:fefb%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  NULL
 
Unable to initialize Windows Sockets interface. Destination address unreachable. 
Server:  UnKnown
Address:  NULL
 
Unable to initialize Windows Sockets interface. Destination address unreachable. 
Unable to initialize Windows Sockets interface. Destination address unreachable. 
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09  [] ()
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/17/2014 09:20:35 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background 
 
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (05/11/2014 01:49:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 01:47:39 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/11/2014 01:47:39 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/11/2014 01:47:39 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (05/11/2014 00:10:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 00:08:58 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/11/2014 00:08:58 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/11/2014 00:08:58 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (05/11/2014 11:55:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/11/2014 01:47:36 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error: 
%%5
 
Error: (05/11/2014 01:46:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/11/2014 01:46:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (05/17/2014 09:20:35 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. 
 
Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (05/11/2014 01:49:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 01:47:39 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/11/2014 01:47:39 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/11/2014 01:47:39 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (05/11/2014 00:10:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2014 00:08:58 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/11/2014 00:08:58 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/11/2014 00:08:58 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (05/11/2014 11:55:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-05 17:07:36.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because 
 
file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or 
 
damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:36.082
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because 
 
file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or 
 
damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:36.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because 
 
file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or 
 
damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:36.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because 
 
file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or 
 
damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:27.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because 
 
file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or 
 
damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:27.268
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because 
 
file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or 
 
damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20
Acer eRecovery Management (Version: 5.00.3504)
Acer Games (Version: 1.0.2.5)
Acer Registration (Version: 1.04.3503)
Acer ScreenSaver (Version: 1.1.0609.2011)
Acer Updater (Version: 1.02.3500)
Adobe AIR (Version: 1.5.3.9120)
Adobe Creative Suite 5 Web Premium (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Amazon Cloud Player (Version: 2.4.0.26)
Amazon MP3 Downloader 1.0.18 (Version: 1.0.18)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0429.2313.39747)
AMD Media Foundation Decoders (Version: 1.0.80430.0002)
AMD VISION Engine Control Center (Version: 2013.0429.2313.39747)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.10503)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
BioShock
BioShock Infinite
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (Version: 2.2.0.97)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.2.0.10)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.3 (Version: 3.3.1.1)
Canon Utilities EOS Utility (Version: 2.3.1.3)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.2.0.1)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0429.2313.39747)
Catalyst Control Center InstallProxy (Version: 2013.0429.2313.39747)
Catalyst Control Center Localization All (Version: 2013.0429.2313.39747)
CCC Help Chinese Standard (Version: 2013.0429.2312.39747)
CCC Help Chinese Traditional (Version: 2013.0429.2312.39747)
CCC Help Czech (Version: 2013.0429.2312.39747)
CCC Help Danish (Version: 2013.0429.2312.39747)
CCC Help Dutch (Version: 2013.0429.2312.39747)
CCC Help English (Version: 2013.0429.2312.39747)
CCC Help Finnish (Version: 2013.0429.2312.39747)
CCC Help French (Version: 2013.0429.2312.39747)
CCC Help German (Version: 2013.0429.2312.39747)
CCC Help Greek (Version: 2013.0429.2312.39747)
CCC Help Hungarian (Version: 2013.0429.2312.39747)
CCC Help Italian (Version: 2013.0429.2312.39747)
CCC Help Japanese (Version: 2013.0429.2312.39747)
CCC Help Korean (Version: 2013.0429.2312.39747)
CCC Help Norwegian (Version: 2013.0429.2312.39747)
CCC Help Polish (Version: 2013.0429.2312.39747)
CCC Help Portuguese (Version: 2013.0429.2312.39747)
CCC Help Russian (Version: 2013.0429.2312.39747)
CCC Help Spanish (Version: 2013.0429.2312.39747)
CCC Help Swedish (Version: 2013.0429.2312.39747)
CCC Help Thai (Version: 2013.0429.2312.39747)
CCC Help Turkish (Version: 2013.0429.2312.39747)
ccc-utility64 (Version: 2013.0429.2313.39747)
Chronicles of Albian (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.1720.15)
clear.fi (Version: 9.0.7713)
clear.fi Client (Version: 1.00.3500)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.1.0.843)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1)
Cradle of Rome 2 (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
Dora's World Adventure (Version: 2.2.0.95)
eBay Worldwide (Version: 2.2.0409)
Etron USB3.0 Host Controller (Version: 0.103)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
Free PDF Solutions PDF to WORD version 1.0 (Version: 1.0)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GIMP 2.8.8 (Version: 2.8.8)
Google Chrome (Version: 34.0.1847.131)
Google Update Helper (Version: 1.3.23.9)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
HDR Efex Pro (Version: 1.2.0.3)
Hotkey Utility (Version: 2.05.3504)
Identity Card (Version: 1.00.3501)
Intel® C++ Redistributables for Windows* on Intel® 64 (Version: 11.1.048)
iTunes (Version: 11.0.4.4)
Jewel Match 3 (Version: 2.2.0.97)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery of Mortlake Mansion (Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (Version: 4.0.14.27)
MyWinLocker Suite (Version: 4.0.14.18)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Express 10 (Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (Version: 10.5.10300)
Nero StartSmart 10 (Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 1.0.0018)
Nik Collection (Version: 1.1.1.1)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA 3D Vision Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3182)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
PDF Settings CS5 (Version: 10.0)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.95)
Portrait Professional Studio 11.0 (Version: 11.0)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver (Version: 7.45.516.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6299)
Samsung_MonSetup (Version: 1.00.0000)
SeaTools for Windows
SHIELD Streaming (Version: 1.6.53)
Shredder (Version: 2.0.8.9)
Skype™ 6.14 (Version: 6.14.104)
Smilebox (Version: 1.0.0.26688)
Spyder3Pro
Steam
Times Reader (Version: 2.055)
Tomb Raider
Tomb Raider: Underworld 1.1
Torchlight (Version: 2.2.0.97)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
Wacom Tablet (Version: 6.3.6w3)
Welcome Center (Version: 1.02.3503)
WildTangent Games App (Acer Games) (Version: 4.0.5.14)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 17.5 (Version: 17.5.10562)
Zuma's Revenge (Version: 2.2.0.97)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 19%
Total physical RAM: 7908.73 MB
Available physical RAM: 6374.93 MB
Total Pagefile: 15815.65 MB
Available Pagefile: 12921.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.84 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:911.41 GB) (Free:360.08 GB) NTFS
5 Drive g: (Transcend) (Removable) (Total:3.74 GB) (Free:0.01 GB) FAT32
8 Drive j: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:688.44 GB) NTFS
9 Drive m: (EOS_DIGITAL) (Removable) (Total:15.02 GB) (Free:12.03 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\RANDY-PC
 
admin                    Administrator            Guest                    
Randy                    template                 UpdatusUser              
 
