Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Powerliks malware removal help needed


  • This topic is locked This topic is locked
30 replies to this topic

#1 Matt7620

Matt7620

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 02 November 2014 - 07:15 PM

Hi All,

 

I seem to be having issues with this poweliks malware.  The pc is running windows 7 home premium.  It recently started getting very slow.  We would get 100% usage warnings from Norton, I would see this internet explorer pop up that said that powershell has stopped working.  Additionally, when I checked the start processes I saw that dllhost.exe was replicated numerous times and we get constant com surrogate warnings from Norton.

 

And when I tried to download the DDS program I got a security alert saying that my current security settings will not allow the file to be downloaded.  I had to manually go into the internet explorer security settings under customize and enable file downloading so that I could download the DDS.  I've never had to do that before.

 

I've already run Malware Bites anti malware.  It completed the scan and I quarantined the items it identified.  I've saved the log as well should it be requested, please just let me know.

 

Here's the DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Matt at 17:35:31 on 2014-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5545 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Matt\AppData\Local\iLivid\iLivid.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
uURLSearchHooks: MixiDJ V1 Toolbar: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll
mURLSearchHooks: MixiDJ V1 Toolbar: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll
mWinlogon: Userinit = userinit.exe,
BHO: Solid Savings: {11111111-1111-1111-1111-110211621178} -
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
BHO: MixiDJ V1 Toolbar: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: MixiDJ V1 Toolbar: {67097627-FD8E-4F6B-AF4B-ECB65E50112E} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll
TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: MixiDJ V1 Toolbar: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll
TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
uRun: [iLivid] "C:\Users\Matt\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRun: [APISupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX430"
uRun: [Zcziwyukgvw] regsvr32.exe /s "C:\Users\Matt\AppData\Local\Apple\Zcziwyukgvw.dll"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://eg.remoteaccess.thomsonreuters.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1267F441-C45F-4113-89B1-FA1986993293} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8D563345-0745-4B72-88DF-FF09F3E36110} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8D563345-0745-4B72-88DF-FF09F3E36110}\2375942554831313 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys [2014-10-2 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys [2014-10-2 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [2014-10-27 1587416]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys [2014-10-2 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141101.001\IDSviA64.sys [2014-11-2 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys [2014-10-2 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys [2014-10-2 593112]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-12-27 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-3-10 151648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-13 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-13 2413056]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe [2014-10-2 276376]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-8-14 66560]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-3-21 67584]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-13 2656536]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-13 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-13 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-13 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-6-13 1145448]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2013-10-31 24576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2012-9-28 40320]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-29 129752]
S3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-19 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-10-31 01:26:11 -------- d-----w- C:\Program Files\Core Temp
2014-10-31 00:13:13 -------- d-----w- C:\Program Files (x86)\sp60655
2014-10-30 02:33:46 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-30 02:33:29 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-30 02:33:29 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-30 02:33:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 14:01:59 -------- d-----w- C:\Users\Matt\AppData\Local\{E09BC34C-8ED0-441F-B3D9-8F1720482809}
2014-10-16 10:39:55 424448 ----a-w- C:\Windows\System32\rastls.dll
.
==================== Find3M  ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-23 21:43:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 21:43:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-06 19:48:16 266968 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys
.
============= FINISH: 17:36:37.43 ===============
 

Attached Files


Edited by Matt7620, 02 November 2014 - 07:28 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:38 PM

Posted 06 November 2014 - 07:06 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Matt7620

Matt7620
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 06 November 2014 - 07:31 PM

