PDA

View Full Version : 1) Slow computer, error messages



spypcsense
2015-01-14, 09:07
Version of Spybot: 2.0.12.0
Rootkit scanner 2.0.12.116
Operating system: Windows 7 professional 32 bit
Other security programs installed: AVG Cloudcare, Malwarebytes
Issues with the computer's performance: Windows is not Genuine (4 year old Lenovo laptop and this just popped up), can't troubleshoot (gets error), some updates are blocked, sometimes gets very sloooowww. I pulled the drive and deep scanned it again from this machine with similar results to the original scan. Drive is a new 720GB WD replacing an almost full 320 which I thought was causing the problem. WD imaging program worked fine but shortly after the switch I started getting the Genuine Windows notification. Did a system restore to a couple of days before putting in the new drive as the hardware change could have triggered the notification but that made no difference.
Original post in Rootalyzer forum: http://forums.spybot.info/showthread.php?71850-jpg-files-changed-on-the-same-date-and-reported-as-unknown-ADS&p=460966

Here is FIRST scan I ran today.
Thanks for looking at them and any help you can give.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Bruce (administrator) on BRUCE-LENOVO on 13-01-2015 13:44:12
Running from C:\Users\Bruce\Desktop
Loaded Profile: Bruce (Available profiles: Bruce & braley & Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\XmppAuth.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(SAMSUNG Electornics Co., Ltd.) C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2009-11-27] (Lenovo.)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ACWLIcon] => C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe [181608 2009-11-26] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [435560 2009-11-26] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AVG CloudCare] => C:\Program Files\AVG\CloudCare\AvgTrayApp.exe [108312 2014-07-25] (AVG Technologies, Inc.)
HKLM\...\Run: [racontrol] => C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1404080 2013-08-29] (AVG Technologies, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {06113c30-fef8-11e3-8c7b-78dd08b37ded} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {cd33b098-e596-11e2-9fb9-00262dfc1d87} - E:\VZW_Software_upgrade_assistant.exe
IFEO\isuspm.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\natspeak.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=BDT3&ocid=BDT3DHP
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL =
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {CF72DB5D-A4F5-454C-BFC1-A9A2C1B19471} URL = http://search.avg.com/route/?d=4c216cec&v=6.10.6.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://10.0.0.26:85/HiDvrOcx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2701720504-2077786656-4262629455-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruce\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\searchplugins\bingp.xml
FF Extension: Yahoo! Toolbar - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-20]
FF Extension: DownloadHelper - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Quick Translator - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-03-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=BDT3DF&PC=BDT3
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-08]
CHR Extension: (Google Wallet) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-07]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2009-11-26] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [255336 2009-11-26] (Lenovo)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [948736 2011-08-08] (Intel Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-26] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473600 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473600 2010-11-20] (Microsoft Corporation) [File not signed]
R2 AvgApiWrapper; C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe [151832 2014-07-25] (AVG Technologies, Inc.)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AvgRemote; C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe [54960 2013-09-05] (AVG Technologies, Inc.)
R2 AvgUpgrade; C:\Program Files\AVG\CloudCare\AvgUpgrade.exe [78616 2014-07-25] (AVG Technologies, Inc.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) [File not signed]
R3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [102672 2011-06-03] (Intel(R) Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
R3 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-08] (Microsoft Corporation) [File not signed]
R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-02] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2013-01-13] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HsfXAudioService; C:\Windows\system32\XAudio32.dll [410624 2009-04-28] (Conexant Systems, Inc.) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2014-09-18] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-11] (Microsoft Corporation) [File not signed]
R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-13] (Microsoft Corporation) [File not signed]
S2 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-13] (Microsoft Corporation) [File not signed]
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-04-30] (Microsoft Corporation) [File not signed]
R3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-01-31] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
R2 raserver; C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1404080 2013-08-29] (AVG Technologies, Inc.)
S3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-10] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-13] (Microsoft Corporation) [File not signed]
S2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\system32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [523264 2014-07-16] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35640 2014-07-14] (AVG)
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) [File not signed]
R3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-13] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-27] (Microsoft Corporation) [File not signed]
R2 XmppAuth; C:\Program Files\AVG\CloudCare\XmppAuth.exe [285464 2014-07-25] (AVG Technologies, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [126080 2009-10-27] (Ricoh co.,Ltd.) [File not signed]
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-29] (Microsoft Corporation) [File not signed]
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2012-12-17] (Oak Technology Inc.) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Avc; C:\Windows\System32\DRIVERS\avc.sys [40320 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.) [File not signed]
R3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [34816 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-13] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [393728 2012-07-06] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [60416 2011-04-27] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HECI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2009-09-16] (Intel Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [981504 2009-06-29] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [207360 2009-06-29] (Conexant Systems, Inc.) [File not signed]
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4756480 2009-06-10] (Intel Corporation) [File not signed]
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [125696 2009-10-25] (Intel Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-13] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-18] (Conexant) [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-26] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-26] (Microsoft Corporation) [File not signed]