========================= Restore Points ==================================
 
05-05-2014 22:06:54 Base
09-05-2014 01:25:15 Windows Update
10-05-2014 16:01:54 Windows Modules Installer
12-05-2014 21:29:49 Windows Update
17-05-2014 13:32:19 Windows Update
 
**** End of log ****
 
 
 
MalwareBytes Scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/18/2014
Scan Time: 10:23:57 AM
Logfile: mbamscan.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Randy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301912
Time Elapsed: 9 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
**********************************************
 
Malwarebytes Rootkit
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, J:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 8292909056, free: 6664777728
 
=======================================
Initializing...
------------ Kernel report ------------
     05/18/2014 10:44:28
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\wachidrouter.sys
\SystemRoot\system32\DRIVERS\hidkmdf.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacomrouterfilter.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\Spyder3.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\user32.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR15
Upper Device Object: 0xfffffa8007dbd3a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000b5\
Lower Device Object: 0xfffffa8007e69730
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa80097f7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa80097ed610
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800934c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa80090f8b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8008619060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa80090f7b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8009273060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xfffffa80092a0b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800927c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xfffffa80090f1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009345790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa80090ebb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007d8a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000057\
Lower Device Object: 0xfffffa8007bf58f0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007d8a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d8ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d8a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007bf9ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8007bf58f0, DeviceName: \Device\00000057\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4375D369
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 41943040
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 41945088  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 42149888  Numsec = 1911371776
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8009345790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80090f9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009345790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80090ebb60, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800927c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80090fcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800927c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80090f1b60, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8009273060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80090fbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009273060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80092a0b60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8192  Numsec = 31504384
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 16134438912 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8008619060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80090fdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008619060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80090f7b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800934c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80090feb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800934c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80090f8b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xfffffa80097f7060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80097e9410, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80097f7060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80097ed610, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4B57300
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272065
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1500301909504 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 7, DevicePointer: 0xfffffa8007dbd3a0, DeviceName: \Device\Harddisk7\DR15\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a3f900, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007dbd3a0, DeviceName: \Device\Harddisk7\DR15\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007e69730, DeviceName: \Device\000000b5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk7\DR15\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 7
Scanning MBR on drive 7...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 256  Numsec = 7839488
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 4013948928 bytes
Sector size: 512 bytes
 
Done!
Scan finished
 
*****************************************************
 
RKill Results:
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/18/2014 11:01:08 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/18/2014 11:01:26 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)


#4 randys42

randys42
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 May 2014 - 01:54 PM

Since I sent this I have a few more things. The Diagnostic Policy Service fails to start with an Access Denied error.

 

I had been running chkdsk which only looked for directory consistency. It had been passing. When I saw sfc I figured it might show if the files themselves were corrupted and some were. SFC couldn't repair all of them. I am trying to determine which files are damaged. There are a number of hashtag errors. The log file is almost 3MB so I didn't want to insert it here. I don't know if this enough of the file but I included the entries at the end that showed the errors. I went thru the files and only see these errors but I am looking for a way to filter the errors out. But it seems that until these are repaired nothing we do would solve the problem. 

 

Would copying a file from a good Windows 7 system fix the problem? Would deleting these files delete the hashtags and copy the good file reset the hashtags?  

 

 

Thanks.

 

 

 

 
2014-05-18 14:24:20, Info                  CSI    000002f2 Repair results created:
POQ 123 starts:
     0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\94b7cd62c672cf01b93700002c06540f._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\b505ce62c672cf01ba3700002c06540f.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\c62cce62c672cf01bb3700002c06540f.$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms"
    3: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\e77ace62c672cf01bc3700002c06540f.$$_microsoft.net_framework_83386eac0379231b.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms"
    4: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\113ad162c672cf01bd3700002c06540f.$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms"
    5: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\9fe3d462c672cf01be3700002c06540f.$$_microsoft.net_framework_v2.0.50727_redistlist_2e6ab8b35e9ef953.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_redistlist_2e6ab8b35e9ef953.cdf-ms"
 
POQ 123 ends.
2014-05-18 14:24:20, Info                  CSI    000002f3 [SR] Verify complete
2014-05-18 14:24:21, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-18 14:24:21, Info                  CSI    000002f5 [SR] Beginning Verify and Repair transaction
2014-05-18 14:24:25, Info                  CSI    000002f6 Repair results created:
POQ 124 starts:
 
POQ 124 ends.
2014-05-18 14:24:25, Info                  CSI    000002f7 [SR] Verify complete
2014-05-18 14:24:25, Info                  CSI    000002f8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-18 14:24:25, Info                  CSI    000002f9 [SR] Beginning Verify and Repair transaction
2014-05-18 14:24:29, Info                  CSI    000002fa Repair results created:
POQ 125 starts:
 
POQ 125 ends.
2014-05-18 14:24:29, Info                  CSI    000002fb [SR] Verify complete
2014-05-18 14:24:29, Info                  CSI    000002fc [SR] Verifying 8 components
2014-05-18 14:24:29, Info                  CSI    000002fd [SR] Beginning Verify and Repair transaction
2014-05-18 14:24:29, Info                  CSI    000002fe Repair results created:
POQ 126 starts:
 
POQ 126 ends.
2014-05-18 14:24:29, Info                  CSI    000002ff [SR] Verify complete
 
2014-05-18 14:24:29, Info                  CSI    00000300 [SR] Repairing 1 components
 
2014-05-18 14:24:29, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
 
 
2014-05-18 14:24:29, Info                  CSI    00000302 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_6.1.7601.17514_none_c39da6c14aadd775\CertPolEng.dll do not match actual file [l:28{14}]"CertPolEng.dll" :
  Found: {l:32 b:47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=} Expected: {l:32 b:gPfIdH7xXyY3vbQo4qtugNP1kdLvydQNRE8VbvA2v1E=}
 
 
2014-05-18 14:24:29, Info                  CSI    00000303 [SR] Cannot repair member file [l:28{14}]"CertPolEng.dll" of Microsoft-Windows-Security-Certificate-Policy-Engine, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
 
 
2014-05-18 14:24:29, Info                  CSI    00000304 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_6.1.7601.17514_none_c39da6c14aadd775\CertPolEng.dll do not match actual file [l:28{14}]"CertPolEng.dll" :
  Found: {l:32 b:47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=} Expected: {l:32 b:gPfIdH7xXyY3vbQo4qtugNP1kdLvydQNRE8VbvA2v1E=}
 