Hi Georgi, thanks a lot for your help.  I went ahead and ran the Farbar scan.  Here are the results.  I await your response.  Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Matt (administrator) on MATT-HP on 06-11-2014 18:14:45
Running from C:\Users\Matt\Desktop
Loaded Profile: Matt (Available profiles: Matt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Bandoo Media Inc.) C:\Users\Matt\AppData\Local\iLivid\iLivid.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-12-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [iLivid] => C:\Users\Matt\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-08] (Bandoo Media Inc.)
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [Zcziwyukgvw] => regsvr32.exe /s "C:\Users\Matt\AppData\Local\Apple\Zcziwyukgvw.dll" <===== ATTENTION
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\MountPoints2: {0495a3a9-e77b-11e3-af33-082e5f8cbaad} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: HKLM-x32 - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
URLSearchHook: HKCU - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No File
URLSearchHook: HKCU - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {3ABFC778-5E3E-4AE4-B4CB-74EBF316E3FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BC549322-F708-4B79-B2CD-053573F80CB7} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {3ABFC778-5E3E-4AE4-B4CB-74EBF316E3FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {3ABFC778-5E3E-4AE4-B4CB-74EBF316E3FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {BC549322-F708-4B79-B2CD-053573F80CB7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247436&CUI=UN30318583551602124&UM=4
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings.dll No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: MixiDJ V1 Toolbar -> {67097627-fd8e-4f6b-af4b-ecb65e50112e} -> C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
Toolbar: HKLM-x32 - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
Toolbar: HKCU - No Name - {67097627-FD8E-4F6B-AF4B-ECB65E50112E} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://eg.remoteaccess.thomsonreuters.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Matt\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-06]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Simple Pass 2012) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Norton Confidential) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PasswordBox) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke [2013-08-17]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-25]
CHR Extension: (Solid Savings) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah [2013-03-24]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-25]
CHR Extension: (Website Logon) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2012-11-25]
CHR Extension: (UpMedia) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiikhneliaiicflalkilgeblaociipf [2014-03-11]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-25]
CHR Extension: (MixiDJ V1) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp [2013-08-17]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-25]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
CHR HKCU\...\Chrome\Extension: [bdgldefdgecfggjdniencbihfhfnenke] - C:\Users\Matt\AppData\Local\PasswordBox\Chrome\extension [2013-04-24]
CHR HKCU\...\Chrome\Extension: [jfiikhneliaiicflalkilgeblaociipf] - C:\Users\Matt\AppData\Local\CRE\jfiikhneliaiicflalkilgeblaociipf.crx [2014-03-05]
CHR HKCU\...\Chrome\Extension: [ndlegeeaeejpodkbnkkofpjpjeigcopp] - C:\Users\Matt\AppData\Local\CRE\ndlegeeaeejpodkbnkkofpjpjeigcopp.crx [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [jfiikhneliaiicflalkilgeblaociipf] - C:\Users\Matt\AppData\Local\CRE\jfiikhneliaiicflalkilgeblaociipf.crx [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [ndlegeeaeejpodkbnkkofpjpjeigcopp] - C:\Users\Matt\AppData\Local\CRE\ndlegeeaeejpodkbnkkofpjpjeigcopp.crx [2013-03-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-05-31] (Nalpeiron Ltd.) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-03-21] (PasswordBox, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2013-10-31] (LeapFrog)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141101.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141102.002\ENG64.SYS [129752 2014-10-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141102.002\EX64.SYS [2137304 2014-10-09] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-05] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 18:14 - 2014-11-06 18:15 - 00030813 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-11-06 18:13 - 2014-11-06 18:14 - 00000000 ____D () C:\FRST
2014-11-06 18:11 - 2014-11-06 18:11 - 02114560 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2014-11-02 17:36 - 2014-11-02 17:56 - 00026886 _____ () C:\Users\Matt\Desktop\dds.txt
2014-11-02 17:36 - 2014-11-02 17:56 - 00011145 _____ () C:\Users\Matt\Desktop\attach.txt
2014-11-02 17:34 - 2014-11-02 17:35 - 00688992 ____R (Swearware) C:\Users\Matt\Desktop\dds.com
2014-10-31 20:51 - 2014-11-06 18:06 - 00003364 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-10-30 19:26 - 2014-10-30 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2014-10-30 19:26 - 2014-10-30 19:26 - 00000000 ____D () C:\Program Files\Core Temp
2014-10-30 19:24 - 2014-10-30 19:24 - 01285176 _____ (Alcpu ) C:\Users\Matt\Downloads\Core-Temp-installer.exe
2014-10-30 18:13 - 2014-10-30 18:13 - 00000000 ____D () C:\Program Files (x86)\sp60655
2014-10-30 18:11 - 2014-10-30 18:11 - 08110056 _____ (Hewlett-Packard Company ) C:\Users\Matt\Downloads\sp60655.exe
2014-10-30 18:05 - 2014-10-30 18:05 - 05152768 _____ () C:\Users\Matt\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-29 20:33 - 2014-11-02 13:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 20:33 - 2014-10-29 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 20:33 - 2014-10-29 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 20:33 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 20:33 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 20:13 - 2014-10-29 20:13 - 00007597 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2014-10-27 19:32 - 2014-10-27 19:33 - 00000000 ____D () C:\Users\Matt\Desktop\colorado vacation
2014-10-20 08:01 - 2014-10-20 08:02 - 00000000 ____D () C:\Users\Matt\AppData\Local\{E09BC34C-8ED0-441F-B3D9-8F1720482809}
2014-10-20 07:52 - 2014-10-20 07:52 - 00000165 ____H () C:\Users\Matt\Desktop\~$October budget 2014.xlsx
2014-10-16 04:40 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 04:40 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 04:40 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 04:40 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 04:40 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 04:40 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 04:40 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 04:40 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 04:40 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 04:40 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 04:40 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 04:40 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 04:40 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 04:40 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 04:40 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 04:40 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 04:40 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 04:40 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 04:40 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 04:40 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 04:40 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 04:40 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 04:40 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 04:40 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 04:40 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 04:40 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 04:40 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 04:40 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 04:40 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 04:40 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 04:40 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 04:40 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 04:40 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 04:40 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 04:40 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 04:40 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 04:40 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 04:40 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 04:40 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 04:40 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 04:40 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 04:40 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 04:40 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 04:40 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 04:40 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 04:40 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 04:40 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 04:40 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 04:40 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 04:40 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 04:40 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 04:40 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 04:40 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 04:40 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 04:40 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 04:40 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 04:40 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 04:40 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 04:40 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 04:40 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 04:40 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 04:40 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 04:39 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 04:39 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 04:39 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 04:39 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 04:39 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 04:39 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 04:39 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 04:39 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 04:39 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 04:39 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 18:13 - 2012-11-25 07:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 18:11 - 2012-06-13 19:06 - 01066237 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 18:09 - 2012-06-19 19:24 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{67A7E6DC-8913-4981-8EB7-F74B45B509D8}
2014-11-06 18:06 - 2012-11-25 07:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 18:06 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 18:06 - 2009-07-13 22:51 - 00126026 _____ () C:\Windows\setupact.log
2014-11-02 21:22 - 2012-07-04 07:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 20:24 - 2012-06-30 15:14 - 00000000 ____D () C:\Users\Matt\AppData\Local\CrashDumps
2014-11-02 17:42 - 2012-06-19 21:13 - 00000000 ____D () C:\Users\Matt\AppData\Local\Apple
2014-11-02 17:33 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 17:33 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 17:32 - 2009-07-13 23:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 17:28 - 2014-07-09 19:17 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMatt
2014-11-02 17:28 - 2014-07-09 19:17 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMatt.job
2014-11-02 15:57 - 2012-07-05 19:26 - 00000000 ____D () C:\Users\Matt\Documents\Household
2014-11-02 08:01 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-30 16:15 - 2012-06-19 19:24 - 00109296 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-30 12:34 - 2012-06-21 19:52 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\SoftGrid Client
2014-10-30 12:33 - 2012-07-29 11:05 - 00000000 ____D () C:\Users\Matt\Documents\michelle
2014-10-30 11:56 - 2010-11-20 21:47 - 00197172 _____ () C:\Windows\PFRO.log
2014-10-29 20:33 - 2012-06-21 19:49 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2014-10-29 20:33 - 2012-06-21 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 20:33 - 2012-06-21 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-29 16:13 - 2014-06-12 11:52 - 00000000 ____D () C:\Users\Matt\Desktop\michelle's keeps
2014-10-29 15:57 - 2012-07-18 17:26 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-29 15:57 - 2012-06-20 19:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-27 17:49 - 2013-09-28 20:40 - 00000000 ____D () C:\Users\Matt\AppData\Local\iLivid
2014-10-27 08:20 - 2014-09-27 07:14 - 00000000 ____D () C:\Users\Matt\Desktop\health
2014-10-22 08:08 - 2012-11-25 07:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 08:08 - 2012-11-25 07:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 09:45 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 08:13 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 08:09 - 2009-07-13 22:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 08:07 - 2014-05-06 21:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 20:52 - 2012-06-23 20:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 20:49 - 2013-08-04 04:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 20:40 - 2012-06-19 20:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 20:06 - 2014-09-11 19:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-10 13:37 - 2012-06-23 20:39 - 00000000 ____D () C:\Users\Matt\AppData\Local\Microsoft Help
2014-10-09 11:56 - 2014-04-15 11:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
Some content of TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\checktbexist.exe
C:\Users\Matt\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\Matt\AppData\Local\Temp\Extract.exe
C:\Users\Matt\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Matt\AppData\Local\Temp\i4jdel0.exe
C:\Users\Matt\AppData\Local\Temp\ICReinstall_Adobe_Reader_Setup (1).exe
C:\Users\Matt\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Matt\AppData\Local\Temp\ncuzlgb.dll
C:\Users\Matt\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Matt\AppData\Local\Temp\nsb1A2.exe
C:\Users\Matt\AppData\Local\Temp\nsg2A96.exe
C:\Users\Matt\AppData\Local\Temp\nsjCA89.exe
C:\Users\Matt\AppData\Local\Temp\nsjF57F.exe
C:\Users\Matt\AppData\Local\Temp\nsl8755.exe
C:\Users\Matt\AppData\Local\Temp\nsoC9BD.exe
C:\Users\Matt\AppData\Local\Temp\nsq863B.exe
C:\Users\Matt\AppData\Local\Temp\nstF520.exe
C:\Users\Matt\AppData\Local\Temp\Resource.exe
C:\Users\Matt\AppData\Local\Temp\SP55092.exe
C:\Users\Matt\AppData\Local\Temp\SP56665.exe
C:\Users\Matt\AppData\Local\Temp\SP56750.exe
C:\Users\Matt\AppData\Local\Temp\SP56878.exe
C:\Users\Matt\AppData\Local\Temp\SP56929.exe
C:\Users\Matt\AppData\Local\Temp\SP57232.exe
C:\Users\Matt\AppData\Local\Temp\SP57398.exe
C:\Users\Matt\AppData\Local\Temp\SP57474.exe
C:\Users\Matt\AppData\Local\Temp\SP57682.exe
C:\Users\Matt\AppData\Local\Temp\sp58915.exe
C:\Users\Matt\AppData\Local\Temp\SP58987.exe
C:\Users\Matt\AppData\Local\Temp\SP59542.exe
C:\Users\Matt\AppData\Local\Temp\SP59755.exe
C:\Users\Matt\AppData\Local\Temp\SP60051.exe
C:\Users\Matt\AppData\Local\Temp\sp64126.exe
C:\Users\Matt\AppData\Local\Temp\SPStub.exe
C:\Users\Matt\AppData\Local\Temp\SymCCIS.dll
C:\Users\Matt\AppData\Local\Temp\tbedrs.dll
C:\Users\Matt\AppData\Local\Temp\tbUpMe.dll
C:\Users\Matt\AppData\Local\Temp\tbWise.dll
C:\Users\Matt\AppData\Local\Temp\u9emkgox.dll
C:\Users\Matt\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 07:45
==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:38 PM

Posted 07 November 2014 - 04:05 AM

Hi,

 

Please go ahead and uninstall the following programs:

 

iLivid

MixiDJ V1 Toolbar

Catalina Savings Printer (This is optional. Uninstall it only if you don't use it. However I would suggest to uninstall it since it's adware bundled).