S3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [52608 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) [File not signed]
S3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6758912 2010-03-17] (Intel Corporation) [File not signed]
S3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation) [File not signed]
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-16] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-13] (Microsoft Corporation) [File not signed]
R2 rimspci; C:\Windows\System32\DRIVERS\rimspe86.sys [48640 2009-10-25] (REDC) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\Windows\system32\drivers\sdbus.sys [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-28] (Microsoft Corporation) [File not signed]
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.) [File not signed]
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.) [File not signed]
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-28] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TPM; C:\Windows\System32\drivers\tpm.sys [30720 2009-07-13] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49152 2013-10-01] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80896 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [43520 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-26] (Microsoft Corporation) [File not signed]
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [36352 2013-07-02] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-10] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2009-06-29] (Conexant Systems, Inc.) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [20480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
R2 XAudio; C:\Windows\System32\DRIVERS\XAudio32.sys [8704 2009-04-28] (Conexant Systems, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 13:44 - 2015-01-13 13:45 - 00064137 _____ () C:\Users\Bruce\Desktop\FRST.txt
2015-01-13 13:43 - 2015-01-13 13:44 - 00000000 ____D () C:\FRST
2015-01-13 13:41 - 2015-01-13 13:41 - 01115648 _____ (Farbar) C:\Users\Bruce\Desktop\FRST.exe
2015-01-13 13:37 - 2015-01-13 13:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRUCE-LENOVO-Microsoft-Windows-7-Professional-(32-bit).dat
2015-01-13 13:36 - 2015-01-13 13:36 - 00000000 ____D () C:\RegBackup
2015-01-13 13:35 - 2015-01-13 13:35 - 00002196 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-01-13 13:32 - 2015-01-13 13:32 - 04215584 _____ () C:\Users\Bruce\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-13 13:06 - 2015-01-13 13:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(1).exe
2015-01-09 20:00 - 2015-01-13 13:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 19:59 - 2015-01-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 19:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 19:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 19:58 - 2015-01-09 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG
2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG
2015-01-09 09:28 - 2015-01-09 09:00 - 08994813 _____ () C:\Users\Admin\Documents\CBS.txt.log
2015-01-09 09:18 - 2015-01-09 09:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2014
2015-01-09 09:17 - 2015-01-09 09:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2014
2015-01-09 09:17 - 2015-01-09 09:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-02 12:53 - 2015-01-07 10:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-02 12:53 - 2015-01-02 12:53 - 00000000 ____D () C:\ProgramData\Intel.sav
2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-01-02 12:43 - 2015-01-02 12:43 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Intel
2015-01-02 12:42 - 2015-01-02 12:42 - 00001139 _____ () C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\Program Files\Intel Driver Update Utility
2015-01-02 12:41 - 2015-01-02 12:41 - 02333416 _____ (Intel) C:\Users\Bruce\Downloads\Intel Driver Update Utility Installer.exe
2015-01-02 12:26 - 2015-01-02 12:26 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate.exe
2014-12-27 22:41 - 2014-12-27 22:41 - 00011079 _____ () C:\Users\Bruce\Documents\computer.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 13:42 - 2012-04-08 09:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 13:42 - 2012-04-08 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 13:42 - 2011-05-26 08:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 13:21 - 2010-07-21 11:01 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook Files
2015-01-13 13:21 - 2010-06-24 18:18 - 00000000 ____D () C:\Users\braley\Outlook
2015-01-13 13:18 - 2010-06-23 05:46 - 01477823 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 13:17 - 2011-05-03 15:00 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-13 13:10 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 13:10 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 13:07 - 2009-07-20 21:30 - 00800182 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 13:04 - 2011-11-01 07:44 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-13 12:59 - 2013-10-17 08:35 - 00000000 ____D () C:\ProgramData\AVGRemoteIT
2015-01-13 12:59 - 2011-05-03 15:00 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-13 12:59 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 12:59 - 2009-07-13 20:39 - 00191441 _____ () C:\Windows\setupact.log
2015-01-11 00:56 - 2010-10-02 07:35 - 00000000 ____D () C:\Users\Bruce\Documents\Politics
2015-01-10 10:00 - 2009-07-13 20:33 - 03897040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-10 09:59 - 2010-06-23 05:42 - 01868062 _____ () C:\Windows\PFRO.log
2015-01-10 09:59 - 2009-07-13 20:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 19:59 - 2011-11-01 13:12 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-09 09:18 - 2012-05-06 10:50 - 00462888 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 09:17 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-07 13:04 - 2011-12-04 10:45 - 00000221 _____ () C:\Windows\wininit.ini
2015-01-07 11:01 - 2013-12-14 10:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-07 10:39 - 2010-06-24 23:49 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Microsoft Help
2015-01-07 10:26 - 2010-06-23 06:28 - 00000000 ____D () C:\Users\Bruce
2015-01-07 10:19 - 2014-06-21 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 10:19 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin
2015-01-07 10:19 - 2011-11-09 01:58 - 00000000 ____D () C:\ProgramData\Intel
2015-01-07 10:19 - 2010-06-23 06:21 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-07 10:19 - 2010-06-22 18:22 - 00000000 ____D () C:\Users\braley
2015-01-07 10:19 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-07 10:19 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Cisco
2015-01-07 10:18 - 2010-06-23 05:39 - 00000000 ____D () C:\Program Files\Intel
2015-01-02 12:54 - 2014-04-03 21:57 - 00000000 ____D () C:\Users\Outlook
2015-01-02 12:54 - 2013-11-18 07:58 - 00000000 ____D () C:\Users\TEMP
2014-12-26 00:55 - 2011-09-25 21:46 - 00000000 ____D () C:\Users\Bruce\Documents\Melaleuca
2014-12-25 12:35 - 2012-05-21 10:09 - 00000000 ____D () C:\Users\Bruce\Documents\Sean
2014-12-22 20:01 - 2009-07-19 17:04 - 00000000 ____D () C:\Users\Bruce\Documents\Financial
2014-12-19 14:32 - 2014-01-14 10:52 - 00000000 ____D () C:\Users\Bruce\Documents\braley digital
2014-12-17 08:39 - 2010-06-22 15:53 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Adobe
2014-12-14 08:15 - 2013-01-09 04:02 - 00000000 ____D () C:\Users\Bruce\Documents\Technical

Files to move or delete:
====================
C:\Users\Outlook\extend.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-10-25 09:16] - [2014-07-16 17:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 23:49

==================== End Of Log ============================

Juliet
2015-01-15, 14:01
Hi and welcome

Have my fingers crossed here we can find this and get it cleaned.

