PDA

View Full Version : Restarting computer, black screen-- virus???


Nightwingsgurl
2014-11-19, 03:37
Hi,

http://forums.spybot.info/showthread.php?71074-Possible-infection-Spybot-can-t-remove&p=457536&highlight=#post457536

Someone here just helped me fix my computer in September, but it's acting up again. :/ I rarely get viruses or anything, so to get two so quickly is discouraging. :( It started running very slowly several days ago, and I finally had to force it to restart when it completely locked up (after infinitely loading tabs and refusing to close them, crashing Flash Player and Adobe, etc.) Then I was using it and it restarted unexpectedly, had me put in my password, and went to a black screen and appeared to shut down, then turned back on to a black screen and had me put in my password, went black for awhile, and had me put it in once more before finally letting me on to run scans and post.

Please note that my hard drive is VERY full, so I may have to delete some things in order to install any requested programs. I cleaned my computer before intending to immediately move everything to an external drive but didn't get the chance to before this potential infection. I'd like to be sure there's nothing lurking before transferring everything.

I'll post the requested logs below. I also included my SpyBot log from the scan I ran last night (though I waited to take action until someone here saw it). Thank you! :)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Imari (administrator) on IMARI-PC on 17-11-2014 23:29:18
Running from C:\Users\Imari\Desktop
Loaded Profile: Imari (Available profiles: Imari)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) D:\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(OpenOffice.org) D:\Program Files (x86)\program\soffice.exe
(OpenOffice.org) D:\Program Files (x86)\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *** <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spotify Web Helper] => C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-18] (Spotify Ltd)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Google Update] => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\MountPoints2: {d0100140-3593-11e1-ae05-806e6f6e6963} - G:\LaunchBOPC1.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files (x86)\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1487551961-3572496284-799048130-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1487551961-3572496284-799048130-1000: @talk.google.com/O1DPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1487551961-3572496284-799048130-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1487551961-3572496284-799048130-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: WOT - C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-10-12]
FF Extension: NoScript - C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-21]
FF Extension: Adblock Plus - C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-11]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (WOT) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-21]
CHR Extension: (Google Wallet) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-31] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-02] () [File not signed]
U3 aeru1zqv; C:\Windows\System32\Drivers\aeru1zqv.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 23:29 - 2014-11-17 23:29 - 00034073 _____ () C:\Users\Imari\Desktop\FRST.txt
2014-11-17 23:27 - 2014-11-17 23:29 - 00000000 ____D () C:\FRST
2014-11-17 23:27 - 2014-11-17 23:27 - 02117120 _____ (Farbar) C:\Users\Imari\Desktop\FRST64.exe
2014-11-15 12:03 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-15 12:03 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-15 12:03 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-15 12:03 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-15 12:03 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-15 12:03 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-15 12:03 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-15 12:03 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-15 12:03 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-15 12:03 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-15 12:03 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-15 12:03 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-15 12:03 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-15 12:03 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-15 12:03 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-15 12:03 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-15 12:03 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-15 12:03 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-15 12:03 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-15 12:03 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-15 12:03 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-15 12:03 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-15 12:03 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-15 12:03 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-15 12:03 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-15 12:03 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-15 12:03 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-15 12:03 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-15 12:03 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-15 12:03 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-15 12:03 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-15 12:03 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-15 12:03 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-15 12:03 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-15 12:03 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-15 12:03 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 12:03 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-15 12:03 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-15 12:03 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-15 12:03 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-15 12:03 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-15 12:03 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-15 12:03 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-15 12:03 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-15 12:03 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-15 12:03 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-15 12:03 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-15 12:03 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-15 12:03 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-15 12:03 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-15 12:03 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-15 12:03 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-15 12:03 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-15 12:03 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-15 12:03 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-15 12:02 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:50 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 19:50 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 19:50 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 19:50 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:50 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:50 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:50 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:50 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:50 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 19:50 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 19:50 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 19:50 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 19:49 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:49 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:49 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:49 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:49 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:49 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:49 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:49 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:49 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:49 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:49 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 19:49 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 19:49 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 19:49 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 19:49 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:49 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:49 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:49 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:49 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:49 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:49 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 19:49 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:49 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:49 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:49 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:49 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:49 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 19:49 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:49 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:49 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 19:49 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:49 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:49 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 19:48 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:48 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-09 15:14 - 2014-11-09 15:17 - 00000104 ____H () C:\Users\Imari\Documents\.~lock.Christmas List - 2014.rtf#

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 23:04 - 2014-02-20 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 22:57 - 2014-07-04 12:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA.job
2014-11-17 22:57 - 2011-04-01 23:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 22:50 - 2012-12-30 15:37 - 02001253 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 22:47 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 22:47 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 22:42 - 2014-01-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-17 22:42 - 2013-11-27 22:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-17 22:41 - 2012-01-15 22:39 - 00000000 ____D () C:\Windows\Minidump
2014-11-17 22:36 - 2012-05-31 12:11 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Dropbox
2014-11-17 22:36 - 2011-12-21 21:49 - 00000000 ___HD () C:\ASUS.DAT
2014-11-17 22:35 - 2011-04-01 23:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 22:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 12:11 - 2009-07-14 00:13 - 00811474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 12:00 - 2012-12-14 17:11 - 00268800 ___SH () C:\Users\Imari\Desktop\Thumbs.db
2014-11-17 11:56 - 2014-07-04 12:12 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core.job
2014-11-17 10:06 - 2011-12-26 03:51 - 00000000 ____D () C:\Users\Imari\AppData\Local\Adobe
2014-11-16 14:56 - 2011-12-21 21:49 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-15 12:14 - 2009-07-13 23:45 - 04914096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 12:11 - 2014-05-09 06:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 11:52 - 2014-07-04 12:12 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA
2014-11-15 11:52 - 2014-07-04 12:12 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core
2014-11-15 11:52 - 2011-04-01 23:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 11:51 - 2011-04-01 23:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-11 19:31 - 2011-12-22 01:44 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Mozilla
2014-11-02 17:39 - 2014-09-17 22:07 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-31 19:53 - 2011-12-22 19:40 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Skype
2014-10-30 06:25 - 2011-12-22 22:17 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 19:41