 

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Matt7620

Matt7620
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 07 November 2014 - 09:10 AM

Hi Georgi,

 

I ran the FRST fix with the fixlist.txt.  FRST completed the fix and told me the computer needed to be restarted.  So, I restarted it, and now it's crashed.  All I get is a blank black screen.  This is a mobile labtop, so in an effort to reboot it, I unplugged it, removed the battery, held down the power botton for serveral seconds, then tried to reboot the pc.  I still have the blank black screen.

 

Any advise?

 

Thank you,

Matt



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:38 PM

Posted 07 November 2014 - 11:51 AM

Hi Matt,

 

This is really odd.

 

Please let me know if you do have windows 7 installation DVD ? If not please verify that you can access the Recovery Environment.
To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.
If the option 'Repair your computer' is available please hard reboot your computer and report to me your success. Do not proceed for now!!!

AdvancedBootOptions.jpg

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Matt7620

Matt7620
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 07 November 2014 - 07:27 PM

Hi Georgi,

 

So, after I left for work this morning, the pc booted up.  When I came home I saw this and logged on, then shut the machine down again so I could boot it up again.  Immediately upon pressing the power button, I get the blank black screen(its actually a blank black screen with a white underscore marking in the very top left corner of the screen) for approximately 6 minutes, then windows 7 starts up.  I do not have access to the recovery environment.  Pressing F8 does nothing.  At current, I cannot find my Windows 7 recovery/installation CD! Lol

 

I was not having this problem before I ran the fixlist.txt with FRST. Before hand, the pc would boot normally and I had access the recovery module via pressing F8 So, I'm not exactly sure what happened.  For the time being, I will leave the computer on until further diagnose can determine what is causing these startup issues.

 

FRST did produce a fixlog.  I am posting here below.  Thanks again for your help.  Please let me know what to do!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Matt at 2014-11-07 05:55:06 Run:1
Running from C:\Users\Matt\Desktop
Loaded Profile: Matt (Available profiles: Matt)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [iLivid] => C:\Users\Matt\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-08] (Bandoo Media Inc.)
C:\Users\Matt\AppData\Local\iLivid
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
C:\Users\Matt\AppData\Local\Conduit
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Matt\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
C:\Users\Matt\AppData\Local\TB
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [Zcziwyukgvw] => regsvr32.exe /s "C:\Users\Matt\AppData\Local\Apple\Zcziwyukgvw.dll" <===== ATTENTION
C:\Users\Matt\AppData\Local\Apple\Zcziwyukgvw.dll
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
C:\PROGRA~2\SearchProtect
URLSearchHook: HKLM-x32 - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
URLSearchHook: HKCU - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No File
URLSearchHook: HKCU - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {BC549322-F708-4B79-B2CD-053573F80CB7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247436&CUI=UN30318583551602124&UM=4
BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings.dll No File
C:\Program Files (x86)\Solid Savings
BHO-x32: MixiDJ V1 Toolbar -> {67097627-fd8e-4f6b-af4b-ecb65e50112e} -> C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
Toolbar: HKLM-x32 - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMixi.dll ()
C:\Program Files (x86)\MixiDJ_V1
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
Toolbar: HKCU - No Name - {67097627-FD8E-4F6B-AF4B-ECB65E50112E} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
CHR Extension: (Solid Savings) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah [2013-03-24]
CHR Extension: (UpMedia) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiikhneliaiicflalkilgeblaociipf [2014-03-11]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-25]
CHR Extension: (MixiDJ V1) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp [2013-08-17]
CHR HKCU\...\Chrome\Extension: [jfiikhneliaiicflalkilgeblaociipf] - C:\Users\Matt\AppData\Local\CRE\jfiikhneliaiicflalkilgeblaociipf.crx [2014-03-05]
CHR HKCU\...\Chrome\Extension: [ndlegeeaeejpodkbnkkofpjpjeigcopp] - C:\Users\Matt\AppData\Local\CRE\ndlegeeaeejpodkbnkkofpjpjeigcopp.crx [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [jfiikhneliaiicflalkilgeblaociipf] - C:\Users\Matt\AppData\Local\CRE\jfiikhneliaiicflalkilgeblaociipf.crx [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [ndlegeeaeejpodkbnkkofpjpjeigcopp] - C:\Users\Matt\AppData\Local\CRE\ndlegeeaeejpodkbnkkofpjpjeigcopp.crx [2013-03-20]
2014-10-20 08:01 - 2014-10-20 08:02 - 00000000 ____D () C:\Users\Matt\AppData\Local\{E09BC34C-8ED0-441F-B3D9-8F1720482809}
Task: {7A21D2BD-4195-48AE-A7B4-B155509CEBAA} - System32\Tasks\Updater26278.exe => C:\Users\Matt\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
C:\Users\Matt\AppData\Local\Updater26278
Task: {CD8A2828-EBE2-456D-8C57-98581B7AAFF6} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Matt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
emptytemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value deleted successfully.
"C:\Users\Matt\AppData\Local\iLivid" => File/Directory not found.
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => value deleted successfully.
C:\Users\Matt\AppData\Local\Conduit => Moved successfully.
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\Software\Microsoft\Windows\CurrentVersion\Run\\APISupport => value deleted successfully.
C:\Users\Matt\AppData\Local\TB => Moved successfully.
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zcziwyukgvw => value deleted successfully.
"C:\Users\Matt\AppData\Local\Apple\Zcziwyukgvw.dll" => File/Directory not found.
"HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{67097627-fd8e-4f6b-af4b-ecb65e50112e} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{67097627-fd8e-4f6b-af4b-ecb65e50112e} => Value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC549322-F708-4B79-B2CD-053573F80CB7}" => Key deleted successfully.
"HKCR\CLSID\{BC549322-F708-4B79-B2CD-053573F80CB7}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211621178}" => Key deleted successfully.
C:\Program Files (x86)\Solid Savings => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67097627-fd8e-4f6b-af4b-ecb65e50112e}" => Key not found.
"HKCR\Wow6432Node\CLSID\{67097627-fd8e-4f6b-af4b-ecb65e50112e}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{67097627-fd8e-4f6b-af4b-ecb65e50112e} => Value not found.
"HKCR\Wow6432Node\CLSID\{67097627-fd8e-4f6b-af4b-ecb65e50112e}" => Key not found.
C:\Program Files (x86)\MixiDJ_V1 => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} => value deleted successfully.
"HKCR\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{67097627-FD8E-4F6B-AF4B-ECB65E50112E} => Value not found.
"HKCR\CLSID\{67097627-FD8E-4F6B-AF4B-ECB65E50112E}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => value deleted successfully.
"HKCR\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}" => Key not found.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah => Moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiikhneliaiicflalkilgeblaociipf => Moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Moved successfully.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\jfiikhneliaiicflalkilgeblaociipf" => Key deleted successfully.
C:\Users\Matt\AppData\Local\CRE\jfiikhneliaiicflalkilgeblaociipf.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp" => Key deleted successfully.
C:\Users\Matt\AppData\Local\CRE\ndlegeeaeejpodkbnkkofpjpjeigcopp.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfiikhneliaiicflalkilgeblaociipf" => Key deleted successfully.
"C:\Users\Matt\AppData\Local\CRE\jfiikhneliaiicflalkilgeblaociipf.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp" => Key deleted successfully.
"C:\Users\Matt\AppData\Local\CRE\ndlegeeaeejpodkbnkkofpjpjeigcopp.crx" => File/Directory not found.
C:\Users\Matt\AppData\Local\{E09BC34C-8ED0-441F-B3D9-8F1720482809} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A21D2BD-4195-48AE-A7B4-B155509CEBAA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A21D2BD-4195-48AE-A7B4-B155509CEBAA}" => Key deleted successfully.
C:\Windows\System32\Tasks\Updater26278.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe" => Key deleted successfully.
C:\Users\Matt\AppData\Local\Updater26278 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD8A2828-EBE2-456D-8C57-98581B7AAFF6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD8A2828-EBE2-456D-8C57-98581B7AAFF6}" => Key deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
EmptyTemp: => Removed 8.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:38 PM

Posted 08 November 2014 - 03:19 AM

Hello,

 

It was probably just a coincidence (a hardware problem which never occured before or corrupted registry settings due to malware). The fix removed only malware related entires and nothing legit.

