Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing


  • This topic is locked This topic is locked
10 replies to this topic

#1 Mellow Out

Mellow Out

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 10 June 2015 - 03:30 PM

Hey there guys working with a computer and it comes up with the C0000135 The program can't start because %hs is missing when booting up BSOD. After spending a few hours online searching tried various things to no avail. I have put the machine on a hardware test everything has

passed, let windows startup repair run, tried system restore on different dates. Pulled the drive from the machine and scanned it both with ESET and MBAM nothing found, Checkdisk repaired the HD. The last thing I tried was running FRST. No zeroaccess found although it pointed out the LPK.dll was missing which is the language pack wondering if that would be the cause of this BSOD I will attach the FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by SYSTEM on MININT-5VIIA78 on 10-06-2015 14:56:34
Running from F:\
Platform: Windows 7 Professional (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11258368 2009-08-11] (Hewlett-Packard)
HKLM\...\Run: [ListingsPortal AppIntegrator 32-bit] => C:\PROGRA~1\LISTIN~2\bar\1.bin\AppIntegrator.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-20] (Avast Software s.r.o.)
HKU\Hp\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-05-01] (Google Inc.)
HKU\Hp\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1210880 2015-03-30] (Informer Technologies, Inc.)
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-20] (Avast Software s.r.o.)
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [293376 2009-08-11] (Hewlett-Packard)
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-20] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-20] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-20] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49904 2015-05-20] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-20] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-20] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-20] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [209048 2015-05-20] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [863336 2012-02-10] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-10 14:11 - 2015-06-10 14:56 - 00000000 ____D C:\FRST
2015-06-07 09:49 - 2015-06-07 09:49 - 246249796 _____ C:\Windows\MEMORY.DMP
2015-06-07 09:49 - 2015-06-07 09:49 - 00985664 _____ C:\Windows\Minidump\060715-19718-01.dmp
2015-06-07 09:49 - 2015-06-07 09:49 - 00000000 ____D C:\Windows\Minidump
2015-06-04 17:19 - 2015-06-04 17:19 - 00000000 ____H C:\Users\Hp\Documents\Default.rdp
2015-05-20 04:10 - 2015-05-20 04:10 - 00000000 ____D C:\Users\Hp\AppData\Roaming\AVAST Software
2015-05-20 04:09 - 2015-05-25 08:27 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 04:09 - 2015-05-20 04:09 - 00002073 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-20 04:03 - 2015-05-20 04:03 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys
2015-05-20 04:03 - 2015-05-20 04:03 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys
2015-05-20 04:03 - 2015-05-20 04:03 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe
2015-05-20 04:03 - 2015-05-20 04:03 - 00209048 _____ C:\Windows\System32\Drivers\aswVmm.sys
2015-05-20 04:03 - 2015-05-20 04:03 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys
2015-05-20 04:03 - 2015-05-20 04:03 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys
2015-05-20 04:03 - 2015-05-20 04:03 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys
2015-05-20 04:03 - 2015-05-20 04:03 - 00049904 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2015-05-20 04:03 - 2015-05-20 04:03 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-20 04:03 - 2015-05-20 04:03 - 00024144 _____ C:\Windows\System32\Drivers\aswHwid.sys
2015-05-20 03:52 - 2015-05-20 03:52 - 00000000 ____D C:\Program Files\AVAST Software
2015-05-20 03:51 - 2015-05-20 03:51 - 00000000 ____D C:\ProgramData\AVAST Software
2015-05-12 01:41 - 2015-06-03 01:47 - 00000000 ____D C:\Users\Hp\AppData\Local\CrashDumps
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-09 12:00 - 2013-11-19 15:02 - 00000000 ____D C:\users\Hp
2015-06-09 12:00 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-09 12:00 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-09 12:00 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-09 12:00 - 2009-07-13 18:37 - 00000000 __RSD C:\Windows\Media
2015-06-09 12:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2015-06-09 12:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2015-06-09 12:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\schemas
2015-06-09 12:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2015-06-09 12:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2015-06-09 12:00 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-09 11:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2015-06-09 11:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-09 11:52 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2015-06-08 05:18 - 2014-12-09 11:20 - 00000000 ____D C:\Windows\System32\MRT
2015-06-08 04:00 - 2015-05-02 00:34 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Software Informer
2015-06-08 04:00 - 2013-11-19 15:38 - 01808962 _____ C:\Windows\WindowsUpdate.log
2015-06-08 02:34 - 2009-07-13 20:34 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 02:34 - 2009-07-13 20:34 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 02:27 - 2009-07-13 20:39 - 00044563 _____ C:\Windows\setupact.log
2015-06-05 00:15 - 2013-11-19 15:40 - 00000000 ____D C:\ProgramData\PDFC
2015-06-04 17:23 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2015-06-01 04:28 - 2015-05-04 05:00 - 00000052 _____ C:\Windows\System32\DOErrors.log
2015-05-28 02:23 - 2009-07-25 04:54 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI
2015-05-28 02:18 - 2014-12-09 10:59 - 00017888 _____ C:\Windows\PFRO.log
2015-05-20 04:10 - 2015-05-01 13:43 - 00000000 ____D C:\Users\Hp\AppData\Local\Google
2015-05-20 04:08 - 2015-05-01 13:43 - 00000000 ____D C:\Program Files\Google
2015-05-20 03:13 - 2015-05-03 02:59 - 00001970 _____ C:\Users\Public\Desktop\PurePlay Poker.lnk
 