Can you use MSCONFIG and check for unusual or items there that don't belong. What I'm thinking is, it's located in your run entries at startup.

Also, your version of Farbar Recovery Scan Tool has a coding bug, there has been an updated one posted that I need to get you to download.

Right click on the version you have now, select delete.

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.



~~~~~~~~~~~~~~

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png


Please click by the introduction screen on the Next button to continue.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png


Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


When the update has finished, click on the Next button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png


Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. [i]This scan can take some time, so please be patient.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.


There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.

For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.


The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

spypcsense
2015-01-15, 20:23
Hello Juliet
Thanks for the reply.
Here is the FRST.txt I'll send Addition.txt separately. I had trouble sending everything at once yesterday, probably because there was too much data.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Bruce (administrator) on BRUCE-LENOVO on 15-01-2015 10:05:56
Running from C:\Users\Bruce\Desktop
Loaded Profiles: Bruce (Available profiles: Bruce & braley & Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(SAMSUNG Electornics Co., Ltd.) C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\XmppAuth.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2009-11-27] (Lenovo.)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ACWLIcon] => C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe [181608 2009-11-26] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [435560 2009-11-26] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AVG CloudCare] => C:\Program Files\AVG\CloudCare\AvgTrayApp.exe [108312 2014-07-25] (AVG Technologies, Inc.)
HKLM\...\Run: [racontrol] => C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1404080 2013-08-29] (AVG Technologies, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {06113c30-fef8-11e3-8c7b-78dd08b37ded} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {cd33b098-e596-11e2-9fb9-00262dfc1d87} - E:\VZW_Software_upgrade_assistant.exe
IFEO\isuspm.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\natspeak.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=BDT3&ocid=BDT3DHP
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL =
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {CF72DB5D-A4F5-454C-BFC1-A9A2C1B19471} URL = http://search.avg.com/route/?d=4c216cec&v=6.10.6.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://10.0.0.26:85/HiDvrOcx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2701720504-2077786656-4262629455-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruce\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\searchplugins\bingp.xml
FF Extension: Yahoo! Toolbar - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-20]
FF Extension: DownloadHelper - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Quick Translator - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-03-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=BDT3DF&PC=BDT3
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-08]
CHR Extension: (Google Wallet) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-07]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2009-11-26] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [255336 2009-11-26] (Lenovo)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [948736 2011-08-08] (Intel Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-26] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473600 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473600 2010-11-20] (Microsoft Corporation) [File not signed]
R2 AvgApiWrapper; C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe [151832 2014-07-25] (AVG Technologies, Inc.)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AvgRemote; C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe [54960 2013-09-05] (AVG Technologies, Inc.)
R2 AvgUpgrade; C:\Program Files\AVG\CloudCare\AvgUpgrade.exe [78616 2014-07-25] (AVG Technologies, Inc.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) [File not signed]
R3 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) [File not signed]
R3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [102672 2011-06-03] (Intel(R) Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
R3 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-08] (Microsoft Corporation) [File not signed]
R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-02] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2013-01-13] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HsfXAudioService; C:\Windows\system32\XAudio32.dll [410624 2009-04-28] (Conexant Systems, Inc.) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2014-09-18] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-11] (Microsoft Corporation) [File not signed]
R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-13] (Microsoft Corporation) [File not signed]
S2 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-13] (Microsoft Corporation) [File not signed]
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-04-30] (Microsoft Corporation) [File not signed]
R3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-01-31] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
R2 raserver; C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1404080 2013-08-29] (AVG Technologies, Inc.)
R3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-10] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-13] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\system32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [523264 2014-07-16] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35640 2014-07-14] (AVG)
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-13] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-27] (Microsoft Corporation) [File not signed]
R2 XmppAuth; C:\Program Files\AVG\CloudCare\XmppAuth.exe [285464 2014-07-25] (AVG Technologies, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [126080 2009-10-27] (Ricoh co.,Ltd.) [File not signed]
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-29] (Microsoft Corporation) [File not signed]
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2012-12-17] (Oak Technology Inc.) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Avc; C:\Windows\System32\DRIVERS\avc.sys [40320 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.) [File not signed]
R3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [34816 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-13] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [393728 2012-07-06] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [60416 2011-04-27] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HECI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2009-09-16] (Intel Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [981504 2009-06-29] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [207360 2009-06-29] (Conexant Systems, Inc.) [File not signed]