 
2014-05-18 14:24:29, Info                  CSI    00000305 [SR] Cannot repair member file [l:28{14}]"CertPolEng.dll" of Microsoft-Windows-Security-Certificate-Policy-Engine, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
 
 
 
2014-05-18 14:24:29, Info                  CSI    00000306 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
 
 
2014-05-18 14:24:29, Info                  CSI    00000307 Repair results created:
POQ 127 starts:
 
POQ 127 ends.
2014-05-18 14:24:29, Info                  CSI    00000308 [SR] Repair complete
2014-05-18 14:24:29, Info                  CSI    00000309 [SR] Committing transaction
2014-05-18 14:24:29, Info                  CSI    0000030a Creating NT transaction (seq 2), objectname [6]"(null)"
2014-05-18 14:24:29, Info                  CSI    0000030b Created NT transaction (seq 2) result 0x00000000, handle @0x640
2014-05-18 14:24:29, Info                  CSI    0000030c@2014/5/18:18:24:29.796 CSI perf trace:
CSIPERF:TXCOMMIT;4
2014-05-18 14:24:29, Info                  CSI    0000030d [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:46 PM

Posted 18 May 2014 - 05:44 PM

Nothing malicious there.

 

It looks to me like corrupted Winsock...

 

  • Please download comintrep.zip and save it to your desktop
  • Unzip downloaded file. It'll create cintrepair folder. Inside that folder you'll find CIntRep.exe file
  • Double click on CIntRep.exe to run the tool
  • Place a checkmark next to the following entries:

 
  • Reset Internet Protocol (TCP/IP)
  • Repair Winsock (Reset Catalog)
  • Renew Internet Connections
  • Flush DNS Resolver Cache
  • Repair Internet Explorer xxxx
  • Clear Windows Update History
  • Repair Windows / Automatic Updates
  • Repair SSL / HTTPS / Cryptography
  • Reset Windows Firewall Configuration
  • Restore the default hosts file
  • Repair Workgroup Computers view

 
  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access

 

Post new FSS  log as well.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 randys42

randys42
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 19 May 2014 - 09:43 PM

I ran CIntRep.exe with the settings you listed. The Winsock problem still existed. The FSS log also showed the localhost as blocked. I ran HijackThis and found a slew of "File Missing" entries even though the files were there. I did a search on hijackThis and reported missing files and found a link to a message on your site that reported the identical problem I had. These are from the initial HijackThis log file:
 
In order, after I ran CIntrep I ran ComboFix, FSS, MiniToolBox, System File Checker and HighJackThis again to compare to the initial run. 
 
-------------
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
 
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
 
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
 
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
 
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
 
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
 
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
 
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
 
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
 
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
 
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
 
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
 
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
----------------
 
The response was to run ComboFix, also from your site. I ran it. 
 
The ComboFix Logfile:
 
ComboFix 14-05-19.01 - Randy 05/19/2014  20:43:40.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16101.14429 [GMT -4:00]
Running from: c:\users\Randy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 384 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   
 
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-20 to 2014-05-20  
 
)))))))))))))))))))))))))))))))
.
.
2014-05-20 00:49 . 2014-05-20 00:49 -------- d-----w- c:\users\Default\AppData
 
\Local\temp
2014-05-19 21:32 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft
 
\Microsoft Antimalware\Definition Updates\{D0DEF19A-5CA6-4C34-A25F-C4C1AF2CE2E8}\mpengine.dll
2014-05-19 21:12 . 2010-11-20 13:25 71680 ----a-w- c:\windows\system32\CertPolEng.dll
2014-05-18 16:18 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft
 
\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-18 14:44 . 2014-05-18 15:00 -------- d-----w- c:\programdata\Malwarebytes' 
 
Anti-Malware (portable)
2014-05-17 13:32 . 2014-05-03 13:25 1031560 ------w- c:\programdata\Microsoft\Microsoft 
 
Antimalware\Definition Updates\{1DB54CDB-C482-4846-86DF-4789383CFA3F}\gapaengine.dll
2014-05-10 16:02 . 2014-05-10 16:02 -------- d-----w- c:\windows
 
\SysWow64\BestPractices
2014-05-10 16:02 . 2014-05-10 16:02 -------- d-----w- c:\windows
 
\system32\BestPractices
2014-05-10 16:02 . 2014-05-10 16:02 -------- d-----w- C:\inetpub
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet 
 
Explorer\Plugins\nppdf32.dll
2014-05-05 17:55 . 2014-05-18 14:44 119000 ----a-w- c:\windows\system32\drivers
 
\MBAMSwissArmy.sys
2014-05-05 17:55 . 2014-05-18 14:43 91352 ----a-w- c:\windows\system32\drivers
 
\mbamchameleon.sys
2014-05-05 17:55 . 2014-05-11 14:49 -------- d-----w- c:\program files 
 
(x86)\Malwarebytes Anti-Malware
2014-05-05 17:55 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-05 14:43 . 2014-05-05 14:44 -------- d-----w- c:\users\admin
2014-05-05 13:54 . 2014-05-05 13:54 -------- d-----w- C:\found.003
2014-05-03 21:00 . 2014-05-03 21:00 -------- d-----w- c:\program files 
 
(x86)\MonitorDriver
2014-05-03 21:00 . 2014-05-03 21:00 -------- d-----w- c:\users\Randy\AppData
 
\Roaming\InstallShield
2014-05-03 20:03 . 2014-05-19 23:30 -------- d-----w- c:\users\Randy\AppData\Local
 
\NVIDIA
2014-05-03 20:01 . 2014-05-04 21:47 -------- d-----w- c:\users\UpdatusUser
2014-05-03 20:00 . 2014-05-19 23:30 -------- d-----w- c:\programdata\NVIDIA 
 
Corporation
2014-04-27 17:27 . 2014-04-27 17:28 -------- d-----w- c:\users\Randy\AppData\Local
 
\Amazon Cloud Player
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   
 
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-03 13:25 . 2013-06-23 17:14 1031560 ------w- c:\programdata\Microsoft\Microsoft 
 
Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-03 13:50 . 2014-03-04 23:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   
 
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-10 12002664]
"Amazon Cloud Player"="c:\users\Randy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" 
 
[2014-03-07 3168576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager
 
\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 
 
517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 
 
642304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-
 
26 7667970]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files 
 
(x86)\Skype\Updater\Updater.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec
 
\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services
 
\EgisTicketService.exe [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:
 
\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App
 
\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers
 
\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows
 
\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:
 
\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel
 
\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:
 
\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero
 
\Update\NASvc.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows
 
\SysWOW64\nlssrv32.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows
 
\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service
 
\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:
 