Some files in TEMP:
====================
C:\Users\Hp\AppData\Local\Temp\HPQSi.exe
C:\Users\Hp\AppData\Local\Temp\sp58915.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!.
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-05-18 04:40:04
Restore point made on: 2015-05-18 04:50:44
Restore point made on: 2015-05-20 03:52:39
Restore point made on: 2015-05-25 04:16:07
Restore point made on: 2015-06-08 04:01:11
Restore point made on: 2015-06-09 07:48:12
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 1977.25 MB
Available physical RAM: 1363.29 MB
Total Pagefile: 1977.25 MB
Available Pagefile: 1430.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.14 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:147.05 GB) (Free:120.4 GB) NTFS
Drive f: (HOUSATONIC) (Removable) (Total:14.53 GB) (Free:2.68 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:2 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 34679DFC)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)
 
 
LastRegBack: 2015-06-08 06:47
 
==================== End of log ============================
 
 
Thanks guys,
Ryan

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 10 June 2015 - 03:56 PM

Hi Ryan,

although it pointed out the LPK.dll was missing which is the language pack wondering if that would be the cause of this BSOD

That's likely the cause for the BSOD, yes.

Let's search for a replacement:


Start your computer in the System Recovery Options again and open FRST.
  • Write the following text into the Search: textbox:
    LPK.dll
  • Click on the Search File(s) button.
  • When the search is finished a log file (Search.txt) is save on your flash drive.
    Copy and paste it in your next reply.


#3 Mellow Out

Mellow Out
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 10 June 2015 - 04:44 PM

Thank you for your prompt response aharonov. Here is the FRST Log

 

Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by SYSTEM at 2015-06-10 16:41:18
Running from F:\
Boot Mode: Recovery
 
================== Search Files: "lpk.dll" =============
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_ac0e7fd2d22636de\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_abc2c1b1b8daa369\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_aa867320d4b9809b\lpk.dll
[2014-01-08 11:20][2012-12-16 08:29] 0026112 ____A (Microsoft Corporation) 1953E31A9290333FEEB28A002D92F68A
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_aa517c7cd4e1092d\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_a99d83d1bbe314aa\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_a9d3afe7bbba66c9\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_a9a96e9bbbd9f2bd\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
X:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_a9a96e9bbbd9f2bd\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
X:\Windows\System32\lpk.dll
[2009-07-13 15:25][2009-07-13 17:15] 0026624 ____A (Microsoft Corporation) 4F154D2C9C6DF951FD6E5AABBAE6B5EE
 
====== End of Search ======


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 10 June 2015 - 05:06 PM

Ok. Is the computer booting up normally again after this?