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4756480 2009-06-10] (Intel Corporation) [File not signed]
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [125696 2009-10-25] (Intel Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-13] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-18] (Conexant) [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-26] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-26] (Microsoft Corporation) [File not signed]
S3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [52608 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-13] (Microsoft Corporation) [File not signed]
R3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) [File not signed]
S3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6758912 2010-03-17] (Intel Corporation) [File not signed]
S3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation) [File not signed]
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-16] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-13] (Microsoft Corporation) [File not signed]
R2 rimspci; C:\Windows\System32\DRIVERS\rimspe86.sys [48640 2009-10-25] (REDC) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\Windows\system32\drivers\sdbus.sys [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-28] (Microsoft Corporation) [File not signed]
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.) [File not signed]
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.) [File not signed]
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-28] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TPM; C:\Windows\System32\drivers\tpm.sys [30720 2009-07-13] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49152 2013-10-01] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80896 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [43520 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-26] (Microsoft Corporation) [File not signed]
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [36352 2013-07-02] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-10] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2009-06-29] (Conexant Systems, Inc.) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [20480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
R2 XAudio; C:\Windows\System32\DRIVERS\XAudio32.sys [8704 2009-04-28] (Conexant Systems, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 10:02 - 2015-01-15 10:03 - 00052378 _____ () C:\Users\Bruce\Desktop\Addition.txt
2015-01-15 10:00 - 2015-01-15 10:05 - 00064324 _____ () C:\Users\Bruce\Desktop\FRST.txt
2015-01-15 10:00 - 2015-01-15 10:00 - 01116672 _____ (Farbar) C:\Users\Bruce\Desktop\FRST.exe
2015-01-13 16:14 - 2015-01-13 16:14 - 00002214 _____ () C:\Users\Bruce\Desktop\aswMBR.txt
2015-01-13 16:14 - 2015-01-13 16:14 - 00000512 _____ () C:\Users\Bruce\Desktop\MBR.dat
2015-01-13 14:10 - 2015-01-13 14:11 - 05198336 _____ (AVAST Software) C:\Users\Bruce\Desktop\aswMBR.exe
2015-01-13 13:46 - 2015-01-13 13:47 - 00051749 _____ () C:\Users\Bruce\Desktop\oldAddition.txt
2015-01-13 13:43 - 2015-01-15 10:06 - 00000000 ____D () C:\FRST
2015-01-13 13:37 - 2015-01-13 13:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRUCE-LENOVO-Microsoft-Windows-7-Professional-(32-bit).dat
2015-01-13 13:36 - 2015-01-13 13:36 - 00000000 ____D () C:\RegBackup
2015-01-13 13:35 - 2015-01-13 13:35 - 00002196 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-01-13 13:32 - 2015-01-13 13:32 - 04215584 _____ () C:\Users\Bruce\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-13 13:06 - 2015-01-13 13:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(1).exe
2015-01-09 20:00 - 2015-01-15 09:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 19:59 - 2015-01-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 19:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 19:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 19:58 - 2015-01-09 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG
2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG
2015-01-09 09:28 - 2015-01-09 09:00 - 08994813 _____ () C:\Users\Admin\Documents\CBS.txt.log
2015-01-09 09:18 - 2015-01-09 09:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2014
2015-01-09 09:17 - 2015-01-09 09:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2014
2015-01-09 09:17 - 2015-01-09 09:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-02 12:53 - 2015-01-07 10:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-02 12:53 - 2015-01-02 12:53 - 00000000 ____D () C:\ProgramData\Intel.sav
2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-01-02 12:43 - 2015-01-02 12:43 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Intel
2015-01-02 12:42 - 2015-01-02 12:42 - 00001139 _____ () C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\Program Files\Intel Driver Update Utility
2015-01-02 12:41 - 2015-01-02 12:41 - 02333416 _____ (Intel) C:\Users\Bruce\Downloads\Intel Driver Update Utility Installer.exe
2015-01-02 12:26 - 2015-01-02 12:26 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate.exe
2014-12-27 22:41 - 2014-12-27 22:41 - 00011079 _____ () C:\Users\Bruce\Documents\computer.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 09:59 - 2011-05-03 15:00 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-15 09:59 - 2010-06-23 05:46 - 01513163 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 09:53 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:53 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:50 - 2012-02-15 11:59 - 00000514 _____ () C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
2015-01-15 09:50 - 2012-02-15 11:59 - 00000490 _____ () C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
2015-01-15 09:50 - 2009-07-20 21:30 - 00800182 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 09:48 - 2011-11-01 07:44 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-15 09:46 - 2010-07-21 11:01 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook Files
2015-01-15 09:46 - 2010-06-24 18:18 - 00000000 ____D () C:\Users\braley\Outlook
2015-01-15 09:44 - 2009-07-13 20:33 - 03897040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 09:42 - 2013-10-17 08:35 - 00000000 ____D () C:\ProgramData\AVGRemoteIT
2015-01-15 09:42 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 09:42 - 2009-07-13 20:39 - 00191553 _____ () C:\Windows\setupact.log
2015-01-13 23:42 - 2012-04-08 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 14:42 - 2012-04-08 09:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 14:42 - 2011-05-26 08:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 12:59 - 2011-05-03 15:00 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-11 00:56 - 2010-10-02 07:35 - 00000000 ____D () C:\Users\Bruce\Documents\Politics
2015-01-10 09:59 - 2010-06-23 05:42 - 01868062 _____ () C:\Windows\PFRO.log
2015-01-10 09:59 - 2009-07-13 20:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 19:59 - 2011-11-01 13:12 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-09 09:18 - 2012-05-06 10:50 - 00462888 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 09:17 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-07 13:04 - 2011-12-04 10:45 - 00000221 _____ () C:\Windows\wininit.ini