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Imari at 2014-11-17 23:30:07
Running from C:\Users\Imari\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
American Conquest (HKLM-x32\...\American Conquest) (Version: - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Breath of Death VII (HKLM-x32\...\Steam App 107300) (Version: - Zeboyd Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dead Pixels (HKLM-x32\...\Steam App 222980) (Version: - CSR-Studios)
Dropbox (HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Dropbox) (Version: 1.6.18 - Dropbox, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
Empire XP 2.0 (HKLM-x32\...\Empire XP) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)
Flixster Collections (HKLM-x32\...\FlixsterCollections) (Version: 1.0.76 - Warner Bros. Entertainment Inc.)
Flixster Collections (x32 Version: 1.0.76 - Warner Bros. Entertainment Inc.) Hidden
Free YouTube Downloader 3.5.128 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerķa de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version: - Big Huge Games)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
Medal of Honor Pacific Assault(tm) (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Musicnotes Player V1.32.2 and Viewer V1.19.0 (HKLM-x32\...\Musicnotes Player_is1) (Version: 1.32.2 - Musicnotes Inc.)
Nancy Drew: Secret of the Old Clock (HKLM-x32\...\{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}) (Version: - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.00.0000 - ETS)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6410 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Secret Diaries - Florence Ashford (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119551583}) (Version: - Oberon Media)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version: - Firaxis Games)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Spotify (HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
Star Wars JK II Jedi Outcast (HKLM-x32\...\{8681B1E6-CD96-46EF-9065-CE0D1085ED99}) (Version: 1.0 - LucasArts)
Star Wars Knights of the Old Republic (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05643566-D668-46B0-84D5-6E454D94DEF1} - System32\Tasks\{5C10F0CF-7951-4D68-A23A-91365FF0AA61} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {1B202343-13AE-4831-83DA-D863445C66F2} - System32\Tasks\{D2FB566D-B54F-4665-BB4A-196084FD7085} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {3AE14C96-0DF2-4551-AFB9-9CE844ACCD3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {3BD33BC4-8DF3-4E04-9A86-26ACC61B8A05} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {3C87CF44-6DBA-4D32-9669-AA9A646169CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {48E735B9-4F4E-4D70-B597-8B1CDF7D7A0E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {4EE00FD4-7340-45E7-B055-1986A5016283} - System32\Tasks\My Tasks\Alarm Clock => C:\Users\Imari\Music\iTunes\iTunes Media\Music\Caitlin\Amaranth - www.Caitlin.co.za.mp3 (http://www.Caitlin.co.za.mp3)
Task: {58B0FFB0-7E1F-430E-A7BC-E91F000CEBBB} - System32\Tasks\{0AE133F9-37B0-4132-A343-4FA1E9BB6D48} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {654D4252-8E4E-42BD-B107-1B4CAAE5C04F} - System32\Tasks\{0951F487-AF6F-4E1E-82D9-CE915E64041D} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {919A2ED6-5FE6-4359-B3EB-D46EF19DC930} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {99306B57-43D3-4A49-82BD-40C234966184} - System32\Tasks\AdobeAAMUpdater-1.0-Imari-PC-Imari => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {A2065CBB-A60F-448E-8FF4-ED04BAA0FBD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A6DE9897-744E-42C4-8519-D30C497F481A} - System32\Tasks\{4431F210-AB79-4203-9C2B-6E865F9608CC} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {B1472956-C5B8-4905-AC6F-CCF0F8411E78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {BFCFAC4F-9E5C-44D1-9CCF-350DB4208038} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {C1700A89-D6DD-445C-9278-8CAC6D99F2B2} - System32\Tasks\{5EF26686-DD43-48BC-B6D5-A545D28310C2} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {C285FA5F-6F81-4E27-89C0-3ECEDA6E6494} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C725B969-5F69-4433-8826-DCC4A3CEF2FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {CE83E647-2830-4B51-8386-086DED2B1EDF} - System32\Tasks\{D64BB8E3-8935-48F2-B8DD-D9DDA8AE65B9} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {D72B3553-2C95-462F-AB8E-D9B1562CC5AA} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)
Task: {DCE419E2-2962-4F27-9B74-98D18DD70517} - System32\Tasks\{1F8BC911-AC2A-4D70-B467-0A5C895BD426} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {DF545365-BB08-470E-B31A-0A5AED7274CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {E8B69708-F04B-4565-815E-C12AA8DE8A57} - System32\Tasks\{18944E43-7C24-488C-BCCE-D88C0EA3C0AF} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {EF14BB98-1ADF-4719-B3B6-E313BFA740FA} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core.job => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA.job => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-03-01 21:08 - 2009-03-01 21:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.PropSheetExtensionHelper_x64.dll
2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-07-19 23:42 - 2011-04-09 21:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-23 18:53 - 2010-09-23 18:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-30 13:48 - 2011-05-30 13:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-08-31 15:33 - 2011-08-31 15:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2014-01-02 22:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-02 22:27 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-02 22:27 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-02 22:27 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-02 22:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-11-02 16:20 - 2009-11-02 16:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 16:23 - 2009-11-02 16:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2011-01-17 16:19 - 2012-01-06 19:08 - 00985088 _____ () D:\Program Files (x86)\program\libxml2.dll
2011-01-18 15:21 - 2011-01-18 15:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2014-10-28 17:14 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 17:14 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 17:14 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 17:14 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:E4A4BAB8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-1487551961-3572496284-799048130-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1487551961-3572496284-799048130-1004 - Limited - Enabled)
Guest (S-1-5-21-1487551961-3572496284-799048130-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1487551961-3572496284-799048130-1002 - Limited - Enabled)
Imari (S-1-5-21-1487551961-3572496284-799048130-1000 - Administrator - Enabled) => C:\Users\Imari

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 09:44:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10425063

Error: (11/17/2014 09:44:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10425063

Error: (11/17/2014 09:44:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 09:44:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10424065

Error: (11/17/2014 09:44:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10424065

Error: (11/17/2014 09:44:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 06:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23307

Error: (11/17/2014 06:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23307

Error: (11/17/2014 06:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 06:50:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22308


System errors:
=============
Error: (11/17/2014 10:35:40 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88003e249f2, 0xfffff8800474da18, 0xfffff8800474d270)C:\Windows\MEMORY.DMP111714-196639-01

Error: (11/17/2014 10:33:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:20:08 PM on ‎11/‎17/‎2014 was unexpected.

Error: (11/17/2014 09:58:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.189.44.0).

Error: (11/17/2014 09:58:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.187.2339.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/17/2014 00:05:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/17/2014 00:05:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/17/2014 00:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (11/17/2014 00:05:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (11/17/2014 00:04:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/17/2014 00:04:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.


Microsoft Office Sessions:
=========================
Error: (11/17/2014 09:44:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10425063

Error: (11/17/2014 09:44:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10425063

Error: (11/17/2014 09:44:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 09:44:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10424065

Error: (11/17/2014 09:44:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10424065

Error: (11/17/2014 09:44:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 06:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23307

Error: (11/17/2014 06:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23307

Error: (11/17/2014 06:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 06:50:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22308


CodeIntegrity Errors:
===================================
Date: 2013-04-29 14:01:12.514
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:01:12.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:01:14.535
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:01:14.422
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:45.672
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:45.500
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:15.753
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:15.630
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:12.894
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:12.711
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 48%
Total physical RAM: 4000.13 MB
Available physical RAM: 2050.16 MB
Total Pagefile: 7223.36 MB
Available Pagefile: 4943.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:0.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:1.32 GB) NTFS
Drive e: ( 2014 Academy) (CDROM) (Total:4.38 GB) (Free:4.24 GB) UDF
Drive f: (CANON_DC) (Removable) (Total:1.89 GB) (Free:1.6 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================




aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-17 23:32:53
-----------------------------
23:32:53.718 OS Version: Windows x64 6.1.7601 Service Pack 1
23:32:53.718 Number of processors: 2 586 0x2A07
23:32:53.718 ComputerName: IMARI-PC UserName: Imari
23:32:54.763 Initialize success
23:32:54.841 VM: initialized successfully
23:32:54.841 VM: Intel CPU virtualization not supported
21:20:07.081 The log file has been saved successfully to "C:\Users\Imari\Desktop\aswMBR.txt"




Search results from Spybot - Search & Destroy

11/17/2014 11:21:41 PM
Scan took 00:33:22.
14 items found.