 

Ok, can you please run a fresh scan with FRST (make sure that Addition.txt is checked) and then please post the logs in your next reply.

 

 

Also please run CHKDSK to check for disk errors:
 

  • Click Start => go to RUN and type in cmd and then hit Enter.
  • At the command prompt, copy with right click the following command chkdsk c: /x /f /r and paste it in the CMD window and then press Enter.
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts (because CHKDSK may be unable to gain exclusive access to the drive under Windows), type the following text y, and then press Enter.
  • At the command prompt, type exit and then press Enter.
  • Restart your computer. While Windows is loading, CHKDSK should automatically run and check the drive that you specified earlier.
    This process can take up to an hour!
  • When all is one and you are back into normal mode click Start => Run and type in eventvwr.msc and then hit Enter.
  • Once Event Viewer is open, select Windows logs => Application  => The 3th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
  • Scroll through the Source column to find the most recent entry titled WinInit and id of 1001.
  • Double-click WinInit to open the CHKDSK results.
  • Click on the Copy button and post the result in your next reply.

 

 

Finally please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "Run as administrator".
 

Copy/paste the following text at the command prompt and press enter after each line:

sfc /verifyonly

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Upload it here and post the link to the log in your next reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 08 November 2014 - 03:19 AM.

cXfZ4wS.png


#9 Matt7620

Matt7620
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 08 November 2014 - 09:22 AM

Hi Georgi,

 

I completed another scan, here's the addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by Matt at 2014-11-08 08:07:35
Running from C:\Users\Matt\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.3 3.4.3 (HKLM-x32\...\BookSmart® 3.4.3 3.4.3) (Version:  - Blurb, Inc)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
GMATPrep (HKLM-x32\...\GMATPrep 2.1.279) (Version: 2.1.279 - Graduate Management Admission Council (GMAC))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.3.11013 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.21.3.2423 - PasswordBox, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

17-10-2014 02:39:31 Windows Update
18-10-2014 16:17:03 Removed Java 7 Update 45
18-10-2014 16:17:53 Removed Java 7 Update 45
26-10-2014 15:41:35 Scheduled Checkpoint
31-10-2014 00:07:11 Installed HP Support Solutions Framework

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-06-19 05:42 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1ADD825E-6672-4083-90A4-2D7DC198A23F} - System32\Tasks\HPCeeScheduleForMatt => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1C3260AA-6673-402F-9C3F-408C0E238B97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {2B57401A-682E-4C63-BC22-17F1AE4FC5E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {313B5A45-BFA9-4F0A-B7B1-070961257EA5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {3A5DE288-A986-4184-870D-9CB3E08EC4D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A907234-EC01-46D1-91A1-188BDADAEC85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {70328C94-17E8-490C-B600-3B600B5FDD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A2F03CDF-CC2A-4CA4-8422-5C1A41C90007} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A6D339EA-BD2A-464C-84C3-E8CC99D91F8B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {ABB29C4E-96E6-4656-920A-B0DF34FF8032} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AD43FECC-9F3F-4F6F-AACE-0F279124DE08} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {D225EF47-45E9-4441-8017-ABCA0976CFE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {E8437F80-7257-42B3-A6E5-707C52C05BF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F60A883F-FCE9-4C91-BC3B-3BE5847191CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMatt.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-03-24 16:57 - 2005-03-11 23:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-13 19:10 - 2011-08-10 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-19 22:34 - 2011-12-19 22:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-21 17:50 - 2013-03-21 17:50 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-10-17 08:52 - 2014-10-17 08:52 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2012-06-13 19:09 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1796628596-1304665509-2838333734-500 - Administrator - Disabled)
Guest (S-1-5-21-1796628596-1304665509-2838333734-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1796628596-1304665509-2838333734-1002 - Limited - Enabled)
Matt (S-1-5-21-1796628596-1304665509-2838333734-1000 - Administrator - Enabled) => C:\Users\Matt

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:00:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 05:49:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 07:09:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 06:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76753

System errors:
=============
Error: (11/07/2014 06:01:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/07/2014 05:49:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/07/2014 07:09:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/07/2014 05:55:37 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/07/2014 05:55:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:00:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 05:49:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 07:09:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 06:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76753

==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8139.86 MB
Available physical RAM: 5746 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 14039.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.37 GB) (Free:545.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.11 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5886C2AB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

 

 

I was not able to run the checkdisk from the command prompt.  I get the following message:

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Matt>chkdsk c: /x /f /r
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.

C:\Users\Matt>

 

Also, pc still takes 6 minutes before it starts to load Windows7 and no access to the recovery console.

 

Thanks for your help! Please let me know what to try next.

 

Thanks,

Matt



#10 Matt7620

Matt7620
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 08 November 2014 - 10:21 AM

Hi Georgi,

 

I tried to run the chdsk as an administrator.  I couldn't run it on the C drive since it is currently being utilized, so I chose to run chckdsk on startup.  After I turned the pc back on, I get the same blank black screen for 6 minutes, then windows loads.  I could not determine if the chckdsk command you provided ran or not, so I checked the windows event viewer.  In the event viewer, I could find no record of chckdsk actually running.

 

So my guess is that it has not run yet.

 

Thanks Matt



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:38 PM

Posted 08 November 2014 - 11:22 AM

Hi Matt,

 

 

This is really strange. Ok let's try a few things:

 

1. Since you posted only the new Addition.txt I need you to post the new FRST.txt log file in your next reply.

 

2. Please run the other command from my previous post as administrator (sfc /verifyonly) and the other one and then post the sfcdetails.txt log in your next reply.

 

3. Let's run chkdsk in a different way. Open My Computer and right-click on the C:\ Drive and select Properties. Click on the Tools Tab and select Check Now under the Error-checking header. Place a check mark next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors and click Start. You will be prompt to "Schedule disk check". Click it and restart your system and when done post the log. You can find the log this way.

 

4. Also please download the portable version of CrystalDiskInfo6_2_1 and extract the archive in a folder of your choice. Run the file DiskInfo.exe, expand the window size so that all of the S.M.A.R.T. attributes to be shown. Make a screenshot (Press Alt+Print Screen by holding down the Alt key and then pressing the Print Screen key) and then open Paint and press Ctrl + V. Give the file a name and save it to your desktop. Next please upload the screenshot at http://imgur.com/ and post the link to the picture in your next reply.

 

5. Finally can you perform a clean boot and let me know if the problem still persists?

http://support.microsoft.com/kb/929135

 

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Matt7620

Matt7620
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 09 November 2014 - 09:27 AM

Hi Georgi,

 

Thanks for your help.  I was able to complete all 5 of the previous steps without any issues.  The pc seems to be running normally now.  I have not encountered any more delayed Windows7 startups.