2015-01-07 11:01 - 2013-12-14 10:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-07 10:39 - 2010-06-24 23:49 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Microsoft Help
2015-01-07 10:26 - 2010-06-23 06:28 - 00000000 ____D () C:\Users\Bruce
2015-01-07 10:19 - 2014-06-21 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 10:19 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin
2015-01-07 10:19 - 2011-11-09 01:58 - 00000000 ____D () C:\ProgramData\Intel
2015-01-07 10:19 - 2010-06-23 06:21 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-07 10:19 - 2010-06-22 18:22 - 00000000 ____D () C:\Users\braley
2015-01-07 10:19 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-07 10:19 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Cisco
2015-01-07 10:18 - 2010-06-23 05:39 - 00000000 ____D () C:\Program Files\Intel
2015-01-02 12:54 - 2014-04-03 21:57 - 00000000 ____D () C:\Users\Outlook
2015-01-02 12:54 - 2013-11-18 07:58 - 00000000 ____D () C:\Users\TEMP
2014-12-26 00:55 - 2011-09-25 21:46 - 00000000 ____D () C:\Users\Bruce\Documents\Melaleuca
2014-12-25 12:35 - 2012-05-21 10:09 - 00000000 ____D () C:\Users\Bruce\Documents\Sean
2014-12-22 20:01 - 2009-07-19 17:04 - 00000000 ____D () C:\Users\Bruce\Documents\Financial
2014-12-19 14:32 - 2014-01-14 10:52 - 00000000 ____D () C:\Users\Bruce\Documents\braley digital
2014-12-17 08:39 - 2010-06-22 15:53 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\Outlook\extend.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-10-25 09:16] - [2014-07-16 17:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 23:49

==================== End Of Log ============================

spypcsense
2015-01-15, 20:33
The only thing I saw in Msconfig was PiconStation Application which is in the Intel folder but lists the manufacturer as unknown. Will run Mbar next and post the results.
Thanks for the help.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by Bruce at 2015-01-15 10:26:02
Running from C:\Users\Bruce\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG CloudCare AntiVirus 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Connect Add-in (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Adobe Connect Add-in) (Version: - )
Adobe Creative Suite 5 Production Premium (HKLM\...\{53BC789D-073D-47B6-AA9F-DE05990AF07A}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.10 (HKLM\...\Amazon MP3 Downloader) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.6 - Vantage Software Technologies)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG CloudCare (HKLM\...\AVG CloudCare) (Version: 3.2.1 - AVG Technologies)
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.9 - AVG Technologies) Hidden
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon MX870 series User Registration (HKLM\...\Canon MX870 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: - )
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel DVD MovieFactory (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 Lenovo Edition (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeLorme Street Atlas USA 2009 (HKLM\...\{AEB95804-A937-49E6-940A-37A606C16D5D}) (Version: 9.00.0000 - DeLorme Publishing)
Digital Picture Recovery (HKLM\...\Digital Picture Recovery) (Version: 2.1.2.8 - dtidata.com)
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Free File Opener v2011.6.0.4 (HKLM\...\Free File Opener_is1) (Version: 2011.6.0.4 - Free File Opener, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
HD Writer AE 3.0 (HKLM\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM\...\{7A3FFA58-876F-489C-B6CF-0503916224DF}) (Version: 3.0.5617 - HTC Corporation)
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.157 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.157 - InterVideo Inc.) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche Studios)
K-Lite Codec Pack 6.0.4 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0002.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version: - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Mobile Broadband Connect (HKLM\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 4.0 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0 (x86 en-US)) (Version: 4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
NetViewer 2.1.584.0 (HKLM\...\NetViewer) (Version: 2.1.584.0 - )
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12130 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (HKLM\...\Adobe_1b5a11fde44351ae0f4c7fd0e4daadc) (Version: 4.4.0 - Adobe Systems Incorporated)
Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (Version: 4.4.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks (Version: 19.0.4011.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4011.705 - Intuit Inc.)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.3.7 - Intuit)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
The Print Shop 22 (HKLM\...\{E34351A4-4B10-4DFF-96BC-84C642D9C625}) (Version: 22.00.0000 - Broderbund Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.10a - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.50 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebEx (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net (11/19/2009 11.5.5.0) (HKLM\...\A140D730315E230942517BDDAEC2B1B5FCC45A3F) (Version: 11/19/2009 11.5.5.0 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1026\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points =========================

26-11-2014 10:02:31 Scheduled Checkpoint
11-12-2014 08:26:30 Scheduled Checkpoint
02-01-2015 12:41:54 Intel® Driver Update Utility
02-01-2015 12:49:03 Intel® PROSet/Wireless Software

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2014-09-23 23:37 - 00450770 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08C60E9B-4AD4-495A-8EC7-40CF1EE8811B} - System32\Tasks\InstallShield Software online update program => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-16] (InstallShield Software Corporation)
Task: {0D98184E-32AB-4002-B42B-183B6EDE33C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {0F989BE7-FEE9-4162-AE5A-F0A7A78DE8B6} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {19BCC457-29AA-430F-93C8-C6B770EE7692} - System32\Tasks\{A90682E6-3795-4060-AEF9-00A2150BFA68} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl"
Task: {1B29FD60-61DE-403F-897E-94F774D856AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1BB0418C-9C6A-40D2-8683-CA6D7982BECB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {209C7C6C-CBC2-41FC-A757-DE2A25B80416} - System32\Tasks\{CE78F2F9-EEDA-49CB-A1BD-08DE7DE8C0E5} => E:\Setup.exe
Task: {24F6D86F-A55F-4B4E-9D48-6068FF00C60A} - System32\Tasks\{C2405C53-C542-458F-9782-7D4BB17E147C} => E:\ace\SINGLE\SETUP.EXE
Task: {259A12A9-FBB3-4479-A1F1-FE533ABCCBF8} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {259B58CC-1CC0-4F60-8FD4-184FE3DFCE1D} - System32\Tasks\{1540E941-4CD6-4941-B170-D0D20F45E0EA} => E:\autorun.exe
Task: {29A590F7-ED48-4A5D-8364-F25C8A2B21D1} - System32\Tasks\Message Center plus => C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {365039BA-D056-4548-A4C1-AFB67518136C} - System32\Tasks\{641FAB8B-0345-4BF5-B407-89A82A9DF934} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\\tssmpm.cpl"
Task: {448E0398-7AE1-491E-A7C5-920F81D52E3A} - System32\Tasks\NatSpeak Periodic Language Model Optimization => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-16] (Nuance Communications, Inc.)