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cache: [SBI $49804B54] Browser: Cache (2) (Browser: Cache, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-09 spybotsd2-translation-nlx.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2014-01-02 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-11-11 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-11-05 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-11-12 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-11-14 Includes\Spyware-001.sbi (*)
2014-10-29 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-11-11 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
OCD
2014-11-19, 18:18
Hi Nightwingsgurl,

Welcome back, I was previously helping you. It is important that you stay with the thread until we have completed the malware removal process.

After reviewing the logs you provided, there doesn't appear to be any malware present. With that in mind you need to address the "full" hard drive issue before we can proceed.


It started running very slowly several days ago, and I finally had to force it to restart when it completely locked up (after infinitely loading tabs and refusing to close them, crashing Flash Player and Adobe, etc.) Then I was using it and it restarted unexpectedly, had me put in my password, and went to a black screen and appeared to shut down, then turned back on to a black screen and had me put in my password, went black for awhile, and had me put it in once more before finally letting me on to run scans and post.

Please note that my hard drive is VERY full, so I may have to delete some things in order to install any requested programs. I cleaned my computer before intending to immediately move everything to an external drive but didn't get the chance to before this potential infection. I'd like to be sure there's nothing lurking before transferring everything.
Unfortunately, some of the sluggish issues is probably related to the lack of free space on your primary hard drive. I understand you reluctance to move files before confirming that they are not infected, but you may have no choice but to free up some space on the primary drive in order to proceed. It is suggested that you have at least 20% free space on your hard drive to assist it in running smoothly.

=========================

Please move some files off your primary drive, and carry out the steps below. Then test the performance of the computer and report back.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "chkdsk /r" (make note of the space between chkdsk and /)

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) To view results log:

Open the Start Menu, and type eventvwr.msc in the search box and press enter.
If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
Copy and paste Chkdsk into the line, and click on Find Next.
You will now see the system log for the scan results of Check Disk (chkdsk).
In the right had menu select copy, open notepad and paste the chkdsk results into notepad
Post in your next reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) System File Checker (SFC)

Click on the Start button and in the Search programs and files box type the following:


command


Don't press Enter, just let the search results populate above.
In the search results, locate the Programs section.
Locate the Command Prompt shortcut and right-click on it.
Select Run as administrator.
Click Yes on the User Account Control window that appears.
Important: If you see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 (http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=8&f=11&su=p284.13.342.ip_p504.6.342.ip_&tt=2&bt=0&bts=0&zu=http%3A//windows.microsoft.com/en-us/windows7/turn-user-account-control-on-or-off) for more information.
An elevated Command Prompt window will appear.


Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter


Let the check run to completion. DO NOT reboot the PC or close the cmd window.
Copy & Paste the following command at the Command Prompt and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
Copy and Paste the contents of the file into your next post.
After the scan runs type exit to close the command prompt window

=========================


Download ListParts (http://www.bleepingcomputer.com/download/listparts/dl/77/) to your Desktop.


Right click ListParts.exe select "Run as Administrator" to launch the program.
Press the Scan button.
When finished scanning it will make a log Result.txt on your Desktop.
Please post me the contents of the log.

=========================

In your next post please provide the following:

chkdsk results
sfcdetails.txt
Result.txt
Any change in performance?
Nightwingsgurl
2014-11-23, 02:10
I just wanted to make sure this thread doesn't close and let you know that I'm still working on this. I'll try to post back with the results later tonight or tomorrow. Thank you!
OCD
2014-11-23, 03:23
:bigthumb:
Nightwingsgurl
2014-11-25, 06:34
Hi Nightwingsgurl,

Welcome back, I was previously helping you. It is important that you stay with the thread until we have completed the malware removal process.

After reviewing the logs you provided, there doesn't appear to be any malware present. With that in mind you need to address the "full" hard drive issue before we can proceed.


Unfortunately, some of the sluggish issues is probably related to the lack of free space on your primary hard drive. I understand you reluctance to move files before confirming that they are not infected, but you may have no choice but to free up some space on the primary drive in order to proceed. It is suggested that you have at least 20% free space on your hard drive to assist it in running smoothly.

I went from having a few MB free (it was bad) to having 25 GB of 119 GB free on C, and 34.5 GB of 153 GB free on D. I'm still in the process of The Great Migration, but I have a lot of files that are taking awhile. I deleted some games, and that helped some. Many of my other files are larger games that have active saves (i.e, Skyrim) and take up a good deal of space.



In your next post please provide the following:

chkdsk results
sfcdetails.txt
Result.txt
Any change in performance?




I couldn't get chkdsk to work. It kept complaining about a full or busy volume, even though I wasn't really running anything besides Chrome and Add/Remove Programs (which I closed to try again).