Please download this attached Attached File  fixlist.txt   286bytes   1 downloads and save it on the same flash drive as FRST.
  • Plug in the flash drive to the infected computer, enter the System Recovery Options and open FRST.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) is saved on the flash drive.
    Please copy and paste its contents in your next reply.


#5 Mellow Out

Mellow Out
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 10 June 2015 - 05:19 PM

Thank you again just applied it and its booting up now are there any other things I should check out or should I be good ? 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by SYSTEM at 2015-06-10 17:15:16 Run:1
Running from F:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_ac0e7fd2d22636de\lpk.dll C:\Windows\System32\lpk.dll
*****************
 
"C:\Windows\System32\lpk.dll" not found
C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_ac0e7fd2d22636de\lpk.dll copied successfully to C:\Windows\System32\lpk.dll
 
==== End of Fixlog 17:15:16 ====


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 10 June 2015 - 05:41 PM

Great to hear that it's booting again!
Let's do a full FRST scan in normal Windows mode to see if there are other things that have to be addressed:


Move FRST from the flash drive to your Desktop and start it with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#7 Mellow Out

Mellow Out
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 10 June 2015 - 06:12 PM

Again thank you here are the logs, also is there a way to tell what change the dll ?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by Hp (administrator) on HP-HP on 10-06-2015 18:06:38
Running from E:\
Loaded Profiles: Hp (Available Profiles: Hp)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM\...\Run: [ListingsPortal AppIntegrator 32-bit] => C:\PROGRA~1\LISTIN~2\bar\1.bin\AppIntegrator.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-280214782-995278216-361002277-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-05-01] (Google Inc.)
HKU\S-1-5-21-280214782-995278216-361002277-1001\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1210880 2015-03-30] (Informer Technologies, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-12-09] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=93&bd=all&pf=cmdt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=93&bd=all&pf=cmdt
HKU\S-1-5-21-280214782-995278216-361002277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-280214782-995278216-361002277-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=93&bd=all&pf=cmdt
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-10] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-01] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-10] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-280214782-995278216-361002277-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-01] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-20]
CHR Extension: (Google Docs) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-20]
CHR Extension: (Google Drive) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-20]
CHR Extension: (YouTube) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-20]
CHR Extension: (Google Search) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-20]
CHR Extension: (Google Sheets) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-20]
CHR Extension: (Avast Online Security) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-20]
CHR Extension: (Google Wallet) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-20]
CHR Extension: (Gmail) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [863336 2012-02-10] (Realtek Semiconductor Corporation                           )
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1k6232.sys 09CA42305FD9C52FBC3ACDC47D14ACE5