 

Below are the requested logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by Matt (administrator) on MATT-HP on 08-11-2014 19:39:13
Running from C:\Users\Matt\Desktop
Loaded Profile: Matt (Available profiles: Matt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-12-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1796628596-1304665509-2838333734-1000\...\MountPoints2: {0495a3a9-e77b-11e3-af33-082e5f8cbaad} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {3ABFC778-5E3E-4AE4-B4CB-74EBF316E3FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BC549322-F708-4B79-B2CD-053573F80CB7} URL =
SearchScopes: HKLM-x32 - {3ABFC778-5E3E-4AE4-B4CB-74EBF316E3FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {3ABFC778-5E3E-4AE4-B4CB-74EBF316E3FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://eg.remoteaccess.thomsonreuters.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-06]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Simple Pass 2012) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Norton Confidential) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PasswordBox) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke [2013-08-17]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-25]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-25]
CHR Extension: (Website Logon) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2012-11-25]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-25]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
CHR HKCU\...\Chrome\Extension: [bdgldefdgecfggjdniencbihfhfnenke] - C:\Users\Matt\AppData\Local\PasswordBox\Chrome\extension [2013-04-24]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-05-31] (Nalpeiron Ltd.) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-03-21] (PasswordBox, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2013-10-31] (LeapFrog)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141108.003\ENG64.SYS [129752 2014-10-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141108.003\EX64.SYS [2137304 2014-10-09] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-05] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 19:38 - 2014-11-08 19:38 - 02115584 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2014-11-08 07:39 - 2014-11-08 07:39 - 00000000 ____D () C:\Users\Matt\Desktop\FRST-OlderVersion
2014-11-06 18:15 - 2014-11-08 08:08 - 00031192 _____ () C:\Users\Matt\Desktop\Addition.txt
2014-11-06 18:14 - 2014-11-08 19:39 - 00026462 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-11-06 18:13 - 2014-11-08 19:39 - 00000000 ____D () C:\FRST
2014-11-02 17:36 - 2014-11-02 17:56 - 00026886 _____ () C:\Users\Matt\Desktop\dds.txt
2014-11-02 17:36 - 2014-11-02 17:56 - 00011145 _____ () C:\Users\Matt\Desktop\attach.txt
2014-11-02 17:34 - 2014-11-02 17:35 - 00688992 ____R (Swearware) C:\Users\Matt\Desktop\dds.com
2014-10-30 19:26 - 2014-10-30 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2014-10-30 19:26 - 2014-10-30 19:26 - 00000000 ____D () C:\Program Files\Core Temp
2014-10-30 19:24 - 2014-10-30 19:24 - 01285176 _____ (Alcpu ) C:\Users\Matt\Downloads\Core-Temp-installer.exe
2014-10-30 18:13 - 2014-10-30 18:13 - 00000000 ____D () C:\Program Files (x86)\sp60655
2014-10-30 18:11 - 2014-10-30 18:11 - 08110056 _____ (Hewlett-Packard Company ) C:\Users\Matt\Downloads\sp60655.exe
2014-10-30 18:05 - 2014-10-30 18:05 - 05152768 _____ () C:\Users\Matt\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-29 20:33 - 2014-11-02 13:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 20:33 - 2014-10-29 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 20:33 - 2014-10-29 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 20:33 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 20:33 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 20:13 - 2014-10-29 20:13 - 00007597 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2014-10-27 19:32 - 2014-10-27 19:33 - 00000000 ____D () C:\Users\Matt\Desktop\colorado vacation
2014-10-20 07:52 - 2014-10-20 07:52 - 00000165 ____H () C:\Users\Matt\Desktop\~$October budget 2014.xlsx
2014-10-16 04:40 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 04:40 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 04:40 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 04:40 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 04:40 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 04:40 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 04:40 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 04:40 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 04:40 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 04:40 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 04:40 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 04:40 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 04:40 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 04:40 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 04:40 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 04:40 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 04:40 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 04:40 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 04:40 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 04:40 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 04:40 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 04:40 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 04:40 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 04:40 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 04:40 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 04:40 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 04:40 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 04:40 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 04:40 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 04:40 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 04:40 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 04:40 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 04:40 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 04:40 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 04:40 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 04:40 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 04:40 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 04:40 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 04:40 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 04:40 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 04:40 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 04:40 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 04:40 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 04:40 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 04:40 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 04:40 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 04:40 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 04:40 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 04:40 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 04:40 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 04:40 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 04:40 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 04:40 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 04:40 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 04:40 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 04:40 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 04:40 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 04:40 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 04:40 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 04:40 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 04:40 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 04:40 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 04:40 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 04:39 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 04:39 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 04:39 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 04:39 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 04:39 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 04:39 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 04:39 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 04:39 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 04:39 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 04:39 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 04:39 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 04:39 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 19:38 - 2012-06-13 19:06 - 01124981 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 19:20 - 2012-07-04 07:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 19:14 - 2012-11-25 07:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 19:13 - 2012-11-25 07:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 19:12 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 19:12 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 19:04 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 19:04 - 2009-07-13 22:51 - 00126306 _____ () C:\Windows\setupact.log
2014-11-08 09:02 - 2012-06-19 19:24 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{67A7E6DC-8913-4981-8EB7-F74B45B509D8}
2014-11-08 08:37 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-07 17:48 - 2009-07-13 23:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-07 07:08 - 2014-07-09 19:17 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMatt.job
2014-11-07 07:07 - 2010-11-20 21:47 - 00198206 _____ () C:\Windows\PFRO.log
2014-11-07 06:29 - 2014-07-09 19:17 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMatt
2014-11-07 06:29 - 2012-06-20 19:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-07 06:28 - 2012-07-18 17:26 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-07 05:55 - 2013-03-24 16:54 - 00000000 ____D () C:\Users\Matt\AppData\Local\CRE
2014-11-06 18:51 - 2014-06-12 11:52 - 00000000 ____D () C:\Users\Matt\Desktop\michelle's keeps
2014-11-02 20:24 - 2012-06-30 15:14 - 00000000 ____D () C:\Users\Matt\AppData\Local\CrashDumps
2014-11-02 17:42 - 2012-06-19 21:13 - 00000000 ____D () C:\Users\Matt\AppData\Local\Apple
2014-11-02 17:32 - 2009-07-13 23:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 15:57 - 2012-07-05 19:26 - 00000000 ____D () C:\Users\Matt\Documents\Household
2014-10-30 16:15 - 2012-06-19 19:24 - 00109296 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-30 12:34 - 2012-06-21 19:52 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\SoftGrid Client
2014-10-30 12:33 - 2012-07-29 11:05 - 00000000 ____D () C:\Users\Matt\Documents\michelle
2014-10-29 20:33 - 2012-06-21 19:49 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2014-10-29 20:33 - 2012-06-21 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 20:33 - 2012-06-21 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-27 08:20 - 2014-09-27 07:14 - 00000000 ____D () C:\Users\Matt\Desktop\health
2014-10-22 08:08 - 2012-11-25 07:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 08:08 - 2012-11-25 07:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 09:45 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 08:13 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 08:09 - 2009-07-13 22:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 08:07 - 2014-05-06 21:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 20:52 - 2012-06-23 20:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 20:49 - 2013-08-04 04:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 20:40 - 2012-06-19 20:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 20:06 - 2014-09-11 19:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-10 13:37 - 2012-06-23 20:39 - 00000000 ____D () C:\Users\Matt\AppData\Local\Microsoft Help
2014-10-09 11:56 - 2014-04-15 11:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 07:45

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by Matt at 2014-11-08 19:40:36
Running from C:\Users\Matt\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.3 3.4.3 (HKLM-x32\...\BookSmart® 3.4.3 3.4.3) (Version:  - Blurb, Inc)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
GMATPrep (HKLM-x32\...\GMATPrep 2.1.279) (Version: 2.1.279 - Graduate Management Admission Council (GMAC))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.3.11013 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.21.3.2423 - PasswordBox, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

17-10-2014 02:39:31 Windows Update
18-10-2014 16:17:03 Removed Java 7 Update 45
18-10-2014 16:17:53 Removed Java 7 Update 45
26-10-2014 15:41:35 Scheduled Checkpoint
31-10-2014 00:07:11 Installed HP Support Solutions Framework