\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh
 
\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS
 
\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS
 
\amd_xata.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE
 
\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS
 
\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS
 
\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:
 
\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:
 
\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows
 
\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET
 
\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared
 
\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared
 
\Virtualization Handler\CVHSVC.EXE [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files 
 
(x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater
 
\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows
 
\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application 
 
Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client
 
\sftlist.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom
 
\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS
 
\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers
 
\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers
 
\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS
 
\hidkmdf.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:
 
\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE
 
\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS
 
\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS
 
\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys 
 
[x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application 
 
Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client
 
\sftvsa.exe [x]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS
 
\Spyder3.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE
 
\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:
 
\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-
 
463c-AFF1-A69D9E530F96}]
2014-04-30 21:20 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application
 
\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-02 14:58]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 17:55]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 17:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 
 
1028384]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3851818327-3352802930-2138571703-1001\Software\SecuROM\License information*]
"datasecu"=hex:ad,24,e8,cf,7f,3a,2d,48,3f,df,2d,93,57,e9,4d,96,10,63,e2,20,77,
   bd,47,3b,19,6a,92,40,20,64,1a,09,10,8c,fb,06,51,0c,39,d3,17,4e,8b,fe,d5,74,\
"rkeysecu"=hex:75,23,2b,d0,d8,4b,fe,b2,5f,71,9b,e7,d7,fd,5f,a8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-
 
101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-
 
0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-
 
101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-
 
0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-
 
0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-
 
0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
 
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
 
444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
 
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
 
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
 
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
 
444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
 
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
 
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
 
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
 
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
 
444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-
 
0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-
 
0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2014-05-19  20:52:18
ComboFix-quarantined-files.txt  2014-05-20 00:52
.
Pre-Run: 380,119,547,904 bytes free
Post-Run: 397,780,140,032 bytes free
.
- - End Of File - - D39BE26E148E7489406549FC929ECE05
A36C5E4F47E84449FF07ED3517B43A31
 
***********
 
After running ComboFix I rebooted and ran FSS.exe again. Localhost is still blocked.
 
Farbar Service Scanner Version: 03-05-2014
Ran by Randy (administrator) on 19-05-2014 at 21:19:13
Running from "C:\Users\Randy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
*******************************
 
I ran MiniToolBox
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Randy (administrator) on 19-05-2014 at 21:21:04
Running from "C:\Users\Randy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Randy-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C8-9C-DC-D0-0E-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4c05:eb1:5f5f:7f00%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 0.0.0.0
   Lease Obtained. . . . . . . . . . : Monday, May 19, 2014 8:57:52 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 20, 2014 8:57:51 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 298360028
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-53-D7-C0-C8-9C-DC-D0-0E-F0
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1090:16a1:9d8d:bf3f(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1090:16a1:9d8d:bf3f%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  NULL
 
Unable to initialize Windows Sockets interface. Destination address unreachable. 
Server:  UnKnown
Address:  NULL
 
Unable to initialize Windows Sockets interface. Destination address unreachable. 
Unable to initialize Windows Sockets interface. Destination address unreachable. 
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] 
 
(Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] 
 
(Microsoft Corp.)
Catalog5 09  [] ()
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] 
 
(Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] 
 
(Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/19/2014 08:57:52 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
 
Error: (05/19/2014 08:39:02 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
 
Error: (05/19/2014 07:33:37 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
 
Error: (05/19/2014 07:19:13 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
 
 
System errors:
=============
Error: (05/19/2014 08:57:56 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection 
 
Manager service which failed to start because of the following error: 
%%1068
 
Error: (05/19/2014 08:57:54 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058
 
Error: (05/19/2014 08:57:54 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error: 
%%5
 
Error: (05/19/2014 08:49:55 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/19/2014 08:49:20 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/19/2014 08:46:58 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (05/19/2014 08:39:04 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error: 
%%5
 
Error: (05/19/2014 07:33:38 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error: 
%%5
 
Error: (05/19/2014 07:19:14 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (05/19/2014 08:57:52 PM) (Source: ATIeRecord)(User: )
Description: 
 
Error: (05/19/2014 08:39:02 PM) (Source: ATIeRecord)(User: )
Description: 
 
Error: (05/19/2014 07:33:37 PM) (Source: ATIeRecord)(User: )
Description: 
 
Error: (05/19/2014 07:19:13 PM) (Source: ATIeRecord)(User: )
Description: 
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-19 20:49:20.931
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent 
 
hardware or software change might have installed a file that is signed incorrectly or damaged, or 
 
that might be malicious software from an unknown source.
 
  Date: 2014-05-19 20:49:20.884
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:36.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:36.082
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:36.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:36.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:27.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-05 17:07:27.268
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kbdclass.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
***NOTE**** This apparently related to my Logitech keyboard. It works fine. I have had this keyboard for over six months. 
 