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECI.sys 88A67C34E37186665E916FD347B50D19
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iastor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys A70C995199A47F326EEF4F9F5E6267A1
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys D0A6C0CEB3B74A91884F804FF4F031C0
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys F112DA773EC3E9D3CDE9221ED300E033
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 780FF28BCD8470C5FDDEEF69982AA295
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rtwlanu.sys 55FAC659A6FA51CDECFF8170472F77FC
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\DRIVERS\tcpip.sys 7C0507D2391AF5933600CBCED799F277
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\tpm.sys 5AD05191DC8B444A7BA4D79B76C42A30
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-10 20:15 - 2009-07-13 20:15 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-10 18:05 - 2015-06-10 18:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-06-10 17:43 - 2015-06-10 17:42 - 00002119 _____ C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2015-06-10 17:42 - 2015-06-10 17:42 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-10 17:42 - 2015-06-10 17:42 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-10 17:42 - 2015-06-10 17:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-10 17:34 - 2015-06-10 17:34 - 00000000 ____D C:\Windows\system32\Adobe
2015-06-10 17:34 - 2015-06-10 17:34 - 00000000 ____D C:\ProgramData\Sun
2015-06-10 17:34 - 2015-06-10 17:34 - 00000000 ____D C:\Program Files\Common Files\Java
2015-06-10 17:34 - 2015-06-10 17:33 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-06-10 17:33 - 2015-06-10 17:33 - 00000000 ____D C:\ProgramData\Oracle
2015-06-10 17:33 - 2015-06-10 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-10 17:33 - 2015-06-10 17:33 - 00000000 ____D C:\Program Files\Java
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\Users\Hp\AppData\Local\Adobe
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\ProgramData\Adobe
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-06-10 17:32 - 2015-06-10 17:32 - 00000000 ____D C:\Program Files\Adobe
2015-06-10 17:32 - 2015-06-10 17:31 - 00002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 17:31 - 2015-06-10 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-10 17:11 - 2015-06-10 18:06 - 00000000 ____D C:\FRST
2015-06-04 20:19 - 2015-06-04 20:19 - 00000000 ____H C:\Users\Hp\Documents\Default.rdp
2015-05-20 07:10 - 2015-05-20 07:10 - 00000000 ____D C:\Users\Hp\AppData\Roaming\AVAST Software
2015-05-20 06:52 - 2015-05-20 06:52 - 00000000 ____D C:\Program Files\AVAST Software
2015-05-20 06:51 - 2015-05-20 06:51 - 00000000 ____D C:\ProgramData\AVAST Software
2015-05-12 04:41 - 2015-06-03 04:47 - 00000000 ____D C:\Users\Hp\AppData\Local\CrashDumps
2015-05-04 08:01 - 2015-06-10 18:01 - 00000308 _____ C:\Windows\Tasks\HPCeeScheduleForHp.job
2015-05-04 08:01 - 2015-05-04 08:01 - 00000000 __RSH C:\MSDOS.SYS
2015-05-04 08:01 - 2015-05-04 08:01 - 00000000 __RSH C:\IO.SYS
2015-05-04 08:00 - 2015-06-10 17:48 - 00000052 _____ C:\Windows\system32\DOErrors.log
2015-05-04 07:59 - 2015-05-04 07:59 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Hewlett-Packard
2015-05-04 07:11 - 2015-05-04 07:11 - 00000000 ____D C:\Users\Hp\AppData\Local\Hewlett-Packard
2015-05-03 06:32 - 2015-06-10 18:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-03 06:32 - 2015-06-10 17:32 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Adobe
2015-05-03 06:32 - 2015-06-10 17:28 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-03 06:32 - 2015-06-10 17:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-03 06:32 - 2015-05-03 06:32 - 00000000 ____D C:\Windows\system32\Macromed
2015-05-03 06:32 - 2015-05-03 06:32 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Macromedia