2014-11-24 23:49:26, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:26, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:28, Info CSI 0000000c [SR] Verify complete
2014-11-24 23:49:28, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:28, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:30, Info CSI 00000010 [SR] Verify complete
2014-11-24 23:49:30, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:30, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:32, Info CSI 00000014 [SR] Verify complete
2014-11-24 23:49:33, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:33, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:34, Info CSI 00000018 [SR] Verify complete
2014-11-24 23:49:35, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:35, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:36, Info CSI 0000001c [SR] Verify complete
2014-11-24 23:49:37, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:37, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:39, Info CSI 00000020 [SR] Verify complete
2014-11-24 23:49:39, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:39, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:41, Info CSI 00000024 [SR] Verify complete
2014-11-24 23:49:42, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:42, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:43, Info CSI 00000028 [SR] Verify complete
2014-11-24 23:49:44, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:44, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:46, Info CSI 0000002c [SR] Verify complete
2014-11-24 23:49:46, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:46, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:48, Info CSI 00000030 [SR] Verify complete
2014-11-24 23:49:48, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:48, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:50, Info CSI 00000034 [SR] Verify complete
2014-11-24 23:49:50, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:50, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:53, Info CSI 00000038 [SR] Verify complete
2014-11-24 23:49:54, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:54, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:57, Info CSI 0000003c [SR] Verify complete
2014-11-24 23:49:57, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:49:57, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-11-24 23:49:59, Info CSI 00000040 [SR] Verify complete
2014-11-24 23:50:00, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:00, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:01, Info CSI 00000044 [SR] Verify complete
2014-11-24 23:50:02, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:02, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:04, Info CSI 00000048 [SR] Verify complete
2014-11-24 23:50:04, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:04, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:06, Info CSI 0000004c [SR] Verify complete
2014-11-24 23:50:06, Info CSI 0000004d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:06, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:09, Info CSI 00000050 [SR] Verify complete
2014-11-24 23:50:09, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:09, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:14, Info CSI 00000054 [SR] Verify complete
2014-11-24 23:50:14, Info CSI 00000055 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:14, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:16, Info CSI 00000058 [SR] Verify complete
2014-11-24 23:50:16, Info CSI 00000059 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:16, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:18, Info CSI 0000005c [SR] Verify complete
2014-11-24 23:50:18, Info CSI 0000005d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:18, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:24, Info CSI 00000061 [SR] Verify complete
2014-11-24 23:50:24, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:24, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:30, Info CSI 00000068 [SR] Verify complete
2014-11-24 23:50:30, Info CSI 00000069 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:30, Info CSI 0000006a [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:34, Info CSI 0000006d [SR] Verify complete
2014-11-24 23:50:34, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:34, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:38, Info CSI 00000071 [SR] Verify complete
2014-11-24 23:50:38, Info CSI 00000072 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:38, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:44, Info CSI 0000007f [SR] Verify complete
2014-11-24 23:50:44, Info CSI 00000080 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:44, Info CSI 00000081 [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:50, Info CSI 0000009c [SR] Verify complete
2014-11-24 23:50:51, Info CSI 0000009d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:51, Info CSI 0000009e [SR] Beginning Verify and Repair transaction
2014-11-24 23:50:56, Info CSI 000000a0 [SR] Verify complete
2014-11-24 23:50:56, Info CSI 000000a1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:50:56, Info CSI 000000a2 [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:01, Info CSI 000000a4 [SR] Verify complete
2014-11-24 23:51:01, Info CSI 000000a5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:01, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:06, Info CSI 000000a8 [SR] Verify complete
2014-11-24 23:51:06, Info CSI 000000a9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:06, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:11, Info CSI 000000ac [SR] Verify complete
2014-11-24 23:51:11, Info CSI 000000ad [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:11, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:16, Info CSI 000000b0 [SR] Verify complete
2014-11-24 23:51:16, Info CSI 000000b1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:16, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:24, Info CSI 000000b6 [SR] Verify complete
2014-11-24 23:51:24, Info CSI 000000b7 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:24, Info CSI 000000b8 [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:32, Info CSI 000000d9 [SR] Verify complete
2014-11-24 23:51:32, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:32, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:43, Info CSI 000000dd [SR] Verify complete
2014-11-24 23:51:44, Info CSI 000000de [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:44, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:54, Info CSI 000000e3 [SR] Verify complete
2014-11-24 23:51:54, Info CSI 000000e4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:54, Info CSI 000000e5 [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:56, Info CSI 000000e7 [SR] Verify complete
2014-11-24 23:51:56, Info CSI 000000e8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:56, Info CSI 000000e9 [SR] Beginning Verify and Repair transaction
2014-11-24 23:51:57, Info CSI 000000eb [SR] Verify complete
2014-11-24 23:51:57, Info CSI 000000ec [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:51:57, Info CSI 000000ed [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:00, Info CSI 000000ef [SR] Verify complete
2014-11-24 23:52:00, Info CSI 000000f0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:00, Info CSI 000000f1 [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:09, Info CSI 00000104 [SR] Verify complete
2014-11-24 23:52:09, Info CSI 00000105 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:09, Info CSI 00000106 [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:12, Info CSI 00000108 [SR] Verify complete
2014-11-24 23:52:12, Info CSI 00000109 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:12, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:14, Info CSI 0000010c [SR] Cannot repair member file [l:22{11}]"PINTLGB.IMD" of Microsoft-Windows-IME-Simplified-Chinese-Core, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-24 23:52:15, Info CSI 0000010e [SR] Cannot repair member file [l:22{11}]"PINTLGB.IMD" of Microsoft-Windows-IME-Simplified-Chinese-Core, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-24 23:52:15, Info CSI 0000010f [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2014-11-24 23:52:15, Info CSI 00000112 [SR] Could not reproject corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\IME\IMESC5\DICTS"\[l:22{11}]"PINTLGB.IMD"; source file in store is also corrupted
2014-11-24 23:52:16, Info CSI 00000114 [SR] Verify complete
2014-11-24 23:52:16, Info CSI 00000115 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:16, Info CSI 00000116 [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:19, Info CSI 00000118 [SR] Verify complete
2014-11-24 23:52:19, Info CSI 00000119 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:19, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:25, Info CSI 0000011d [SR] Verify complete
2014-11-24 23:52:26, Info CSI 0000011e [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:26, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:38, Info CSI 00000122 [SR] Verify complete
2014-11-24 23:52:38, Info CSI 00000123 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:38, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:41, Info CSI 00000126 [SR] Verify complete
2014-11-24 23:52:42, Info CSI 00000127 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:42, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:44, Info CSI 0000012a [SR] Verify complete
2014-11-24 23:52:44, Info CSI 0000012b [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:44, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:53, Info CSI 0000012e [SR] Verify complete
2014-11-24 23:52:53, Info CSI 0000012f [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:53, Info CSI 00000130 [SR] Beginning Verify and Repair transaction
2014-11-24 23:52:59, Info CSI 00000132 [SR] Verify complete
2014-11-24 23:52:59, Info CSI 00000133 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:52:59, Info CSI 00000134 [SR] Beginning Verify and Repair transaction
2014-11-24 23:53:06, Info CSI 00000136 [SR] Verify complete
2014-11-24 23:53:06, Info CSI 00000137 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:53:06, Info CSI 00000138 [SR] Beginning Verify and Repair transaction
2014-11-24 23:53:15, Info CSI 00000150 [SR] Verify complete
2014-11-24 23:53:15, Info CSI 00000151 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:53:15, Info CSI 00000152 [SR] Beginning Verify and Repair transaction
2014-11-24 23:53:21, Info CSI 00000154 [SR] Verify complete
2014-11-24 23:53:21, Info CSI 00000155 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:53:21, Info CSI 00000156 [SR] Beginning Verify and Repair transaction
2014-11-24 23:53:36, Info CSI 00000158 [SR] Verify complete
2014-11-24 23:53:36, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:53:36, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2014-11-24 23:53:49, Info CSI 0000015d [SR] Verify complete
2014-11-24 23:53:49, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:53:49, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2014-11-24 23:53:56, Info CSI 00000161 [SR] Verify complete
2014-11-24 23:53:56, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:53:56, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:02, Info CSI 00000165 [SR] Verify complete
2014-11-24 23:54:02, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:02, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:08, Info CSI 00000169 [SR] Verify complete
2014-11-24 23:54:08, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:08, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:12, Info CSI 0000016f [SR] Verify complete
2014-11-24 23:54:13, Info CSI 00000170 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:13, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:17, Info CSI 00000173 [SR] Verify complete
2014-11-24 23:54:18, Info CSI 00000174 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:18, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:32, Info CSI 00000177 [SR] Verify complete
2014-11-24 23:54:32, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:32, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:39, Info CSI 0000017c [SR] Verify complete
2014-11-24 23:54:39, Info CSI 0000017d [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:39, Info CSI 0000017e [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:44, Info CSI 00000180 [SR] Verify complete
2014-11-24 23:54:44, Info CSI 00000181 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:44, Info CSI 00000182 [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:49, Info CSI 00000185 [SR] Verify complete
2014-11-24 23:54:50, Info CSI 00000186 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:50, Info CSI 00000187 [SR] Beginning Verify and Repair transaction
2014-11-24 23:54:59, Info CSI 0000018a [SR] Verify complete
2014-11-24 23:54:59, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:54:59, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:04, Info CSI 0000018e [SR] Verify complete
2014-11-24 23:55:04, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:04, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:09, Info CSI 00000192 [SR] Verify complete
2014-11-24 23:55:10, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:10, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:14, Info CSI 00000196 [SR] Verify complete
2014-11-24 23:55:15, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:15, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:22, Info CSI 0000019b [SR] Verify complete
2014-11-24 23:55:23, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:23, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:26, Info CSI 0000019f [SR] Verify complete
2014-11-24 23:55:27, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:27, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:31, Info CSI 000001a3 [SR] Verify complete
2014-11-24 23:55:31, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:31, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:37, Info CSI 000001a8 [SR] Verify complete
2014-11-24 23:55:38, Info CSI 000001a9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:38, Info CSI 000001aa [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:43, Info CSI 000001ae [SR] Verify complete