=========================== Installed Programs ============================
 
7-Zip 9.20
Acer eRecovery Management (Version: 5.00.3504)
Acer Games (Version: 1.0.2.5)
Acer Registration (Version: 1.04.3503)
Acer ScreenSaver (Version: 1.1.0609.2011)
Acer Updater (Version: 1.02.3500)
Adobe AIR (Version: 1.5.3.9120)
Adobe Creative Suite 5 Web Premium (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Amazon Cloud Player (Version: 2.4.0.26)
Amazon MP3 Downloader 1.0.18 (Version: 1.0.18)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0429.2313.39747)
AMD Media Foundation Decoders (Version: 1.0.80430.0002)
AMD VISION Engine Control Center (Version: 2013.0429.2313.39747)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.10503)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
BioShock
BioShock Infinite
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (Version: 2.2.0.97)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.2.0.10)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.3 (Version: 3.3.1.1)
Canon Utilities EOS Utility (Version: 2.3.1.3)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.2.0.1)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0429.2313.39747)
Catalyst Control Center InstallProxy (Version: 2013.0429.2313.39747)
Catalyst Control Center Localization All (Version: 2013.0429.2313.39747)
CCC Help Chinese Standard (Version: 2013.0429.2312.39747)
CCC Help Chinese Traditional (Version: 2013.0429.2312.39747)
CCC Help Czech (Version: 2013.0429.2312.39747)
CCC Help Danish (Version: 2013.0429.2312.39747)
CCC Help Dutch (Version: 2013.0429.2312.39747)
CCC Help English (Version: 2013.0429.2312.39747)
CCC Help Finnish (Version: 2013.0429.2312.39747)
CCC Help French (Version: 2013.0429.2312.39747)
CCC Help German (Version: 2013.0429.2312.39747)
CCC Help Greek (Version: 2013.0429.2312.39747)
CCC Help Hungarian (Version: 2013.0429.2312.39747)
CCC Help Italian (Version: 2013.0429.2312.39747)
CCC Help Japanese (Version: 2013.0429.2312.39747)
CCC Help Korean (Version: 2013.0429.2312.39747)
CCC Help Norwegian (Version: 2013.0429.2312.39747)
CCC Help Polish (Version: 2013.0429.2312.39747)
CCC Help Portuguese (Version: 2013.0429.2312.39747)
CCC Help Russian (Version: 2013.0429.2312.39747)
CCC Help Spanish (Version: 2013.0429.2312.39747)
CCC Help Swedish (Version: 2013.0429.2312.39747)
CCC Help Thai (Version: 2013.0429.2312.39747)
CCC Help Turkish (Version: 2013.0429.2312.39747)
ccc-utility64 (Version: 2013.0429.2313.39747)
Chronicles of Albian (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.1720.15)
clear.fi (Version: 9.0.7713)
clear.fi Client (Version: 1.00.3500)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1)
CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.1.0.843)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1)
Cradle of Rome 2 (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
Dora's World Adventure (Version: 2.2.0.95)
eBay Worldwide (Version: 2.2.0409)
Etron USB3.0 Host Controller (Version: 0.103)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
Free PDF Solutions PDF to WORD version 1.0 (Version: 1.0)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
GIMP 2.8.8 (Version: 2.8.8)
Google Chrome (Version: 34.0.1847.131)
Google Update Helper (Version: 1.3.23.9)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
HDR Efex Pro (Version: 1.2.0.3)
Hotkey Utility (Version: 2.05.3504)
Identity Card (Version: 1.00.3501)
Intel® C++ Redistributables for Windows* on Intel® 64 (Version: 11.1.048)
iTunes (Version: 11.0.4.4)
Jewel Match 3 (Version: 2.2.0.97)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery of Mortlake Mansion (Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (Version: 4.0.14.27)
MyWinLocker Suite (Version: 4.0.14.18)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Express 10 (Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (Version: 10.5.10300)
Nero StartSmart 10 (Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 1.0.0018)
Nik Collection (Version: 1.1.1.1)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
PDF Settings CS5 (Version: 10.0)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.95)
Portrait Professional Studio 11.0 (Version: 11.0)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver (Version: 7.45.516.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6299)
Samsung_MonSetup (Version: 1.00.0000)
SeaTools for Windows
Shredder (Version: 2.0.8.9)
Skype™ 6.14 (Version: 6.14.104)
Smilebox (Version: 1.0.0.26688)
Spyder3Pro
Steam
Times Reader (Version: 2.055)
Tomb Raider
Tomb Raider: Underworld 1.1
Torchlight (Version: 2.2.0.97)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
Wacom Tablet (Version: 6.3.6w3)
Welcome Center (Version: 1.02.3503)
WildTangent Games App (Acer Games) (Version: 4.0.5.14)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 17.5 (Version: 17.5.10562)
Zuma's Revenge (Version: 2.2.0.97)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 10%
Total physical RAM: 16100.73 MB
Available physical RAM: 14388.67 MB
Total Pagefile: 27960.92 MB
Available Pagefile: 26142.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.98 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:911.41 GB) (Free:370.61 GB) NTFS
7 Drive l: (Transcend) (Removable) (Total:3.74 GB) (Free:0.06 GB) FAT32
8 Drive m: (EOS_DIGITAL) (Removable) (Total:15.02 GB) (Free:12.03 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\RANDY-PC
 
admin                    Administrator            Guest                    
Randy                    template                 UpdatusUser              
 
========================= Restore Points ==================================
 
05-05-2014 22:06:54 Base
09-05-2014 01:25:15 Windows Update
10-05-2014 16:01:54 Windows Modules Installer
12-05-2014 21:29:49 Windows Update
17-05-2014 13:32:19 Windows Update
18-05-2014 17:28:27 Installed Microsoft Fix it 50688
19-05-2014 21:52:04 Windows Update
 