Task: {46207F1F-8A9D-44C9-9459-533110387C20} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {4E2708E9-4E2B-4EBA-88BE-87E01CF4C422} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {5604000C-2EA8-4267-BFE2-B2CCF8011DEA} - System32\Tasks\NatSpeak Periodic Acoustic Optimization => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-16] (Nuance Communications, Inc.)
Task: {573C700B-BFB7-4B2D-82E0-C295EA4664E8} - System32\Tasks\{C7870018-95CD-49A1-8511-2FA7DD647873} => E:\ace\SINGLE\SETUP.EXE
Task: {5FA52832-1814-4100-AA81-EB64BEC12DAF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {5FBD5FCB-2122-4448-9B82-830D2108807B} - System32\Tasks\LaunchCSS => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-26] (Lenovo Group Limited)
Task: {62D0B3DA-2018-48B9-962C-482771543418} - System32\Tasks\{B746EDA9-1EA4-4B66-BAC3-5BF8C299A8A9} => E:\autorun.exe
Task: {693133C6-59A9-4F14-A5B4-E9E8F49197D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7307B735-7772-49FD-BE2F-36BF96E0ECAB} - System32\Tasks\{8CE865C7-79CA-44DE-B8AE-9993D0236C60} => D:\install.exe
Task: {7A317081-074A-4C61-95C8-6A2DDA1B2437} - System32\Tasks\{35A9C21D-65FC-45D5-9472-346495408226} => E:\ace\SINGLE\SETUP.EXE
Task: {7B925F22-0399-476E-AFE5-C75552BD7A16} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Lenovo-Bruce => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {83952255-1DDD-4BDB-920F-A1DFF0AC08DD} - System32\Tasks\{10F11F3A-58FF-4BBC-8168-6105E14410B6} => E:\setup.exe
Task: {897B4F6E-FDF0-43CB-AE03-04E312300C23} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-11-26] (Lenovo Group Limited)
Task: {9314E8F0-AD1C-478B-A2C5-6137608B6FDD} - System32\Tasks\InstallShield Software update service => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {998D0A65-D9FE-4D67-BFED-C8F4819732F0} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A5F8BFAD-B368-437F-B7AD-456939861D20} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {A954044F-9745-4724-8204-3743B7F5AEDF} - System32\Tasks\{56A271B6-B527-4A59-AF05-1682CC725F72} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B3500B58-8693-4A86-8951-F362C64A5553} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B400A4B7-0DE1-49DA-83D9-D646D73CCA92} - System32\Tasks\{84AE0A25-3344-4110-87F8-F39AE4C1A56B} => pcalua.exe -a C:\SWTools\skype\Skype_Setup.exe -d C:\SWTools\skype
Task: {B9C075ED-2906-4D73-9811-23DFA22104F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {BBBE9FE9-89F6-460F-B3C8-201CFCCEB524} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {CD4068ED-893C-4AA9-99B9-7E5A262B9E32} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {D811F944-863A-4423-803A-C4E084E2332A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-12-20] ()
Task: {D9293844-F489-4397-8BB9-488ACE94A14F} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {DA3AEC2B-0BB5-45D9-9C97-879863A2D03B} - System32\Tasks\{2E88491F-1A5F-4A22-B292-ACEA4ED9DC0B} => pcalua.exe -a C:\Users\Bruce\Downloads\MediaToolsProfessional5.1.exe -d C:\Users\Bruce\Downloads
Task: {DF844C5B-A434-4CA2-A6A9-75A739EF1328} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {F50085CF-F530-4CBB-99B3-2DBE91056D68} - System32\Tasks\{76A69476-6ADD-4A19-91A6-0EF971717ED4} => E:\setup.exe
Task: {FF0EB834-16BF-4947-9A96-236DF606E5FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {FF7B19BC-F590-446A-B3CB-AE8A5C665E10} - System32\Tasks\TVT\LaunchRnR => C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job => C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 08:35 - 2013-10-28 14:48 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-11-26 17:48 - 2009-11-26 17:48 - 00006656 ____N () C:\Program Files\Lenovo\Access Connections\ACNewBiosHelper.dll
2013-10-17 08:35 - 2014-07-25 06:45 - 00059160 _____ () C:\Program Files\AVG\CloudCare\ZlibStream.dll
2013-10-17 08:35 - 2014-07-25 06:45 - 00073496 _____ () C:\Program Files\AVG\CloudCare\UpdateProxy.dll
2014-09-08 10:12 - 2013-09-05 06:21 - 00179888 _____ () C:\Program Files\AVG\CloudCare\AvgRemote\VIPTunnelDll.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-23 05:43 - 2009-11-26 10:10 - 00032768 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2013-12-14 10:59 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-14 10:59 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-01-31 18:13 - 2010-08-24 18:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll
2014-07-14 02:26 - 2014-07-14 02:26 - 00585528 _____ () C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll
2014-07-14 02:26 - 2014-07-14 02:26 - 00357176 _____ () C:\Program Files\AVG\AVG PC TuneUp\tuavgx.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-12-09 09:02 - 2014-12-09 09:02 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgRemote => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\raserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\XmppAuth => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2701720504-2077786656-4262629455-1006 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2701720504-2077786656-4262629455-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2701720504-2077786656-4262629455-1009 - Limited - Enabled)
braley (S-1-5-21-2701720504-2077786656-4262629455-1003 - Limited - Enabled) => C:\Users\braley
Bruce (S-1-5-21-2701720504-2077786656-4262629455-1001 - Administrator - Enabled) => C:\Users\Bruce
Guest (S-1-5-21-2701720504-2077786656-4262629455-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2701720504-2077786656-4262629455-1005 - Limited - Enabled)
Sean (S-1-5-21-2701720504-2077786656-4262629455-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.


System errors:
=============
Error: (01/15/2015 10:19:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 15 time(s).

Error: (01/15/2015 10:19:59 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (01/15/2015 10:16:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 14 time(s).

Error: (01/15/2015 10:16:58 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (01/15/2015 10:06:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 13 time(s).

Error: (01/15/2015 10:06:32 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (01/15/2015 10:05:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 12 time(s).

Error: (01/15/2015 10:05:39 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (01/15/2015 10:05:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 11 time(s).

Error: (01/15/2015 10:05:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/15/2015 10:26:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 3059.69 MB
Available physical RAM: 1105.86 MB
Total Pagefile: 6117.66 MB
Available Pagefile: 3277.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.62 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:673.37 GB) (Free:401.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Premiere Pro CS5 CIB) (CDROM) (Total:4.12 GB) (Free:0 GB) UDF
Drive q: (Lenovo_Recovery) (Fixed) (Total:24.09 GB) (Free:18.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B729D094)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Juliet
2015-01-15, 23:14
This is going to be a hard to to figure out. Nothing is listed as a cause so now it becomes guess work.

Please go to add/remove programs list and delete/uninstall
Java 7 Update 65