2015-05-03 05:59 - 2015-05-03 05:59 - 00001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurePlay Poker.lnk
2015-05-03 05:59 - 2015-05-03 05:59 - 00001970 _____ C:\Users\Public\Desktop\PurePlay Poker.lnk
2015-05-03 05:59 - 2015-05-03 05:59 - 00000000 ____D C:\Program Files\PurePlay
2015-05-03 05:16 - 2015-06-10 18:16 - 00000000 ____D C:\Program Files\ListingsPortal_e9EI
2015-05-02 03:52 - 2015-05-02 03:52 - 00000000 ____D C:\ProgramData\PurePlay
2015-05-02 03:34 - 2015-06-10 18:07 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Software Informer
2015-05-02 03:34 - 2015-05-02 03:34 - 00000000 ____D C:\Users\Hp\Downloads\installers
2015-05-02 03:34 - 2015-05-02 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
2015-05-02 03:34 - 2015-05-02 03:34 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2015-05-02 03:34 - 2015-05-02 03:34 - 00000000 ____D C:\Program Files\Software Informer
2015-05-01 16:43 - 2015-06-10 18:08 - 00000000 ____D C:\Program Files\Google
2015-05-01 16:43 - 2015-06-10 18:01 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 16:43 - 2015-06-10 17:22 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 16:43 - 2015-05-20 07:10 - 00000000 ____D C:\Users\Hp\AppData\Local\Google
2015-05-01 16:43 - 2015-05-01 16:57 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Google
2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D C:\ProgramData\Google
2015-05-01 16:26 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-01 16:26 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-01 16:26 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-01 16:26 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-01 16:25 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-01 16:25 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-01 16:25 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-01 16:25 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-01 16:25 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-11 12:06 - 2015-04-11 12:06 - 00000000 ____D C:\Users\Hp\Documents\attachments_2015_02_24
2015-04-11 12:06 - 2015-04-11 12:06 - 00000000 ____D C:\Users\Hp\Documents\attachments_2015_02_23 (1)
2015-04-11 12:06 - 2015-03-28 09:16 - 00000200 _____ C:\Users\Hp\Downloads\QuickAppApplya892a026
2015-04-11 12:06 - 2015-03-28 07:02 - 06682920 _____ C:\Users\Hp\Downloads\speeditup_homepage.exe
2015-04-11 12:06 - 2015-03-21 06:55 - 00125057 _____ C:\Users\Hp\Downloads\payment slip.html
2015-04-11 12:06 - 2015-03-20 06:41 - 01055936 _____ (Adobe) C:\Users\Hp\Downloads\flash_setup.exe
2015-04-11 12:06 - 2015-03-14 10:20 - 124062480 _____ (Symantec Corporation) C:\Users\Hp\Downloads\NS_22.0.2_2363_SYMTB_PROMO_4_MRFTT_BB010_11431-EN-US.exe
2015-04-11 12:06 - 2015-02-24 11:27 - 00050544 _____ C:\Users\Hp\Downloads\Chase - Privacy and Security.html
2015-04-11 12:06 - 2015-01-26 16:39 - 00002391 _____ C:\Users\Hp\Downloads\please confirm.txt
2015-04-11 12:06 - 2015-01-24 05:21 - 00775968 _____ (Reimage®) C:\Users\Hp\Downloads\ReimageRepair.exe
2015-04-11 12:06 - 2014-11-23 06:03 - 07145680 _____ C:\Users\Hp\Downloads\Speeditupfree-SecureDownload_exe
2015-04-11 12:06 - 2014-11-19 10:16 - 00129956 _____ C:\Users\Hp\Downloads\Payment Receipt............pdf.html
2015-04-11 12:06 - 2014-11-10 09:18 - 02727801 _____ C:\Users\Hp\Downloads\IMG_5575 (1).MOV
2015-04-11 12:06 - 2014-11-10 09:12 - 02727801 _____ C:\Users\Hp\Downloads\IMG_5575.MOV
2015-04-11 12:06 - 2014-10-31 08:29 - 07145680 _____ C:\Users\Hp\Downloads\Speeditupfree-SecureDownload.exe
2015-04-11 12:06 - 2014-10-11 15:10 - 00023661 _____ C:\Users\Hp\Downloads\Delivery_Information_ID-004588020234-Z31.zip
2015-04-11 12:06 - 2014-03-05 18:31 - 00509872 _____ (Ask Partner Network) C:\Users\Hp\Documents\APNSetup1.exe
2015-04-11 12:06 - 2014-03-05 18:31 - 00509872 _____ (Ask Partner Network) C:\Users\Hp\Documents\APNSetup.exe