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-06-19 05:42 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1ADD825E-6672-4083-90A4-2D7DC198A23F} - System32\Tasks\HPCeeScheduleForMatt => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1C3260AA-6673-402F-9C3F-408C0E238B97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {2B57401A-682E-4C63-BC22-17F1AE4FC5E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {313B5A45-BFA9-4F0A-B7B1-070961257EA5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {3A5DE288-A986-4184-870D-9CB3E08EC4D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A907234-EC01-46D1-91A1-188BDADAEC85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {70328C94-17E8-490C-B600-3B600B5FDD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A2F03CDF-CC2A-4CA4-8422-5C1A41C90007} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A6D339EA-BD2A-464C-84C3-E8CC99D91F8B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {ABB29C4E-96E6-4656-920A-B0DF34FF8032} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AD43FECC-9F3F-4F6F-AACE-0F279124DE08} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {D225EF47-45E9-4441-8017-ABCA0976CFE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {E8437F80-7257-42B3-A6E5-707C52C05BF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F60A883F-FCE9-4C91-BC3B-3BE5847191CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMatt.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-03-24 16:57 - 2005-03-11 23:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-13 19:10 - 2011-08-10 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-19 22:34 - 2011-12-19 22:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-21 17:50 - 2013-03-21 17:50 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-10-17 08:52 - 2014-10-17 08:52 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2012-06-13 19:09 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1796628596-1304665509-2838333734-500 - Administrator - Disabled)
Guest (S-1-5-21-1796628596-1304665509-2838333734-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1796628596-1304665509-2838333734-1002 - Limited - Enabled)
Matt (S-1-5-21-1796628596-1304665509-2838333734-1000 - Administrator - Enabled) => C:\Users\Matt

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 07:31:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 12.11.4.4, time stamp: 0x53f531a0
Faulting module name: SYMHTMDX.DLL, version: 8.0.0.58, time stamp: 0x52018148
Exception code: 0xc0000005
Fault offset: 0x00031519
Faulting process id: 0x1250
Faulting application start time: 0xNIS.exe0
Faulting application path: NIS.exe1
Faulting module path: NIS.exe2
Report Id: NIS.exe3

Error: (11/08/2014 07:04:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2014 08:57:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:00:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/08/2014 07:05:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/08/2014 08:57:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/07/2014 06:01:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/07/2014 05:49:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/07/2014 07:09:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/07/2014 05:55:37 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/07/2014 05:55:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/07/2014 05:55:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/08/2014 07:31:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NIS.exe12.11.4.453f531a0SYMHTMDX.DLL8.0.0.5852018148c000000500031519125001cffbb91e6b9075C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exeC:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SYMHTMDX.DLL207a0564-67b0-11e4-8648-082e5f8cbaad

Error: (11/08/2014 07:04:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2014 08:57:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6791754

Error: (11/07/2014 08:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15507

Error: (11/07/2014 06:31:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 06:00:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8139.86 MB
Available physical RAM: 5885.78 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13965.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.37 GB) (Free:545.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.11 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5886C2AB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