**** End of log ****
 
 
I ran System File Checker
 
Log file
 
2014-05-19 21:43:59, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:43:59, Info                  CSI    0000000a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:01, Info                  CSI    0000000c [SR] Verify complete
2014-05-19 21:44:02, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:02, Info                  CSI    0000000e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:03, Info                  CSI    00000010 [SR] Verify complete
2014-05-19 21:44:03, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:03, Info                  CSI    00000012 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:05, Info                  CSI    00000014 [SR] Verify complete
2014-05-19 21:44:05, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:05, Info                  CSI    00000016 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:09, Info                  CSI    00000018 [SR] Verify complete
2014-05-19 21:44:09, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:09, Info                  CSI    0000001a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:12, Info                  CSI    0000001c [SR] Verify complete
2014-05-19 21:44:12, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:12, Info                  CSI    0000001e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:14, Info                  CSI    00000020 [SR] Verify complete
2014-05-19 21:44:14, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:14, Info                  CSI    00000022 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:18, Info                  CSI    00000024 [SR] Verify complete
2014-05-19 21:44:18, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:18, Info                  CSI    00000026 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:20, Info                  CSI    00000028 [SR] Verify complete
2014-05-19 21:44:20, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:20, Info                  CSI    0000002a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:22, Info                  CSI    0000002c [SR] Verify complete
2014-05-19 21:44:22, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:22, Info                  CSI    0000002e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:26, Info                  CSI    00000031 [SR] Verify complete
2014-05-19 21:44:27, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:27, Info                  CSI    00000033 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:31, Info                  CSI    00000037 [SR] Verify complete
2014-05-19 21:44:32, Info                  CSI    00000038 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:32, Info                  CSI    00000039 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:34, Info                  CSI    0000003c [SR] Verify complete
2014-05-19 21:44:35, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:35, Info                  CSI    0000003e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:38, Info                  CSI    00000041 [SR] Verify complete
2014-05-19 21:44:38, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:38, Info                  CSI    00000043 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:43, Info                  CSI    00000046 [SR] Verify complete
2014-05-19 21:44:43, Info                  CSI    00000047 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:43, Info                  CSI    00000048 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:49, Info                  CSI    0000006c [SR] Verify complete
2014-05-19 21:44:50, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:50, Info                  CSI    0000006e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:54, Info                  CSI    00000070 [SR] Verify complete
2014-05-19 21:44:54, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:44:54, Info                  CSI    00000072 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:44:59, Info                  CSI    00000074 [SR] Verify complete
2014-05-19 21:45:00, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:00, Info                  CSI    00000076 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:03, Info                  CSI    00000078 [SR] Verify complete
2014-05-19 21:45:03, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:03, Info                  CSI    0000007a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:07, Info                  CSI    0000007c [SR] Verify complete
2014-05-19 21:45:07, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:07, Info                  CSI    0000007e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:12, Info                  CSI    00000080 [SR] Verify complete
2014-05-19 21:45:12, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:12, Info                  CSI    00000082 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:20, Info                  CSI    00000086 [SR] Verify complete
2014-05-19 21:45:20, Info                  CSI    00000087 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:20, Info                  CSI    00000088 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:26, Info                  CSI    000000a9 [SR] Verify complete
2014-05-19 21:45:26, Info                  CSI    000000aa [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:26, Info                  CSI    000000ab [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:33, Info                  CSI    000000ad [SR] Verify complete
2014-05-19 21:45:33, Info                  CSI    000000ae [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:33, Info                  CSI    000000af [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:40, Info                  CSI    000000b3 [SR] Verify complete
2014-05-19 21:45:40, Info                  CSI    000000b4 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:40, Info                  CSI    000000b5 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:42, Info                  CSI    000000b7 [SR] Verify complete
2014-05-19 21:45:42, Info                  CSI    000000b8 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:42, Info                  CSI    000000b9 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:44, Info                  CSI    000000bb [SR] Verify complete
2014-05-19 21:45:44, Info                  CSI    000000bc [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:44, Info                  CSI    000000bd [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:46, Info                  CSI    000000bf [SR] Verify complete
2014-05-19 21:45:46, Info                  CSI    000000c0 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:46, Info                  CSI    000000c1 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:53, Info                  CSI    000000d4 [SR] Verify complete
2014-05-19 21:45:54, Info                  CSI    000000d5 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:54, Info                  CSI    000000d6 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:55, Info                  CSI    000000d8 [SR] Verify complete
2014-05-19 21:45:55, Info                  CSI    000000d9 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:55, Info                  CSI    000000da [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:45:58, Info                  CSI    000000dc [SR] Verify complete
2014-05-19 21:45:58, Info                  CSI    000000dd [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:45:58, Info                  CSI    000000de [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:00, Info                  CSI    000000e0 [SR] Verify complete
2014-05-19 21:46:00, Info                  CSI    000000e1 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:00, Info                  CSI    000000e2 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:04, Info                  CSI    000000e4 [SR] Verify complete
2014-05-19 21:46:04, Info                  CSI    000000e5 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:04, Info                  CSI    000000e6 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:11, Info                  CSI    000000ea [SR] Verify complete
2014-05-19 21:46:12, Info                  CSI    000000eb [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:12, Info                  CSI    000000ec [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:15, Info                  CSI    000000ee [SR] Verify complete
2014-05-19 21:46:15, Info                  CSI    000000ef [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:15, Info                  CSI    000000f0 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:16, Info                  CSI    000000f2 [SR] Verify complete
2014-05-19 21:46:16, Info                  CSI    000000f3 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:16, Info                  CSI    000000f4 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:23, Info                  CSI    000000f6 [SR] Verify complete
2014-05-19 21:46:23, Info                  CSI    000000f7 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:23, Info                  CSI    000000f8 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:27, Info                  CSI    000000fa [SR] Verify complete
2014-05-19 21:46:27, Info                  CSI    000000fb [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:27, Info                  CSI    000000fc [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:32, Info                  CSI    000000fe [SR] Verify complete
2014-05-19 21:46:32, Info                  CSI    000000ff [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:32, Info                  CSI    00000100 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:41, Info                  CSI    00000102 [SR] Verify complete
2014-05-19 21:46:41, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:41, Info                  CSI    00000104 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:47, Info                  CSI    0000011c [SR] Verify complete
2014-05-19 21:46:47, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:47, Info                  CSI    0000011e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:46:52, Info                  CSI    00000120 [SR] Verify complete
2014-05-19 21:46:52, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:46:52, Info                  CSI    00000122 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:03, Info                  CSI    00000124 [SR] Verify complete
2014-05-19 21:47:03, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:03, Info                  CSI    00000126 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:10, Info                  CSI    00000129 [SR] Verify complete
2014-05-19 21:47:11, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:11, Info                  CSI    0000012b [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:16, Info                  CSI    0000012d [SR] Verify complete
2014-05-19 21:47:16, Info                  CSI    0000012e [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:16, Info                  CSI    0000012f [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:20, Info                  CSI    00000131 [SR] Verify complete
2014-05-19 21:47:20, Info                  CSI    00000132 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:20, Info                  CSI    00000133 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:24, Info                  CSI    00000135 [SR] Verify complete
2014-05-19 21:47:24, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:24, Info                  CSI    00000137 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:27, Info                  CSI    0000013b [SR] Verify complete
2014-05-19 21:47:28, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:28, Info                  CSI    0000013d [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:31, Info                  CSI    0000013f [SR] Verify complete
2014-05-19 21:47:31, Info                  CSI    00000140 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:31, Info                  CSI    00000141 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:37, Info                  CSI    00000143 [SR] Cannot repair member file [l:28
 
{14}]"CertPolEng.dll" of Microsoft-Windows-Security-Certificate-Policy-Engine, Version = 
 
6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, 
 
PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the 
 
store, hash mismatch
2014-05-19 21:47:39, Info                  CSI    00000145 [SR] Cannot repair member file [l:28
 
{14}]"CertPolEng.dll" of Microsoft-Windows-Security-Certificate-Policy-Engine, Version = 
 
6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, 
 
PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the 
 
store, hash mismatch
2014-05-19 21:47:39, Info                  CSI    00000146 [SR] This component was referenced by 
 