2015-04-11 12:06 - 2013-10-07 15:13 - 28320992 _____ C:\Users\Hp\Downloads\Saf-T-Log-Firmware-UpdateV125.zip.15s68rd.partial
2015-04-11 12:06 - 2012-11-15 07:02 - 00323080 _____ (TuneUp) C:\Users\Hp\Downloads\Speedtest_TuneUpUtilities2013_en-US.exe
2015-04-11 12:06 - 2012-08-19 18:44 - 00100459 _____ C:\Users\Hp\Downloads\photo.php
2015-04-11 12:06 - 2012-08-12 16:31 - 04731432 _____ (SpeedyPC Software Inc.) C:\Users\Hp\Downloads\SpeedyPCProInstaller(3).exe
2015-04-11 12:06 - 2012-08-12 16:30 - 04731432 _____ (SpeedyPC Software Inc.) C:\Users\Hp\Downloads\SpeedyPCProInstaller(2).exe
2015-04-11 12:06 - 2012-08-12 16:29 - 04731432 _____ (SpeedyPC Software Inc.) C:\Users\Hp\Downloads\SpeedyPCProInstaller.exe
2015-04-11 12:06 - 2012-08-12 16:29 - 04731432 _____ (SpeedyPC Software Inc.) C:\Users\Hp\Downloads\SpeedyPCProInstaller(1).exe
2015-04-11 12:06 - 2012-08-12 06:38 - 02299616 _____ (Inbox.com, Inc. ) C:\Users\Hp\Downloads\MailNotifierSetup(1).exe
2015-04-11 12:06 - 2012-08-12 06:36 - 02299616 _____ (Inbox.com, Inc. ) C:\Users\Hp\Downloads\MailNotifierSetup.exe
2015-04-11 12:06 - 2012-08-12 06:09 - 06286448 _____ (Microsoft Corporation) C:\Users\Hp\Downloads\Silverlight.exe
2015-04-11 12:05 - 2015-04-11 12:05 - 00000000 ____D C:\Users\Hp\Desktop\DJ1000C
2015-04-11 12:05 - 2015-01-24 06:41 - 00485610 _____ C:\Users\Hp\Downloads\attachments_2014_12_25 (2).zip
2015-04-11 12:05 - 2014-12-25 16:02 - 00639997 _____ C:\Users\Hp\Downloads\attachments_2014_12_25 (1).zip
2015-04-11 12:05 - 2014-12-25 14:48 - 00485610 _____ C:\Users\Hp\Downloads\attachments_2014_12_25.zip
2015-04-11 12:05 - 2014-12-24 15:25 - 00678699 _____ C:\Users\Hp\Downloads\attachments_2014_12_24.zip
2015-04-11 12:05 - 2014-12-07 15:29 - 00477451 _____ C:\Users\Hp\Downloads\7.zip
2015-04-11 12:05 - 2014-11-29 16:42 - 00873054 _____ C:\Users\Hp\Downloads\attachments_2014_11_29.zip
2015-04-11 12:05 - 2012-08-05 06:07 - 148981624 _____ (AVG Technologies) C:\Users\Hp\Downloads\avg_free_x86_all_2012_2197a5126.exe
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-10 18:17 - 2009-07-14 02:50 - 00000000 ____D C:\Windows\ShellNew
2015-06-10 18:17 - 2009-07-14 02:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-10 18:17 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-10 18:17 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 __RSD C:\Windows\Media
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\schemas
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\L2Schemas
2015-06-10 18:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\AppCompat
2015-06-10 18:16 - 2013-11-19 18:38 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-10 18:16 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-10 18:14 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-06-10 18:06 - 2013-11-19 18:38 - 01276538 _____ C:\Windows\WindowsUpdate.log
2015-06-10 18:06 - 2009-07-25 07:54 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 18:05 - 2009-07-13 23:39 - 00045074 _____ C:\Windows\setupact.log
2015-06-10 18:03 - 2009-07-13 23:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-10 18:03 - 2009-07-13 23:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-10 18:01 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 18:00 - 2014-12-09 13:59 - 00059380 _____ C:\Windows\PFRO.log
2015-06-10 17:55 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Help
2015-06-10 17:51 - 2013-11-19 18:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-06-10 17:44 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-10 17:19 - 2013-11-19 18:40 - 00000000 ____D C:\ProgramData\PDFC
2015-06-10 17:18 - 2013-11-19 18:02 - 00000000 ____D C:\Users\Hp
2015-06-09 14:52 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-08 08:18 - 2014-12-09 14:20 - 00000000 ____D C:\Windows\system32\MRT
 