2014-11-08 19:45:50, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:45:50, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-11-08 19:45:52, Info                  CSI    0000000c [SR] Verify complete
2014-11-08 19:45:53, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:45:53, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-11-08 19:45:54, Info                  CSI    00000010 [SR] Verify complete
2014-11-08 19:45:55, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:45:55, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-11-08 19:45:56, Info                  CSI    00000014 [SR] Verify complete
2014-11-08 19:45:57, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:45:57, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-11-08 19:45:58, Info                  CSI    00000018 [SR] Verify complete
2014-11-08 19:45:59, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:45:59, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:00, Info                  CSI    0000001c [SR] Verify complete
2014-11-08 19:46:00, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:00, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:02, Info                  CSI    00000020 [SR] Verify complete
2014-11-08 19:46:02, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:02, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:04, Info                  CSI    00000024 [SR] Verify complete
2014-11-08 19:46:04, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:04, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:06, Info                  CSI    00000028 [SR] Verify complete
2014-11-08 19:46:06, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:06, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:08, Info                  CSI    0000002c [SR] Verify complete
2014-11-08 19:46:08, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:08, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:10, Info                  CSI    00000030 [SR] Verify complete
2014-11-08 19:46:10, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:10, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:11, Info                  CSI    00000034 [SR] Verify complete
2014-11-08 19:46:12, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:12, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:13, Info                  CSI    00000038 [SR] Verify complete
2014-11-08 19:46:14, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:14, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:17, Info                  CSI    0000003c [SR] Verify complete
2014-11-08 19:46:17, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:17, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:20, Info                  CSI    00000040 [SR] Verify complete
2014-11-08 19:46:20, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:20, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:22, Info                  CSI    00000044 [SR] Verify complete
2014-11-08 19:46:22, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:22, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:25, Info                  CSI    00000048 [SR] Verify complete
2014-11-08 19:46:25, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:25, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:27, Info                  CSI    0000004c [SR] Verify complete
2014-11-08 19:46:27, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:27, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:29, Info                  CSI    00000050 [SR] Verify complete
2014-11-08 19:46:29, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:29, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:31, Info                  CSI    00000054 [SR] Verify complete
2014-11-08 19:46:31, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:31, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:35, Info                  CSI    00000058 [SR] Verify complete
2014-11-08 19:46:35, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:35, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:38, Info                  CSI    0000005c [SR] Verify complete
2014-11-08 19:46:38, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:38, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:41, Info                  CSI    00000060 [SR] Verify complete
2014-11-08 19:46:41, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:41, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:46, Info                  CSI    00000064 [SR] Verify complete
2014-11-08 19:46:46, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:46, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:51, Info                  CSI    00000069 [SR] Verify complete
2014-11-08 19:46:51, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:51, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2014-11-08 19:46:56, Info                  CSI    00000070 [SR] Verify complete
2014-11-08 19:46:56, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:46:56, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:00, Info                  CSI    00000075 [SR] Verify complete
2014-11-08 19:47:00, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:00, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:04, Info                  CSI    00000079 [SR] Verify complete
2014-11-08 19:47:05, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:05, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:10, Info                  CSI    0000009d [SR] Verify complete
2014-11-08 19:47:11, Info                  CSI    0000009e [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:11, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:15, Info                  CSI    000000a4 [SR] Verify complete
2014-11-08 19:47:15, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:15, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:20, Info                  CSI    000000a8 [SR] Verify complete
2014-11-08 19:47:21, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:21, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:25, Info                  CSI    000000ac [SR] Verify complete
2014-11-08 19:47:25, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:25, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:30, Info                  CSI    000000b0 [SR] Verify complete
2014-11-08 19:47:30, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:30, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:35, Info                  CSI    000000b4 [SR] Verify complete
2014-11-08 19:47:35, Info                  CSI    000000b5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:35, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:40, Info                  CSI    000000b8 [SR] Verify complete
2014-11-08 19:47:40, Info                  CSI    000000b9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:40, Info                  CSI    000000ba [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:49, Info                  CSI    000000dd [SR] Verify complete
2014-11-08 19:47:49, Info                  CSI    000000de [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:49, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2014-11-08 19:47:56, Info                  CSI    000000e1 [SR] Verify complete
2014-11-08 19:47:56, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:47:56, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:09, Info                  CSI    000000e5 [SR] Verify complete
2014-11-08 19:48:09, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:09, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:12, Info                  CSI    000000eb [SR] Verify complete
2014-11-08 19:48:12, Info                  CSI    000000ec [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:12, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:14, Info                  CSI    000000ef [SR] Verify complete
2014-11-08 19:48:14, Info                  CSI    000000f0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:14, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:16, Info                  CSI    000000f3 [SR] Verify complete
2014-11-08 19:48:16, Info                  CSI    000000f4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:16, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:21, Info                  CSI    00000101 [SR] Verify complete
2014-11-08 19:48:21, Info                  CSI    00000102 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:21, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:25, Info                  CSI    0000010c [SR] Verify complete
2014-11-08 19:48:25, Info                  CSI    0000010d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:25, Info                  CSI    0000010e [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:28, Info                  CSI    00000110 [SR] Verify complete
2014-11-08 19:48:28, Info                  CSI    00000111 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:28, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:31, Info                  CSI    00000114 [SR] Verify complete
2014-11-08 19:48:31, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:31, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:35, Info                  CSI    00000118 [SR] Verify complete
2014-11-08 19:48:35, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:35, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:42, Info                  CSI    0000011d [SR] Verify complete
2014-11-08 19:48:42, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:42, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:49, Info                  CSI    00000122 [SR] Verify complete
2014-11-08 19:48:49, Info                  CSI    00000123 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:49, Info                  CSI    00000124 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:51, Info                  CSI    00000126 [SR] Verify complete
2014-11-08 19:48:51, Info                  CSI    00000127 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:51, Info                  CSI    00000128 [SR] Beginning Verify and Repair transaction
2014-11-08 19:48:53, Info                  CSI    0000012a [SR] Verify complete
2014-11-08 19:48:53, Info                  CSI    0000012b [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:48:53, Info                  CSI    0000012c [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:02, Info                  CSI    0000012e [SR] Verify complete
2014-11-08 19:49:02, Info                  CSI    0000012f [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:02, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:06, Info                  CSI    00000132 [SR] Verify complete
2014-11-08 19:49:06, Info                  CSI    00000133 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:06, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:14, Info                  CSI    00000136 [SR] Verify complete
2014-11-08 19:49:14, Info                  CSI    00000137 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:14, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:20, Info                  CSI    00000150 [SR] Verify complete
2014-11-08 19:49:20, Info                  CSI    00000151 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:20, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:25, Info                  CSI    00000154 [SR] Verify complete
2014-11-08 19:49:25, Info                  CSI    00000155 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:25, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:38, Info                  CSI    00000158 [SR] Verify complete
2014-11-08 19:49:38, Info                  CSI    00000159 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:38, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:48, Info                  CSI    0000015d [SR] Verify complete
2014-11-08 19:49:48, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:48, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2014-11-08 19:49:55, Info                  CSI    00000161 [SR] Verify complete
2014-11-08 19:49:55, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:49:55, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:00, Info                  CSI    00000165 [SR] Verify complete
2014-11-08 19:50:00, Info                  CSI    00000166 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:00, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:04, Info                  CSI    00000169 [SR] Verify complete
2014-11-08 19:50:04, Info                  CSI    0000016a [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:04, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:08, Info                  CSI    0000016f [SR] Verify complete
2014-11-08 19:50:08, Info                  CSI    00000170 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:08, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:13, Info                  CSI    00000173 [SR] Verify complete
2014-11-08 19:50:13, Info                  CSI    00000174 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:13, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:25, Info                  CSI    00000177 [SR] Verify complete
2014-11-08 19:50:25, Info                  CSI    00000178 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:25, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:31, Info                  CSI    0000017c [SR] Verify complete
2014-11-08 19:50:31, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:31, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:36, Info                  CSI    00000181 [SR] Verify complete
2014-11-08 19:50:36, Info                  CSI    00000182 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:36, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:42, Info                  CSI    00000185 [SR] Verify complete
2014-11-08 19:50:42, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:42, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:50, Info                  CSI    0000018a [SR] Verify complete
2014-11-08 19:50:50, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:50, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:54, Info                  CSI    0000018e [SR] Verify complete
2014-11-08 19:50:54, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:54, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2014-11-08 19:50:58, Info                  CSI    00000192 [SR] Verify complete
2014-11-08 19:50:58, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:50:58, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:01, Info                  CSI    00000197 [SR] Verify complete
2014-11-08 19:51:02, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:02, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:06, Info                  CSI    0000019b [SR] Verify complete
2014-11-08 19:51:06, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:06, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:09, Info                  CSI    0000019f [SR] Verify complete
2014-11-08 19:51:09, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:09, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:14, Info                  CSI    000001a4 [SR] Verify complete
2014-11-08 19:51:14, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:14, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:19, Info                  CSI    000001a9 [SR] Verify complete
2014-11-08 19:51:20, Info                  CSI    000001aa [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:20, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:25, Info                  CSI    000001ae [SR] Verify complete
2014-11-08 19:51:25, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:25, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:30, Info                  CSI    000001b3 [SR] Verify complete
2014-11-08 19:51:30, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:30, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:36, Info                  CSI    000001b7 [SR] Verify complete
2014-11-08 19:51:36, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:36, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:38, Info                  CSI    000001bb [SR] Verify complete
2014-11-08 19:51:38, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:38, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:41, Info                  CSI    000001bf [SR] Verify complete
2014-11-08 19:51:42, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:42, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:46, Info                  CSI    000001c3 [SR] Verify complete
2014-11-08 19:51:46, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:46, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:51, Info                  CSI    000001c7 [SR] Verify complete
2014-11-08 19:51:52, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:52, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-11-08 19:51:56, Info                  CSI    000001cb [SR] Verify complete
2014-11-08 19:51:56, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:51:56, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-11-08 19:52:00, Info                  CSI    000001cf [SR] Verify complete
2014-11-08 19:52:00, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:52:00, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-11-08 19:52:07, Info                  CSI    000001d3 [SR] Verify complete
2014-11-08 19:52:08, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:52:08, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-11-08 19:52:39, Info                  CSI    000001d7 [SR] Verify complete
2014-11-08 19:52:39, Info                  CSI    000001d8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:52:39, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2014-11-08 19:52:48, Info                  CSI    000001db [SR] Verify complete
2014-11-08 19:52:49, Info                  CSI    000001dc [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:52:49, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2014-11-08 19:52:57, Info                  CSI    000001df [SR] Verify complete
2014-11-08 19:52:57, Info                  CSI    000001e0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:52:57, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:00, Info                  CSI    000001e3 [SR] Verify complete
2014-11-08 19:53:00, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:00, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:04, Info                  CSI    000001e7 [SR] Verify complete
2014-11-08 19:53:05, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:05, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:08, Info                  CSI    000001eb [SR] Verify complete
2014-11-08 19:53:09, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:09, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:14, Info                  CSI    000001ef [SR] Verify complete
2014-11-08 19:53:15, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:15, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:16, Info                  CSI    000001f3 [SR] Verify complete
2014-11-08 19:53:16, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:16, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:20, Info                  CSI    000001f7 [SR] Verify complete
2014-11-08 19:53:20, Info                  CSI    000001f8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:20, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:24, Info                  CSI    00000201 [SR] Verify complete
2014-11-08 19:53:24, Info                  CSI    00000202 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:24, Info                  CSI    00000203 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:27, Info                  CSI    00000205 [SR] Verify complete
2014-11-08 19:53:27, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:27, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:31, Info                  CSI    00000209 [SR] Verify complete
2014-11-08 19:53:31, Info                  CSI    0000020a [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:31, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:36, Info                  CSI    0000020d [SR] Verify complete
2014-11-08 19:53:36, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:36, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:41, Info                  CSI    00000212 [SR] Verify complete
2014-11-08 19:53:41, Info                  CSI    00000213 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:41, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:46, Info                  CSI    00000216 [SR] Verify complete
2014-11-08 19:53:47, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:47, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:49, Info                  CSI    0000021a [SR] Verify complete
2014-11-08 19:53:49, Info                  CSI    0000021b [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:49, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2014-11-08 19:53:55, Info                  CSI    0000021e [SR] Verify complete
2014-11-08 19:53:56, Info                  CSI    0000021f [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:53:56, Info                  CSI    00000220 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:05, Info                  CSI    00000225 [SR] Verify complete
2014-11-08 19:54:05, Info                  CSI    00000226 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:05, Info                  CSI    00000227 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:12, Info                  CSI    0000022c [SR] Verify complete
2014-11-08 19:54:13, Info                  CSI    0000022d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:13, Info                  CSI    0000022e [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:18, Info                  CSI    00000236 [SR] Verify complete
2014-11-08 19:54:18, Info                  CSI    00000237 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:18, Info                  CSI    00000238 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:25, Info                  CSI    0000023f [SR] Verify complete
2014-11-08 19:54:25, Info                  CSI    00000240 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:25, Info                  CSI    00000241 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:30, Info                  CSI    00000246 [SR] Verify complete
2014-11-08 19:54:30, Info                  CSI    00000247 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:30, Info                  CSI    00000248 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:34, Info                  CSI    0000024c [SR] Verify complete
2014-11-08 19:54:34, Info                  CSI    0000024d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:34, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:38, Info                  CSI    00000250 [SR] Verify complete
2014-11-08 19:54:38, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:38, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:43, Info                  CSI    00000277 [SR] Verify complete
2014-11-08 19:54:44, Info                  CSI    00000278 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:44, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:47, Info                  CSI    0000027b [SR] Verify complete
2014-11-08 19:54:47, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:47, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:51, Info                  CSI    0000027f [SR] Verify complete
2014-11-08 19:54:51, Info                  CSI    00000280 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:51, Info                  CSI    00000281 [SR] Beginning Verify and Repair transaction
2014-11-08 19:54:56, Info                  CSI    00000283 [SR] Verify complete
2014-11-08 19:54:56, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:54:56, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:00, Info                  CSI    00000292 [SR] Verify complete
2014-11-08 19:55:00, Info                  CSI    00000293 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:00, Info                  CSI    00000294 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:06, Info                  CSI    00000297 [SR] Verify complete
2014-11-08 19:55:06, Info                  CSI    00000298 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:06, Info                  CSI    00000299 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:13, Info                  CSI    000002a2 [SR] Verify complete
2014-11-08 19:55:13, Info                  CSI    000002a3 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:13, Info                  CSI    000002a4 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:17, Info                  CSI    000002ab [SR] Verify complete
2014-11-08 19:55:18, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:18, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:21, Info                  CSI    000002af [SR] Verify complete
2014-11-08 19:55:21, Info                  CSI    000002b0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:21, Info                  CSI    000002b1 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:27, Info                  CSI    000002b4 [SR] Verify complete
2014-11-08 19:55:27, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:27, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:30, Info                  CSI    000002b8 [SR] Verify complete
2014-11-08 19:55:30, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:30, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:37, Info                  CSI    000002bc [SR] Verify complete
2014-11-08 19:55:37, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:37, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:42, Info                  CSI    000002c0 [SR] Verify complete
2014-11-08 19:55:42, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:42, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:46, Info                  CSI    000002c4 [SR] Verify complete
2014-11-08 19:55:46, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:46, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2014-11-08 19:55:53, Info                  CSI    000002e0 [SR] Verify complete
2014-11-08 19:55:53, Info                  CSI    000002e1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:55:53, Info                  CSI    000002e2 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:05, Info                  CSI    000002e4 [SR] Verify complete
2014-11-08 19:56:05, Info                  CSI    000002e5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:05, Info                  CSI    000002e6 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:09, Info                  CSI    000002e8 [SR] Verify complete
2014-11-08 19:56:09, Info                  CSI    000002e9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:09, Info                  CSI    000002ea [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:13, Info                  CSI    000002ec [SR] Verify complete
2014-11-08 19:56:13, Info                  CSI    000002ed [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:13, Info                  CSI    000002ee [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:16, Info                  CSI    000002f2 [SR] Verify complete
2014-11-08 19:56:16, Info                  CSI    000002f3 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:16, Info                  CSI    000002f4 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:20, Info                  CSI    000002f6 [SR] Verify complete
2014-11-08 19:56:20, Info                  CSI    000002f7 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:20, Info                  CSI    000002f8 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:24, Info                  CSI    000002fa [SR] Verify complete
2014-11-08 19:56:24, Info                  CSI    000002fb [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:24, Info                  CSI    000002fc [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:28, Info                  CSI    000002fe [SR] Verify complete
2014-11-08 19:56:28, Info                  CSI    000002ff [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:28, Info                  CSI    00000300 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:32, Info                  CSI    00000303 [SR] Verify complete
2014-11-08 19:56:32, Info                  CSI    00000304 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:32, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:36, Info                  CSI    00000307 [SR] Verify complete
2014-11-08 19:56:36, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:36, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:40, Info                  CSI    0000030b [SR] Verify complete
2014-11-08 19:56:40, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:40, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:45, Info                  CSI    0000030f [SR] Verify complete
2014-11-08 19:56:46, Info                  CSI    00000310 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:46, Info                  CSI    00000311 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:50, Info                  CSI    00000314 [SR] Verify complete
2014-11-08 19:56:50, Info                  CSI    00000315 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:50, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
2014-11-08 19:56:55, Info                  CSI    00000318 [SR] Verify complete
2014-11-08 19:56:55, Info                  CSI    00000319 [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:56:55, Info                  CSI    0000031a [SR] Beginning Verify and Repair transaction
2014-11-08 19:57:01, Info                  CSI    0000031c [SR] Verify complete
2014-11-08 19:57:01, Info                  CSI    0000031d [SR] Verifying 100 (0x0000000000000064) components
2014-11-08 19:57:01, Info                  CSI    0000031e [SR] Beginning Verify and Repair transaction
2014-11-08 19:57:05, Info                  CSI    00000320 [SR] Verify complete
2014-11-08 19:57:05, Info                  CSI    00000321 [SR] Verifying 87 (0x0000000000000057) components
2014-11-08 19:57:05, Info                  CSI    00000322 [SR] Beginning Verify and Repair transaction
2014-11-08 19:57:09, Info                  CSI    00000324 [SR] Verify complete
 