[l:202{101}]"Microsoft-Windows-Foundation-
 
Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2014-05-19 21:47:42, Info                  CSI    00000148 [SR] Verify complete
2014-05-19 21:47:42, Info                  CSI    00000149 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:42, Info                  CSI    0000014a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:49, Info                  CSI    0000014d [SR] Verify complete
2014-05-19 21:47:49, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:49, Info                  CSI    0000014f [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:53, Info                  CSI    00000152 [SR] Verify complete
2014-05-19 21:47:53, Info                  CSI    00000153 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:53, Info                  CSI    00000154 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:47:58, Info                  CSI    00000156 [SR] Verify complete
2014-05-19 21:47:59, Info                  CSI    00000157 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:47:59, Info                  CSI    00000158 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:05, Info                  CSI    0000015b [SR] Verify complete
2014-05-19 21:48:05, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:05, Info                  CSI    0000015d [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:09, Info                  CSI    0000015f [SR] Verify complete
2014-05-19 21:48:10, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:10, Info                  CSI    00000161 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:14, Info                  CSI    00000163 [SR] Verify complete
2014-05-19 21:48:14, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:14, Info                  CSI    00000165 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:18, Info                  CSI    00000168 [SR] Verify complete
2014-05-19 21:48:19, Info                  CSI    00000169 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:19, Info                  CSI    0000016a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:23, Info                  CSI    0000016c [SR] Verify complete
2014-05-19 21:48:23, Info                  CSI    0000016d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:23, Info                  CSI    0000016e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:25, Info                  CSI    00000170 [SR] Verify complete
2014-05-19 21:48:25, Info                  CSI    00000171 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:25, Info                  CSI    00000172 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:30, Info                  CSI    00000175 [SR] Verify complete
2014-05-19 21:48:30, Info                  CSI    00000176 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:30, Info                  CSI    00000177 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:34, Info                  CSI    00000179 [SR] Verify complete
2014-05-19 21:48:35, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:35, Info                  CSI    0000017b [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:38, Info                  CSI    0000017f [SR] Verify complete
2014-05-19 21:48:38, Info                  CSI    00000180 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:38, Info                  CSI    00000181 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:43, Info                  CSI    00000183 [SR] Verify complete
2014-05-19 21:48:43, Info                  CSI    00000184 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:43, Info                  CSI    00000185 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:48, Info                  CSI    00000188 [SR] Verify complete
2014-05-19 21:48:48, Info                  CSI    00000189 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:48, Info                  CSI    0000018a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:51, Info                  CSI    0000018c [SR] Verify complete
2014-05-19 21:48:51, Info                  CSI    0000018d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:51, Info                  CSI    0000018e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:53, Info                  CSI    00000190 [SR] Verify complete
2014-05-19 21:48:53, Info                  CSI    00000191 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:53, Info                  CSI    00000192 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:48:56, Info                  CSI    00000194 [SR] Verify complete
2014-05-19 21:48:57, Info                  CSI    00000195 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:48:57, Info                  CSI    00000196 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:02, Info                  CSI    00000198 [SR] Verify complete
2014-05-19 21:49:02, Info                  CSI    00000199 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:02, Info                  CSI    0000019a [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:07, Info                  CSI    0000019c [SR] Verify complete
2014-05-19 21:49:07, Info                  CSI    0000019d [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:07, Info                  CSI    0000019e [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:10, Info                  CSI    000001a0 [SR] Verify complete
2014-05-19 21:49:10, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:10, Info                  CSI    000001a2 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:14, Info                  CSI    000001a4 [SR] Verify complete
2014-05-19 21:49:14, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:14, Info                  CSI    000001a6 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:28, Info                  CSI    000001a8 [SR] Verify complete
2014-05-19 21:49:28, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:28, Info                  CSI    000001aa [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:45, Info                  CSI    000001ac [SR] Verify complete
2014-05-19 21:49:46, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:46, Info                  CSI    000001ae [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:50, Info                  CSI    000001b0 [SR] Verify complete
2014-05-19 21:49:50, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:50, Info                  CSI    000001b2 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:53, Info                  CSI    000001b4 [SR] Verify complete
2014-05-19 21:49:53, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:53, Info                  CSI    000001b6 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:56, Info                  CSI    000001b8 [SR] Verify complete
2014-05-19 21:49:56, Info                  CSI    000001b9 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:56, Info                  CSI    000001ba [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:49:58, Info                  CSI    000001bc [SR] Verify complete
2014-05-19 21:49:59, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:49:59, Info                  CSI    000001be [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:04, Info                  CSI    000001c0 [SR] Verify complete
2014-05-19 21:50:04, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:04, Info                  CSI    000001c2 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:05, Info                  CSI    000001c4 [SR] Verify complete
2014-05-19 21:50:05, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:05, Info                  CSI    000001c6 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:06, Info                  CSI    000001c8 [SR] Verify complete
2014-05-19 21:50:06, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:06, Info                  CSI    000001ca [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:10, Info                  CSI    000001d2 [SR] Verify complete
2014-05-19 21:50:11, Info                  CSI    000001d3 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:11, Info                  CSI    000001d4 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:13, Info                  CSI    000001d6 [SR] Verify complete
2014-05-19 21:50:14, Info                  CSI    000001d7 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:14, Info                  CSI    000001d8 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:16, Info                  CSI    000001da [SR] Verify complete
2014-05-19 21:50:16, Info                  CSI    000001db [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:16, Info                  CSI    000001dc [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:19, Info                  CSI    000001de [SR] Verify complete
2014-05-19 21:50:19, Info                  CSI    000001df [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:19, Info                  CSI    000001e0 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:23, Info                  CSI    000001e2 [SR] Verify complete
2014-05-19 21:50:23, Info                  CSI    000001e3 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:23, Info                  CSI    000001e4 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:29, Info                  CSI    000001e7 [SR] Verify complete
2014-05-19 21:50:29, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:29, Info                  CSI    000001e9 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:30, Info                  CSI    000001eb [SR] Verify complete
2014-05-19 21:50:30, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:30, Info                  CSI    000001ed [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:31, Info                  CSI    000001ef [SR] Verify complete
2014-05-19 21:50:31, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:31, Info                  CSI    000001f1 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:37, Info                  CSI    000001f6 [SR] Verify complete
2014-05-19 21:50:37, Info                  CSI    000001f7 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:37, Info                  CSI    000001f8 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:45, Info                  CSI    000001fc [SR] Verify complete
2014-05-19 21:50:45, Info                  CSI    000001fd [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:45, Info                  CSI    000001fe [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:50, Info                  CSI    00000203 [SR] Verify complete
2014-05-19 21:50:50, Info                  CSI    00000204 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:50, Info                  CSI    00000205 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:50:55, Info                  CSI    0000020b [SR] Verify complete
2014-05-19 21:50:55, Info                  CSI    0000020c [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:50:55, Info                  CSI    0000020d [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:00, Info                  CSI    00000216 [SR] Verify complete
2014-05-19 21:51:00, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:00, Info                  CSI    00000218 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:04, Info                  CSI    0000021d [SR] Verify complete
2014-05-19 21:51:04, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:04, Info                  CSI    0000021f [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:07, Info                  CSI    00000221 [SR] Verify complete
2014-05-19 21:51:08, Info                  CSI    00000222 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:08, Info                  CSI    00000223 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:10, Info                  CSI    00000227 [SR] Verify complete
2014-05-19 21:51:10, Info                  CSI    00000228 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:10, Info                  CSI    00000229 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:15, Info                  CSI    0000023d [SR] Verify complete
2014-05-19 21:51:15, Info                  CSI    0000023e [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:15, Info                  CSI    0000023f [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:19, Info                  CSI    00000252 [SR] Verify complete
2014-05-19 21:51:19, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:19, Info                  CSI    00000254 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:22, Info                  CSI    00000256 [SR] Verify complete
2014-05-19 21:51:22, Info                  CSI    00000257 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:22, Info                  CSI    00000258 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:25, Info                  CSI    0000025a [SR] Verify complete
2014-05-19 21:51:26, Info                  CSI    0000025b [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:26, Info                  CSI    0000025c [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:28, Info                  CSI    0000025e [SR] Verify complete
2014-05-19 21:51:28, Info                  CSI    0000025f [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:28, Info                  CSI    00000260 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:31, Info                  CSI    0000026e [SR] Verify complete
2014-05-19 21:51:31, Info                  CSI    0000026f [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:31, Info                  CSI    00000270 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:35, Info                  CSI    00000273 [SR] Verify complete
2014-05-19 21:51:36, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:36, Info                  CSI    00000275 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:40, Info                  CSI    00000282 [SR] Verify complete
2014-05-19 21:51:40, Info                  CSI    00000283 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:40, Info                  CSI    00000284 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:41, Info                  CSI    00000286 [SR] Verify complete
2014-05-19 21:51:41, Info                  CSI    00000287 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:41, Info                  CSI    00000288 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:45, Info                  CSI    0000028b [SR] Verify complete
2014-05-19 21:51:45, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:45, Info                  CSI    0000028d [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:47, Info                  CSI    0000028f [SR] Verify complete
2014-05-19 21:51:47, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:47, Info                  CSI    00000291 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:51, Info                  CSI    00000293 [SR] Verify complete
2014-05-19 21:51:52, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:52, Info                  CSI    00000295 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:56, Info                  CSI    00000297 [SR] Verify complete
2014-05-19 21:51:56, Info                  CSI    00000298 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:56, Info                  CSI    00000299 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:51:59, Info                  CSI    0000029b [SR] Verify complete
2014-05-19 21:51:59, Info                  CSI    0000029c [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:51:59, Info                  CSI    0000029d [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:05, Info                  CSI    000002b7 [SR] Verify complete
2014-05-19 21:52:05, Info                  CSI    000002b8 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:05, Info                  CSI    000002b9 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:08, Info                  CSI    000002bb [SR] Verify complete
2014-05-19 21:52:08, Info                  CSI    000002bc [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:08, Info                  CSI    000002bd [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:17, Info                  CSI    000002bf [SR] Verify complete
2014-05-19 21:52:17, Info                  CSI    000002c0 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:17, Info                  CSI    000002c1 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:20, Info                  CSI    000002c3 [SR] Verify complete
2014-05-19 21:52:20, Info                  CSI    000002c4 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:20, Info                  CSI    000002c5 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:22, Info                  CSI    000002c9 [SR] Verify complete
2014-05-19 21:52:22, Info                  CSI    000002ca [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:22, Info                  CSI    000002cb [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:24, Info                  CSI    000002cd [SR] Verify complete
2014-05-19 21:52:25, Info                  CSI    000002ce [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:25, Info                  CSI    000002cf [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:29, Info                  CSI    000002d1 [SR] Verify complete
2014-05-19 21:52:29, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:29, Info                  CSI    000002d3 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:32, Info                  CSI    000002d5 [SR] Verify complete
2014-05-19 21:52:32, Info                  CSI    000002d6 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:32, Info                  CSI    000002d7 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:35, Info                  CSI    000002da [SR] Verify complete
2014-05-19 21:52:35, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:35, Info                  CSI    000002dc [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:38, Info                  CSI    000002de [SR] Verify complete
2014-05-19 21:52:38, Info                  CSI    000002df [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:38, Info                  CSI    000002e0 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:41, Info                  CSI    000002e2 [SR] Verify complete
2014-05-19 21:52:41, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:41, Info                  CSI    000002e4 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:44, Info                  CSI    000002e6 [SR] Verify complete
2014-05-19 21:52:44, Info                  CSI    000002e7 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:44, Info                  CSI    000002e8 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:51, Info                  CSI    000002eb [SR] Verify complete
2014-05-19 21:52:51, Info                  CSI    000002ec [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:51, Info                  CSI    000002ed [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:54, Info                  CSI    000002ef [SR] Verify complete
2014-05-19 21:52:55, Info                  CSI    000002f0 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:55, Info                  CSI    000002f1 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:52:59, Info                  CSI    000002f3 [SR] Verify complete
2014-05-19 21:52:59, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:52:59, Info                  CSI    000002f5 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:53:03, Info                  CSI    000002f7 [SR] Verify complete
2014-05-19 21:53:03, Info                  CSI    000002f8 [SR] Verifying 100 (0x0000000000000064) 
 