Some files in TEMP:
====================
C:\Users\Hp\AppData\Local\Temp\HPQSi.exe
C:\Users\Hp\AppData\Local\Temp\sp58915.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {fdc6f00f-7920-11de-a56d-0018716eb820}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {af323c5b-516e-11e3-807a-0023240661dc}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{af323c5c-516e-11e3-807a-0023240661dc}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{af323c5c-516e-11e3-807a-0023240661dc}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {af323c5b-516e-11e3-807a-0023240661dc}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fdc6f00f-7920-11de-a56d-0018716eb820}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {fdc6f00f-7920-11de-a56d-0018716eb820}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {af323c5c-516e-11e3-807a-0023240661dc}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2015-06-08 09:47
 
==================== End of log ============================
 
 
And Addition 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Hp at 2015-06-10 18:08:17
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-280214782-995278216-361002277-500 - Administrator - Disabled)
Guest (S-1-5-21-280214782-995278216-361002277-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-280214782-995278216-361002277-1003 - Limited - Enabled)
Hp (S-1-5-21-280214782-995278216-361002277-1001 - Administrator - Enabled) => C:\Users\Hp
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Google Chrome (HKLM\...\{6A21C1E8-DAC1-3C18-BCDC-2DBB4B352AD8}) (Version: 66.77.16508 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.107 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Support Assistant (HKLM\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{DDB0341B-0C7C-403E-AB58-37A78AF95AB6}) (Version: 5.0.3.1 - Hewlett-Packard)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
PurePlay Poker (HKLM\...\{60EB76E2-DF31-477B-A28C-2303ADE6629D}) (Version: 2.0.3104.0 - PurePlay)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Software Informer 1.4.1273.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.16 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.16 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
25-05-2015 07:15:55 HPSF Applying updates
08-06-2015 07:00:59 Windows Update
09-06-2015 10:45:58 Restore Operation
10-06-2015 17:49:07 HPSF Applying updates
10-06-2015 17:51:07 Removed File Sanitizer For HP ProtectTools.
10-06-2015 17:51:41 Removed HP Support Assistant.
10-06-2015 17:52:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {064B2223-0833-4E4E-9E9D-542AB52A08F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {1CE01BFD-64BD-4C00-9611-C27F06A036D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-01] (Google Inc.)
Task: {23801E21-798E-4CFF-BBBA-C0DE7E99E698} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-01] (Google Inc.)
Task: {62B4F0F7-359F-4440-B3CA-DC57D39A21D8} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2015-03-30] (Informer Technologies, Inc.)
Task: {81F69F83-1B7A-41FC-88AC-A4FECEC723A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
Task: {9C09BA96-852F-4B7B-B36F-DA545CFBEFBB} - System32\Tasks\{F1CDE329-F93A-4314-942D-532C8F4CA658} => pcalua.exe -a "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\setup.exe"
Task: {E8DF93D8-8901-4D13-B24C-AF7ED9B0AF83} - System32\Tasks\HPCeeScheduleForHp => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {FDBDADD5-E3F5-4FB0-94C0-7FAB74066BA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHp.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-19 18:38 - 2009-07-24 06:29 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2015-05-02 03:34 - 2014-06-11 22:51 - 40622592 _____ () C:\Program Files\Software Informer\cef\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-280214782-995278216-361002277-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.3.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FAE8CCEE-1796-4C78-8FEF-4ED22C34C7F8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{D4E539CA-4813-49F1-8C6A-3178E353C790}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/10/2015 05:54:31 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Hp-HP)
Description: Application or service 'HP Health Check Service' could not be restarted.
 