2014-11-24 23:55:44, Info CSI 000001af [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:44, Info CSI 000001b0 [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:50, Info CSI 000001b2 [SR] Verify complete
2014-11-24 23:55:51, Info CSI 000001b3 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:51, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2014-11-24 23:55:58, Info CSI 000001b7 [SR] Verify complete
2014-11-24 23:55:58, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:55:58, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:05, Info CSI 000001bb [SR] Verify complete
2014-11-24 23:56:05, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:05, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:07, Info CSI 000001bf [SR] Verify complete
2014-11-24 23:56:07, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:07, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:11, Info CSI 000001c3 [SR] Verify complete
2014-11-24 23:56:12, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:12, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:16, Info CSI 000001c7 [SR] Verify complete
2014-11-24 23:56:16, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:16, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:22, Info CSI 000001cb [SR] Verify complete
2014-11-24 23:56:23, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:23, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:26, Info CSI 000001cf [SR] Verify complete
2014-11-24 23:56:26, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:26, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:30, Info CSI 000001d3 [SR] Verify complete
2014-11-24 23:56:30, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:30, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2014-11-24 23:56:43, Info CSI 000001d7 [SR] Verify complete
2014-11-24 23:56:44, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:56:44, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:13, Info CSI 000001db [SR] Verify complete
2014-11-24 23:57:13, Info CSI 000001dc [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:13, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:20, Info CSI 000001df [SR] Verify complete
2014-11-24 23:57:20, Info CSI 000001e0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:20, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:26, Info CSI 000001e3 [SR] Verify complete
2014-11-24 23:57:26, Info CSI 000001e4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:26, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:27, Info CSI 000001e7 [SR] Verify complete
2014-11-24 23:57:27, Info CSI 000001e8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:27, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:31, Info CSI 000001eb [SR] Verify complete
2014-11-24 23:57:31, Info CSI 000001ec [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:31, Info CSI 000001ed [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:36, Info CSI 000001ef [SR] Verify complete
2014-11-24 23:57:37, Info CSI 000001f0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:37, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:39, Info CSI 000001f3 [SR] Verify complete
2014-11-24 23:57:40, Info CSI 000001f4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:40, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:41, Info CSI 000001f7 [SR] Verify complete
2014-11-24 23:57:41, Info CSI 000001f8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:41, Info CSI 000001f9 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:45, Info CSI 00000201 [SR] Verify complete
2014-11-24 23:57:46, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:46, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:49, Info CSI 00000205 [SR] Verify complete
2014-11-24 23:57:50, Info CSI 00000206 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:50, Info CSI 00000207 [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:52, Info CSI 00000209 [SR] Verify complete
2014-11-24 23:57:52, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:52, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2014-11-24 23:57:56, Info CSI 0000020d [SR] Verify complete
2014-11-24 23:57:56, Info CSI 0000020e [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:57:56, Info CSI 0000020f [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:01, Info CSI 00000211 [SR] Verify complete
2014-11-24 23:58:02, Info CSI 00000212 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:02, Info CSI 00000213 [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:08, Info CSI 00000216 [SR] Verify complete
2014-11-24 23:58:08, Info CSI 00000217 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:08, Info CSI 00000218 [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:12, Info CSI 0000021a [SR] Verify complete
2014-11-24 23:58:12, Info CSI 0000021b [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:12, Info CSI 0000021c [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:14, Info CSI 0000021e [SR] Verify complete
2014-11-24 23:58:14, Info CSI 0000021f [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:14, Info CSI 00000220 [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:22, Info CSI 00000223 [SR] Verify complete
2014-11-24 23:58:22, Info CSI 00000224 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:22, Info CSI 00000225 [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:33, Info CSI 00000229 [SR] Verify complete
2014-11-24 23:58:33, Info CSI 0000022a [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:33, Info CSI 0000022b [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:39, Info CSI 00000230 [SR] Verify complete
2014-11-24 23:58:40, Info CSI 00000231 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:40, Info CSI 00000232 [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:46, Info CSI 0000023a [SR] Verify complete
2014-11-24 23:58:46, Info CSI 0000023b [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:46, Info CSI 0000023c [SR] Beginning Verify and Repair transaction
2014-11-24 23:58:54, Info CSI 00000243 [SR] Verify complete
2014-11-24 23:58:54, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:58:54, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:00, Info CSI 0000024a [SR] Verify complete
2014-11-24 23:59:00, Info CSI 0000024b [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:00, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:04, Info CSI 00000250 [SR] Verify complete
2014-11-24 23:59:05, Info CSI 00000251 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:05, Info CSI 00000252 [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:09, Info CSI 00000254 [SR] Verify complete
2014-11-24 23:59:09, Info CSI 00000255 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:09, Info CSI 00000256 [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:16, Info CSI 0000027b [SR] Verify complete
2014-11-24 23:59:16, Info CSI 0000027c [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:16, Info CSI 0000027d [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:21, Info CSI 0000027f [SR] Verify complete
2014-11-24 23:59:21, Info CSI 00000280 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:21, Info CSI 00000281 [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:25, Info CSI 00000283 [SR] Verify complete
2014-11-24 23:59:25, Info CSI 00000284 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:25, Info CSI 00000285 [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:30, Info CSI 00000287 [SR] Verify complete
2014-11-24 23:59:31, Info CSI 00000288 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:31, Info CSI 00000289 [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:35, Info CSI 00000296 [SR] Verify complete
2014-11-24 23:59:35, Info CSI 00000297 [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:35, Info CSI 00000298 [SR] Beginning Verify and Repair transaction
2014-11-24 23:59:47, Info CSI 0000029b [SR] Verify complete
2014-11-24 23:59:48, Info CSI 0000029c [SR] Verifying 100 (0x0000000000000064) components
2014-11-24 23:59:48, Info CSI 0000029d [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:00, Info CSI 000002a7 [SR] Verify complete
2014-11-25 00:00:01, Info CSI 000002a8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:01, Info CSI 000002a9 [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:04, Info CSI 000002af [SR] Verify complete
2014-11-25 00:00:05, Info CSI 000002b0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:05, Info CSI 000002b1 [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:11, Info CSI 000002b3 [SR] Verify complete
2014-11-25 00:00:12, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:12, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:21, Info CSI 000002b8 [SR] Verify complete
2014-11-25 00:00:21, Info CSI 000002b9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:21, Info CSI 000002ba [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:23, Info CSI 000002bc [SR] Verify complete
2014-11-25 00:00:23, Info CSI 000002bd [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:23, Info CSI 000002be [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:31, Info CSI 000002c0 [SR] Verify complete
2014-11-25 00:00:31, Info CSI 000002c1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:31, Info CSI 000002c2 [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:37, Info CSI 000002c4 [SR] Verify complete
2014-11-25 00:00:37, Info CSI 000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:37, Info CSI 000002c6 [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:42, Info CSI 000002c8 [SR] Verify complete
2014-11-25 00:00:42, Info CSI 000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:42, Info CSI 000002ca [SR] Beginning Verify and Repair transaction
2014-11-25 00:00:50, Info CSI 000002e4 [SR] Verify complete
2014-11-25 00:00:51, Info CSI 000002e5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:00:51, Info CSI 000002e6 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:07, Info CSI 000002e8 [SR] Verify complete
2014-11-25 00:01:07, Info CSI 000002e9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:07, Info CSI 000002ea [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:12, Info CSI 000002ec [SR] Verify complete
2014-11-25 00:01:12, Info CSI 000002ed [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:12, Info CSI 000002ee [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:16, Info CSI 000002f0 [SR] Verify complete
2014-11-25 00:01:17, Info CSI 000002f1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:17, Info CSI 000002f2 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:20, Info CSI 000002f6 [SR] Verify complete
2014-11-25 00:01:20, Info CSI 000002f7 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:20, Info CSI 000002f8 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:25, Info CSI 000002fa [SR] Verify complete
2014-11-25 00:01:25, Info CSI 000002fb [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:25, Info CSI 000002fc [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:30, Info CSI 000002fe [SR] Verify complete
2014-11-25 00:01:30, Info CSI 000002ff [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:30, Info CSI 00000300 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:34, Info CSI 00000302 [SR] Verify complete
2014-11-25 00:01:34, Info CSI 00000303 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:34, Info CSI 00000304 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:39, Info CSI 00000307 [SR] Verify complete
2014-11-25 00:01:39, Info CSI 00000308 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:39, Info CSI 00000309 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:43, Info CSI 0000030b [SR] Verify complete
2014-11-25 00:01:43, Info CSI 0000030c [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:43, Info CSI 0000030d [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:47, Info CSI 0000030f [SR] Verify complete
2014-11-25 00:01:48, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:48, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:52, Info CSI 00000313 [SR] Verify complete
2014-11-25 00:01:53, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:53, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2014-11-25 00:01:58, Info CSI 00000318 [SR] Verify complete
2014-11-25 00:01:58, Info CSI 00000319 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:01:58, Info CSI 0000031a [SR] Beginning Verify and Repair transaction
2014-11-25 00:02:02, Info CSI 0000031c [SR] Verify complete
2014-11-25 00:02:03, Info CSI 0000031d [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:02:03, Info CSI 0000031e [SR] Beginning Verify and Repair transaction
2014-11-25 00:02:08, Info CSI 00000320 [SR] Verify complete
2014-11-25 00:02:08, Info CSI 00000321 [SR] Verifying 100 (0x0000000000000064) components
2014-11-25 00:02:08, Info CSI 00000322 [SR] Beginning Verify and Repair transaction
2014-11-25 00:02:13, Info CSI 00000324 [SR] Verify complete
2014-11-25 00:02:13, Info CSI 00000325 [SR] Verifying 78 (0x000000000000004e) components
2014-11-25 00:02:13, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2014-11-25 00:02:16, Info CSI 00000328 [SR] Verify complete
2014-11-25 00:02:16, Info CSI 00000329 [SR] Repairing 1 components
2014-11-25 00:02:16, Info CSI 0000032a [SR] Beginning Verify and Repair transaction
2014-11-25 00:02:16, Info CSI 0000032c [SR] Cannot repair member file [l:22{11}]"PINTLGB.IMD" of Microsoft-Windows-IME-Simplified-Chinese-Core, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-25 00:02:17, Info CSI 0000032e [SR] Cannot repair member file [l:22{11}]"PINTLGB.IMD" of Microsoft-Windows-IME-Simplified-Chinese-Core, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-25 00:02:17, Info CSI 0000032f [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2014-11-25 00:02:17, Info CSI 00000332 [SR] Could not reproject corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\IME\IMESC5\DICTS"\[l:22{11}]"PINTLGB.IMD"; source file in store is also corrupted
2014-11-25 00:02:17, Info CSI 00000334 [SR] Repair complete
2014-11-25 00:02:17, Info CSI 00000335 [SR] Committing transaction
2014-11-25 00:02:17, Info CSI 00000339 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired




ListParts by Farbar Version: 31-07-2014
Ran by Imari (administrator) on 25-11-2014 at 00:24:00
Windows 7 (X64)
Running From: C:\Users\Imari\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 70%
Total physical RAM: 4000.13 MB
Available physical RAM: 1169.28 MB
Total Pagefile: 7998.43 MB
Available Pagefile: 4607.84 MB
Total Virtual: 4095.88 MB
Available Virtual: 4007.09 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:25.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:34.56 GB) NTFS
3 Drive e: ( 2014 Academy) (CDROM) (Total:4.38 GB) (Free:4.24 GB) UDF
4 Drive f: (CANON_DC) (Removable) (Total:1.89 GB) (Free:1.6 GB) FAT
6 Drive h: (My Book) (Fixed) (Total:1862.98 GB) (Free:1701.37 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1862 GB 0 B
Disk 2 Online 1938 MB 0 B

Partitions of Disk 0:
===============

Disk ID: AA9693FE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 119 GB 25 GB
Partition 0 Extended 153 GB 144 GB
Partition 3 Logical 153 GB 144 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 119 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 153 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 00021365

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1862 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H My Book NTFS Partition 1862 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1938 MB 124 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F CANON_DC FAT Removable 1938 MB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: AA9693FE
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=154 GB) - (Type=OF Extended)

==============================
Partitions of Disk 1:
===============
Disk ID: 00021365
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 2:
===============
Disk ID: 00000000

Partition: GPT Partition Type.


****** End Of Log ******




I haven't really noticed a change. It may be running a bit faster, but I'm not sure.
OCD
2014-11-25, 07:22
Hi Nightwingsgurl,

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Tweaking.com Windows Repair from here (http://www.bleepingcomputer.com/download/windows-repair-all-in-one/) or here (http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe) and save it to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
You will be completing Step 1, 3 only.

Complete Step 1, Proper Power Reset

http://i1269.photobucket.com/albums/jj590/OCD-WTT/Tweeking/TweekingcomStep1_zpsea428f60.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Tweeking/TweekingcomStep1_zpsea428f60.gif.html)

Step 3: Optional

Select "See if Check Disk Is Needed" (1)
If no errors are found under "View Log" (2) the post back those results
If "Check Disk" is needed, select the "Do It" (3) button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/Tweeking/TweakingStep3chkdsk_zpsc9039974.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Tweeking/TweakingStep3chkdsk_zpsc9039974.gif.html)

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot & Test
Nightwingsgurl
2014-11-27, 01:48
I downloaded it, then dragged it to my Desktop. I ran it as an administrator and it started to install, then said there was a sharing violation and stopped. There are new icons on my desktop now, and when I tried the original Tweaking icon again as an administrator, I got another error message saying something's missing.

11871
OCD
2014-11-27, 04:46
Hi Nightwingsgurl,

Delete the copy of Tweaking.com Windows Repair you previously downloaded.