components
2014-05-19 21:53:03, Info                  CSI    000002f9 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:53:06, Info                  CSI    000002fb [SR] Verify complete
2014-05-19 21:53:06, Info                  CSI    000002fc [SR] Verifying 8 components
2014-05-19 21:53:06, Info                  CSI    000002fd [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:53:07, Info                  CSI    000002ff [SR] Verify complete
2014-05-19 21:53:07, Info                  CSI    00000300 [SR] Repairing 1 components
2014-05-19 21:53:07, Info                  CSI    00000301 [SR] Beginning Verify and Repair 
 
transaction
2014-05-19 21:53:07, Info                  CSI    00000303 [SR] Cannot repair member file [l:28
 
{14}]"CertPolEng.dll" of Microsoft-Windows-Security-Certificate-Policy-Engine, Version = 
 
6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, 
 
PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the 
 
store, hash mismatch
2014-05-19 21:53:07, Info                  CSI    00000305 [SR] Cannot repair member file [l:28
 
{14}]"CertPolEng.dll" of Microsoft-Windows-Security-Certificate-Policy-Engine, Version = 
 
6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, 
 
PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the 
 
store, hash mismatch
2014-05-19 21:53:07, Info                  CSI    00000306 [SR] This component was referenced by 
 
[l:202{101}]"Microsoft-Windows-Foundation-
 
Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2014-05-19 21:53:07, Info                  CSI    00000308 [SR] Repair complete
2014-05-19 21:53:07, Info                  CSI    00000309 [SR] Committing transaction
2014-05-19 21:53:07, Info                  CSI    0000030d [SR] Verify and Repair Transaction 
 
completed. All files and registry keys listed in this transaction  have been successfully repaired
 
Ran HighJackThis. File missing entries are still there.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:25 PM, on 5/19/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16618)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Users\Randy\Desktop\HijackThis (1).exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?
 
LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?
 
LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Randy\AppData\Local\Amazon Cloud Player\Amazon 
 
Music Helper.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
 
--
End of file - 7789 bytes





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users