Error: (06/10/2015 05:51:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Hp-HP)
Description: Application or service 'File Sanitizer for HP ProtectTools' could not be restarted.
 
Error: (06/10/2015 05:51:37 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Hp-HP)
Description: Application or service 'File Sanitizer for HP ProtectTools' could not be restarted.
 
Error: (06/09/2015 11:41:22 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Windows Update).
 
Error: (06/09/2015 10:50:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
 
Error: (06/09/2015 10:50:28 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (1224) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/09/2015 08:19:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1e98
 
Start Time: 01d0a2a49b7f6fa8
 
Termination Time: 1732
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (06/08/2015 08:47:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1758
 
Start Time: 01d0a1efdc7e5c6c
 
Termination Time: 3479
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (06/08/2015 08:07:08 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020
 
Error: (06/08/2015 08:06:26 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.Entity.Design, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020
 
 
System errors:
=============
Error: (06/10/2015 06:05:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/10/2015 06:05:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/10/2015 06:05:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/10/2015 06:05:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/10/2015 06:05:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/10/2015 06:05:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/10/2015 06:05:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (06/10/2015 06:01:20 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "HP-HP          :0" could not be registered on the interface with IP address 192.168.3.96.
The computer with the IP address 192.168.3.206 did not allow the name to be claimed by
this computer.
 
Error: (06/10/2015 06:01:20 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "HP-HP          :20" could not be registered on the interface with IP address 192.168.3.96.
The computer with the IP address 192.168.3.206 did not allow the name to be claimed by
this computer.
 
Error: (06/10/2015 06:01:20 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D853D6F0-7C23-4D98-B1D4-9A705869FF12} because another computer on the network has the same name.  The server could not start.
 
 
Microsoft Office:
=========================
Error: (06/10/2015 05:54:31 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Hp-HP)
Description: 0HPHC_Service.exeHP Health Check Service03026217824880
 
Error: (06/10/2015 05:51:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Hp-HP)
Description: 1C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exeFile Sanitizer for HP ProtectTools0213429280
 
Error: (06/10/2015 05:51:37 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Hp-HP)
Description: 0HPFSService.exeFile Sanitizer for HP ProtectTools0302621787280
 
Error: (06/09/2015 11:41:22 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: Windows Update
 
Error: (06/09/2015 10:50:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032
 
Error: (06/09/2015 10:50:28 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database1224Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (06/09/2015 08:19:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.165261e9801d0a2a49b7f6fa81732C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (06/08/2015 08:47:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16526175801d0a1efdc7e5c6c3479C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (06/08/2015 08:07:08 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020 
System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil
 
Error: (06/08/2015 08:06:26 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.Entity.Design, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020 
System.Data.Entity.Design, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E6600 @ 3.06GHz
Percentage of memory in use: 71%
Total physical RAM: 1977.25 MB
Available physical RAM: 554.76 MB
Total Pagefile: 3954.49 MB
Available Pagefile: 2086.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.46 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:147.05 GB) (Free:120.51 GB) NTFS
Drive e: (HOUSATONIC) (Removable) (Total:14.53 GB) (Free:2.68 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 34679DFC)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)
 
==================== End of log ============================

 



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 10 June 2015 - 06:24 PM

is there a way to tell what change the dll ?

Do you mean how this dll was lost? I have no idea. And I don't know of a way to tell for sure restrospectively.

The logs look good. Is everything running smoothly now?

#9 Mellow Out

Mellow Out
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 11 June 2015 - 11:12 AM

Yes everything seems good sorry for the delay thank you very much for all your help its Very VERY appreciated! Might I ask how you knew what to change as I would like to learn how to do this on my own ?



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 11 June 2015 - 04:12 PM

You're welcome.
Well in this case I knew that this missing dll causes a no-booter because I've seen it before. So we had to search for a replacement and insert it.
I cannot give a simple answer how to solve such problems in general. It's about doing research on the internet and some hands-on testing to get some experience over time.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 11 June 2015 - 04:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users