I downloaded it, then dragged it to my Desktop.
Download a fresh copy and save it directly to your desktop, then try and run it again.
OCD
2014-11-29, 16:28
Hi Nightwingsgurl,

Just checking in to see if you still need help?
Nightwingsgurl
2014-12-01, 03:20
Yes, I'll try this fix tomorrow. Sorry, I've had holiday plans Thursday through this weekend-- it's that time of year! I'll try to post tomorrow after work. Thank you so much for all of your help!
OCD
2014-12-01, 06:51
:bigthumb:
Nightwingsgurl
2014-12-03, 06:03
Forgive my stupid question, but I can't seem to figure out how to get it to download straight to my desktop. Normally if I do that, I right-click on the link, but for this it's just offering a Firefox HTML doc when I try it. If I hit 'download' it immediately goes to my downloads file (I'm in Chrome). I didn't see a way to temporarily change the automatic download location to my desktop. Like I said, I know it's a stupid question, and I apologize... I don't know I'm just too tired or what, but I can't see what to do.

Also, I uninstalled Tweaking and it said it was successful, but I'm still seeing related files (tweaking_tab, etc.) even though I searched in Uninstall Programs, so I don't know what all is left or how it will impact this.
OCD
2014-12-03, 08:48
Hi Nightwingsgurl,

Visit this link to see how to change the location of where you save downloads.

https://support.google.com/chrome/answer/95574?hl=en

The Tweaking uninstall can be addressed when we are cleaning up. But any left-over files shouldn't impact your computer's performance.
Nightwingsgurl
2014-12-07, 03:17
Hi Nightwingsgurl,

Visit this link to see how to change the location of where you save downloads.

https://support.google.com/chrome/answer/95574?hl=en

The Tweaking uninstall can be addressed when we are cleaning up. But any left-over files shouldn't impact your computer's performance.


Great, thank you! I saved it to the Desktop, but installed it on C.....Windows Repair, which was the default option. Also-- I realized that I saved the other programs I ran in the same way-- downloads, then dragged to Desktop. Is there anything you want me to redo?



Here's the log:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Imari\Desktop>CD /D C:\

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (235700 of 261888 file records processed)
261888 file records processed.

File verification completed.
2064 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
43 percent complete. (265005 of 341028 index entries processed)
Index entry CHKDSK.EXE-496676BC.pf in index $I30 of file 6464 is incorrect.
Index entry CHKDSK~1.PF in index $I30 of file 6464 is incorrect.
48 percent complete. (298692 of 341028 index entries processed)
Index entry Local State in index $I30 of file 208971 is incorrect.
Index entry LOCALS~1 in index $I30 of file 208971 is incorrect.
48 percent complete. (300814 of 341028 index entries processed)
341028 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

C:\>



I'm restarting it now. (I wanted to post the log since it said a restart will be required for the fix, and I wasn't sure if I'd get a chance to copy it before it shut down. If I get a new log, I'll post that, too!)
Nightwingsgurl
2014-12-07, 03:36
Okay, it ran the check disk and booted up. I didn't see any logs or anything. Is there anything additional to post?

What do I scan it with? Tweaking again or Spybot?

Thank you!
OCD
2014-12-07, 05:26
Hi Nightwingsgurl,,

We need to re-run chkdsk, this time from the command prompt.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "chkdsk /f" (make note of the space between chkdsk and /)

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) To view results log:

Open the Start Menu, and type eventvwr.msc in the search box and press enter.
If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
Copy and paste Chkdsk into the line, and click on Find Next.
You will now see the system log for the scan results of Check Disk (chkdsk).
In the right had menu select copy, open notepad and paste the chkdsk results into notepad
Post in your next reply.

=========================

In your next post please provide the following:

chkdsk log
How is the computer running at the moment, any symptoms?
Nightwingsgurl
2014-12-09, 14:06
We need to re-run chkdsk, this time from the command prompt.

It says it had an error because the drive was in use. I tried restarting my computer and had the same results.

11923



In your next post please provide the following:

chkdsk log
How is the computer running at the moment, any symptoms?


I followed your instructions, but this log looks like it's from Dec. 6 (which makes sense if the scan couldn't complete).

Log Name: Application
Source: Chkdsk
Date: 12/6/2014 9:13:07 PM
Event ID: 26213
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Imari-PC
Description:
Chkdsk was executed in read-only mode. A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
261888 file records processed.

File verification completed.
2064 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
The file reference 0x9e000000001a5a of index entry CHKDSK.EXE-496676BC.pf of index $I30
with parent 0x1940 is not the same as 0x9d000000001a5a.

Index entry CHKDSK.EXE-496676BC.pf in index $I30 of file 6464 is incorrect.
The file reference 0x9e000000001a5a of index entry CHKDSK~1.PF of index $I30
with parent 0x1940 is not the same as 0x9d000000001a5a.
Index entry CHKDSK~1.PF in index $I30 of file 6464 is incorrect.
The file reference 0x7400000000a61d of index entry Local State of index $I30
with parent 0x3304b is not the same as 0x7300000000a61d.

Index entry Local State in index $I30 of file 208971 is incorrect.
The file reference 0x7400000000a61d of index entry LOCALS~1 of index $I30
with parent 0x3304b is not the same as 0x7300000000a61d.
Index entry LOCALS~1 in index $I30 of file 208971 is incorrect.
341028 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Chkdsk" />
<EventID Qualifiers="0">26213</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-12-07T02:13:07.000000000Z" />
<EventRecordID>59335</EventRecordID>
<Channel>Application</Channel>
<Computer>Imari-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
261888 file records processed.

File verification completed.
2064 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
The file reference 0x9e000000001a5a of index entry CHKDSK.EXE-496676BC.pf of index $I30
with parent 0x1940 is not the same as 0x9d000000001a5a.

Index entry CHKDSK.EXE-496676BC.pf in index $I30 of file 6464 is incorrect.
The file reference 0x9e000000001a5a of index entry CHKDSK~1.PF of index $I30
with parent 0x1940 is not the same as 0x9d000000001a5a.
Index entry CHKDSK~1.PF in index $I30 of file 6464 is incorrect.
The file reference 0x7400000000a61d of index entry Local State of index $I30
with parent 0x3304b is not the same as 0x7300000000a61d.

Index entry Local State in index $I30 of file 208971 is incorrect.
The file reference 0x7400000000a61d of index entry LOCALS~1 of index $I30
with parent 0x3304b is not the same as 0x7300000000a61d.
Index entry LOCALS~1 in index $I30 of file 208971 is incorrect.
341028 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.
</Data>
<Binary>00FF0300DC5F03006156060000000000BB0D00002C0000000000000000000000</Binary>
</EventData>
</Event>


I haven't had any real issues, except that it seems a bit slow. It is working faster than before, though.
OCD
2014-12-09, 17:17
Hi Nightwingsgurl,


It says it had an error because the drive was in use. I tried restarting my computer and had the same results.

11923


When you received this message did your press the "Y" key to run on next restart?

If not, complete the step again. This time press the "Y" key on your keyboard and then reboot the computer. Locate the log as previously done and post for review.
Nightwingsgurl
2014-12-12, 03:30
Hi Nightwingsgurl,



When you received this message did your press the "Y" key to run on next restart?

If not, complete the step again. This time press the "Y" key on your keyboard and then reboot the computer. Locate the log as previously done and post for review.


I didn't do that the first time. This time I did. I followed your instructions to get the log, but it looks like it still has the 12/6 date on it, so I'm not sure why I'm missing today's log. I'll include a screenshot-- it has something with today's date in there.


11930


Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 12/6/2014 9:31:56 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Imari-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
261888 file records processed.

File verification completed.
2064 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
341016 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
261888 file SDs/SIDs processed.