Chkdsk did successfully run on startup.  It took about 3 hours for it to run, then I was able to confirm that it ran on startup using your step 3.

 

Step 4: http://imgur.com/KbHcx3u

 

Step 5: Clean boot successful.  No problems persist.

 

Please let me know if there is anything else I should do.

 

Thank you,

Matt

 

Attached Files



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:38 PM

Posted 09 November 2014 - 10:28 AM

Hi Matt,

 

Nicely done. The logs above look as it should. :)

Can you please post the log from the CHKDSK?

You can find the log this way.

 

Also does the problem with the delay still persists after you reverse the clean boot steps?

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#14 Matt7620

Matt7620
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 09 November 2014 - 03:04 PM

Georgi,

 

Yes, after starting the pc with a selective startup, I restarted with a normal startup and everything was fine.  No abnormal delays.  Below is the text from the Chkdsk find on the event viewer:

 

Checking file system on C:

The type of the file system is NTFS.

A disk check has been scheduled.

Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...

Cleaning up instance tags for file 0x6664.

523008 file records processed. File verification completed.

852 large file records processed. 0 bad file records processed. 0 EA records processed. 46 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...

597604 index entries processed. Index verification completed.

0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...

523008 file SDs/SIDs processed. Cleaning up 1227 unused index entries from index $SII of file 0x9.

Cleaning up 1227 unused index entries from index $SDH of file 0x9.

Cleaning up 1227 unused security descriptors.

Security descriptor verification completed.

37299 data files processed. CHKDSK is verifying Usn Journal...

34319456 USN bytes processed. Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

522992 files processed. File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

142881137 free clusters processed. Free space verification is complete.

Windows has made corrections to the file system.

706076671 KB total disk space.

133806940 KB in 174156 files.

99324 KB in 37300 indexes.

0 KB in bad sectors.

645855 KB in use by the system.

65536 KB occupied by the log file.

571524552 KB available on disk.

4096 bytes in each allocation unit.

176519167 total allocation units on disk.

142881138 allocation units available on disk.

Internal Info:

00 fb 07 00 0b 3a 03 00 3b dc 05 00 00 00 00 00 .....:..;.......

c8 22 00 00 2e 00 00 00 00 00 00 00 00 00 00 00 ."..............

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Please let me know if there's anything else I need to do.  Thanks a lot for your help.

 

Thanks, Matt



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:38 PM

Posted 09 November 2014 - 05:56 PM

Hi Matt,

 

I am glad to hear all is ok now.

 

Although the infection has been removed if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

Also I'd like us to scan your machine with ESET OnlineScan

 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

aJ6m33V.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

Let me know for any remaining issues.

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users