Cleaning up 767 unused index entries from index $SII of file 0x9.
Cleaning up 767 unused index entries from index $SDH of file 0x9.
Cleaning up 767 unused security descriptors.
Security descriptor verification completed.
39565 data files processed.

CHKDSK is verifying Usn Journal...
36366992 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

125028351 KB total disk space.
98417128 KB in 181466 files.
140916 KB in 39566 indexes.
0 KB in bad sectors.
369115 KB in use by the system.
65536 KB occupied by the log file.
26101192 KB available on disk.

4096 bytes in each allocation unit.
31257087 total allocation units on disk.
6525298 allocation units available on disk.

Internal Info:
00 ff 03 00 73 5f 03 00 9c 55 06 00 00 00 00 00 ....s_...U......
bb 0d 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-12-07T02:31:56.000000000Z" />
<EventRecordID>59360</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Imari-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
261888 file records processed.

File verification completed.
2064 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
341016 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
261888 file SDs/SIDs processed.

Cleaning up 767 unused index entries from index $SII of file 0x9.
Cleaning up 767 unused index entries from index $SDH of file 0x9.
Cleaning up 767 unused security descriptors.
Security descriptor verification completed.
39565 data files processed.

CHKDSK is verifying Usn Journal...
36366992 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

125028351 KB total disk space.
98417128 KB in 181466 files.
140916 KB in 39566 indexes.
0 KB in bad sectors.
369115 KB in use by the system.
65536 KB occupied by the log file.
26101192 KB available on disk.

4096 bytes in each allocation unit.
31257087 total allocation units on disk.
6525298 allocation units available on disk.

Internal Info:
00 ff 03 00 73 5f 03 00 9c 55 06 00 00 00 00 00 ....s_...U......
bb 0d 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
OCD
2014-12-12, 05:10
Hi Nightwingsgurl,


but it looks like it still has the 12/6 date on it, so I'm not sure why I'm missing today's log. I'll include a screenshot-- it has something with today's date in there.

I don't really have an explanation as to why you weren't able to access todays log. You could try expanding the Event Viewer window and see if there are other chkdsk (Wininit) logs available. But the 12/06/14 log seems to be fine.

Are you having any other issues?
Nightwingsgurl
2014-12-14, 05:05
Hi Nightwingsgurl,



I don't really have an explanation as to why you weren't able to access todays log. You could try expanding the Event Viewer window and see if there are other chkdsk (Wininit) logs available. But the 12/06/14 log seems to be fine.

Are you having any other issues?

Not that I can tell. It still seems to be running a bit slowly, though it's better than it was. I'll try the chkdsk one more time (it'll probably be tomorrow before I can do it, though).
Nightwingsgurl
2014-12-15, 04:13
Well, I tried it again and it didn't work, so I typed in Y and let it restart and run again. It finally generated a log, but Notepad won't save it for some reason-- anytime I hit "save" it just sits there, with no error message or anything. It's weird.

Here's the log:

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 12/14/2014 9:29:48 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Imari-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
261888 file records processed.

File verification completed.
2051 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
341540 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
261888 file SDs/SIDs processed.

Cleaning up 39 unused index entries from index $SII of file 0x9.
Cleaning up 39 unused index entries from index $SDH of file 0x9.
Cleaning up 39 unused security descriptors.
Security descriptor verification completed.
39827 data files processed.

CHKDSK is verifying Usn Journal...
36035296 USN bytes processed.

Usn Journal verification completed.
Windows has checked the file system and found no problems.

125028351 KB total disk space.
100091776 KB in 183567 files.
143152 KB in 39828 indexes.
0 KB in bad sectors.
369195 KB in use by the system.
65536 KB occupied by the log file.
24424228 KB available on disk.

4096 bytes in each allocation unit.
31257087 total allocation units on disk.
6106057 allocation units available on disk.

Internal Info:
00 ff 03 00 ae 68 03 00 09 68 06 00 00 00 00 00 .....h...h......
c0 0d 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-12-15T02:29:48.000000000Z" />
<EventRecordID>60125</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Imari-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
261888 file records processed.

File verification completed.
2051 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
341540 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
261888 file SDs/SIDs processed.

Cleaning up 39 unused index entries from index $SII of file 0x9.
Cleaning up 39 unused index entries from index $SDH of file 0x9.
Cleaning up 39 unused security descriptors.
Security descriptor verification completed.
39827 data files processed.

CHKDSK is verifying Usn Journal...
36035296 USN bytes processed.

Usn Journal verification completed.
Windows has checked the file system and found no problems.

125028351 KB total disk space.
100091776 KB in 183567 files.
143152 KB in 39828 indexes.
0 KB in bad sectors.
369195 KB in use by the system.
65536 KB occupied by the log file.
24424228 KB available on disk.

4096 bytes in each allocation unit.
31257087 total allocation units on disk.
6106057 allocation units available on disk.

Internal Info:
00 ff 03 00 ae 68 03 00 09 68 06 00 00 00 00 00 .....h...h......
c0 0d 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
OCD
2014-12-15, 05:23
Hi Nightwingsgurl,

Everything looks good.

Any remaining issues?
Nightwingsgurl
2014-12-16, 03:58
Hi Nightwingsgurl,

Everything looks good.

Any remaining issues?


Awesome! And it still seems a bit slow, but otherwise fine. I haven't had any issues with the computer restarting or the screen going black. Thank you!!! :) Can I just delete all of this other stuff?
OCD
2014-12-16, 04:17
Hi Nightwingsgurl,


Thank you!!! Can I just delete all of this other stuff?

You're welcome!

Actually, the best way is to run this quick tool.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools


Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:

Remove disinfection tools
Create registry backup
Purge system restore


http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)


Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

Any other questions or comments?
OCD
2014-12-18, 17:14
Hi Nightwingsgurl,

Any additional questions? Are you ready for me to close the topic?
Nightwingsgurl
2014-12-19, 14:34
Hi Nightwingsgurl,

Any additional questions? Are you ready for me to close the topic?

Sorry to reply back late-- I've been sick and haven't done much with my computer.

I can't think of anything, no. Thank you again for all of your help! :)



Here's the DelFix log if you need it:

# DelFix v10.8 - Logfile created 19/12/2014 at 07:19:39
# Updated 29/07/2014 by Xplode
# Username : Imari - IMARI-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Imari\Desktop\Addition.txt
Deleted : C:\Users\Imari\Desktop\aswMBR.exe
Deleted : C:\Users\Imari\Desktop\aswMBR.txt
Deleted : C:\Users\Imari\Desktop\FRST.txt
Deleted : C:\Users\Imari\Desktop\FRST64.exe
Deleted : C:\Users\Imari\Desktop\ListParts.exe
Deleted : C:\Users\Imari\Desktop\Result.txt
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #411 [Windows Update | 12/11/2014 00:20:32]
Deleted : RP #412 [Windows Update | 12/12/2014 22:09:52]
Deleted : RP #413 [Windows Update | 12/16/2014 02:45:08]
Deleted : RP #414 [Windows Update | 12/19/2014 12:15:01]

New restore point created !

########## - EOF - ##########
OCD
2014-12-19, 16:18
You're very welcome. Glad I was able to help. :bigthumb:

Since this issue appears to be resolved ... this Topic has been closed.

If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.