~~~~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG



start
CloseProcesses:
HKLM\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL =
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {CF72DB5D-A4F5-454C-BFC1-A9A2C1B19471} URL = http://search.avg.com/route/?d=4c216cec&v=6.10.6.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=usDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\user.js
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
C:\Users\Outlook\extend.dat
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

~~~~~~~~~~~~~~

Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.
Click Installed Updates.
Is KB3004394 installed?

spypcsense
2015-01-16, 00:42
Sorry this is such a problem.


MBAR came up clean.
Couldn't uninstall Java update 65. "Error opening installation log file. Verify that the specified log file location exists and is writable."
Phew - lot of scans - lot of changes BUT computer is running faster!
May have deleted some files connected to Dragon naturally speaking but I can always reinstall if need be

Here is the Fixlog.txt:
\Profiles\dyc1xnox.default\user.js
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
C:\Users\Outlook\extend.dat
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A}" => Key deleted successfully.
HKCR\CLSID\{5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} => Key not found.
"HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF72DB5D-A4F5-454C-BFC1-A9A2C1B19471}" => Key deleted successfully.
HKCR\CLSID\{CF72DB5D-A4F5-454C-BFC1-A9A2C1B19471} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\user.js => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => Key deleted successfully.
C:\Users\Outlook\extend.dat => Moved successfully.
C:\ProgramData\TEMP => ":F35A93AD" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 530.3 MB temporary data.

AdwCleaner[S0] text file:
# AdwCleaner v4.107 - Report created 15/01/2015 at 14:13:39
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Bruce - BRUCE-LENOVO
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\Bruce\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Bruce\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\searchplugins\bingp.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2176 octets] - [15/01/2015 14:03:51]
AdwCleaner[S0].txt - [2130 octets] - [15/01/2015 14:13:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2190 octets] ##########




JRT text file
~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\search protection



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\NatSpeak Periodic Acoustic Optimization
Successfully deleted: [File] C:\Windows\System32\Tasks\NatSpeak Periodic Language Model Optimization
Successfully deleted: [File] C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [File] C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
Successfully deleted: [File] C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Bruce\AppData\Roaming\pcdr"
Failed to delete: [Folder] "C:\Users\Bruce\AppData\Roaming\search protection"
Successfully deleted: [Empty Folder] C:\Users\Bruce\appdata\local\{43C994E7-E458-4BF3-8A32-D4AC3CF9F92D}



~~~ FireFox

Emptied folder: C:\Users\Bruce\AppData\Roaming\mozilla\firefox\profiles\dyc1xnox.default\minidumps [849 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/15/2015 at 14:36:26.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2015-01-16, 01:00
It's always good to hear things are running better.

Is KB3004394 installed?

Juliet
2015-01-16, 01:02
good gosh I meant to add this and hit the wrong button

https://java.com/en/download/
The above will download the latest version of Java

spypcsense
2015-01-16, 02:12
Java update 25 is installed already
KB3004394 is not.


good gosh I meant to add this and hit the wrong button

https://java.com/en/download/
The above will download the latest version of Java

Juliet
2015-01-16, 02:43
still receiving that error? Windows is not Genuine

spypcsense
2015-01-16, 04:32
Genuine Windows error just popped up. Dang.


still receiving that error? Windows is not Genuine

spypcsense
2015-01-16, 05:15
Hard drive is very busy - when it should be idle. Taskr manage showed a lot of activity around SP.exe so I renamed it. I ran SFC /scannow. Here's the CBS log - exceeds 200000 character limit - will be in 3 parts:

2015-01-09 12:23:56, Info CBS Starting TrustedInstaller initialization.
2015-01-09 12:23:56, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2015-01-09 12:23:57, Info CSI 00000001@2015/1/9:20:23:57.130 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x60cfde79 @0x70f75d7d @0x70f5205a @0x231c99 @0x231236 @0x74b275a8)
2015-01-09 12:23:57, Info CSI 00000002@2015/1/9:20:23:57.161 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x60cfde79 @0x70fb7183 @0x70fb4013 @0x231c99 @0x231236 @0x74b275a8)
2015-01-09 12:23:57, Info CSI 00000003@2015/1/9:20:23:57.161 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x60cfde79 @0x72ed4bc8 @0x72ed54a6 @0x231327 @0x231245 @0x74b275a8)
2015-01-09 12:23:57, Info CBS Ending TrustedInstaller initialization.
2015-01-09 12:23:57, Info CBS Starting the TrustedInstaller main loop.
2015-01-09 12:23:57, Info CBS TrustedInstaller service starts successfully.
2015-01-09 12:23:57, Info CBS SQM: Initializing online with Windows opt-in: False
2015-01-09 12:23:57, Info CBS SQM: Cleaning up report files older than 10 days.
2015-01-09 12:23:57, Info CBS SQM: Requesting upload of all unsent reports.
2015-01-09 12:23:57, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2015-01-09 12:23:57, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2015-01-09 12:23:57, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
2015-01-09 12:23:57, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2015-01-09 12:23:57, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2015-01-09 12:23:57, Info CBS NonStart: Checking to ensure startup processing was not required.
2015-01-09 12:23:57, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xc0fd40
2015-01-09 12:23:57, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2015-01-09 12:23:57, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c8
2015-01-09 12:23:57, Info CSI 00000007@2015/1/9:20:23:57.255 CSI perf trace:
CSIPERF:TXCOMMIT;684
2015-01-09 12:23:57, Info CBS NonStart: Success, startup processing not required as expected.
2015-01-09 12:23:57, Info CBS Startup processing thread terminated normally
2015-01-09 12:23:57, Info CSI 00000008 CSI Store 902624 (0x000dc5e0) initialized
2015-01-09 12:23:57, Info CSI 00000009 [SR] Verifying 1 components
2015-01-09 12:23:57, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:57, Info CSI 0000000b Repair results created:
POQ 0 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b58c25324a2cd001030000008c10cc19._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6b02c324a2cd001040000008c10cc19.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\573636324a2cd001050000008c10cc19.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\785a3d324a2cd001060000008c10cc19.$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms"

POQ 0 ends.
2015-01-09 12:23:57, Info CSI 0000000c [SR] Verify complete
2015-01-09 12:23:57, Info CSI 0000000d [SR] Verifying 1 components
2015-01-09 12:23:57, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:57, Info CSI 0000000f Repair results created:
POQ 1 starts:

POQ 1 ends.
2015-01-09 12:23:57, Info CSI 00000010 [SR] Verify complete
2015-01-09 12:23:57, Info CSI 00000011 [SR] Verifying 1 components
2015-01-09 12:23:57, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:57, Info CSI 00000013 Repair results created:
POQ 2 starts:

POQ 2 ends.
2015-01-09 12:23:57, Info CSI 00000014 [SR] Verify complete
2015-01-09 12:23:57, Info CSI 00000015 [SR] Verifying 1 components
2015-01-09 12:23:57, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:57, Info CSI 00000017 Repair results created:
POQ 3 starts:

POQ 3 ends.
2015-01-09 12:23:57, Info CSI 00000018 [SR] Verify complete
2015-01-09 12:23:57, Info CSI 00000019 [SR] Verifying 1 components
2015-01-09 12:23:57, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 0000001b Repair results created:
POQ 4 starts:

POQ 4 ends.
2015-01-09 12:23:58, Info CSI 0000001c [SR] Verify complete
2015-01-09 12:23:58, Info CSI 0000001d [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 0000001f Repair results created:
POQ 5 starts:

POQ 5 ends.
2015-01-09 12:23:58, Info CSI 00000020 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000021 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 00000023 Repair results created:
POQ 6 starts:

POQ 6 ends.
2015-01-09 12:23:58, Info CSI 00000024 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000025 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 00000027 Repair results created:
POQ 7 starts:

POQ 7 ends.
2015-01-09 12:23:58, Info CSI 00000028 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000029 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 0000002b Repair results created:
POQ 8 starts:

POQ 8 ends.
2015-01-09 12:23:58, Info CSI 0000002c [SR] Verify complete
2015-01-09 12:23:58, Info CSI 0000002d [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 0000002f Repair results created:
POQ 9 starts:

POQ 9 ends.
2015-01-09 12:23:58, Info CSI 00000030 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000031 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 00000033 Repair results created:
POQ 10 starts:

POQ 10 ends.
2015-01-09 12:23:58, Info CSI 00000034 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000035 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 00000037 Repair results created:
POQ 11 starts:

POQ 11 ends.
2015-01-09 12:23:58, Info CSI 00000038 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000039 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 0000003b Repair results created:
POQ 12 starts:

POQ 12 ends.
2015-01-09 12:23:58, Info CSI 0000003c [SR] Verify complete
2015-01-09 12:23:58, Info CSI 0000003d [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 0000003f Repair results created:
POQ 13 starts:

POQ 13 ends.
2015-01-09 12:23:58, Info CSI 00000040 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000041 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 00000043 Repair results created:
POQ 14 starts:

POQ 14 ends.
2015-01-09 12:23:58, Info CSI 00000044 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000045 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:58, Info CSI 00000047 Repair results created:
POQ 15 starts:

POQ 15 ends.
2015-01-09 12:23:58, Info CSI 00000048 [SR] Verify complete
2015-01-09 12:23:58, Info CSI 00000049 [SR] Verifying 1 components
2015-01-09 12:23:58, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:59, Info CSI 0000004b Repair results created:
POQ 16 starts:

POQ 16 ends.
2015-01-09 12:23:59, Info CSI 0000004c [SR] Verify complete
2015-01-09 12:23:59, Info CSI 0000004d [SR] Verifying 1 components
2015-01-09 12:23:59, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:59, Info CSI 0000004f Repair results created:
POQ 17 starts:

POQ 17 ends.
2015-01-09 12:23:59, Info CSI 00000050 [SR] Verify complete
2015-01-09 12:23:59, Info CSI 00000051 [SR] Verifying 1 components
2015-01-09 12:23:59, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:59, Info CSI 00000053 Repair results created:
POQ 18 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\fb6b70334a2cd001190000008c10cc19._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\1c9077334a2cd0011a0000008c10cc19.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\fe7683334a2cd0011b0000008c10cc19.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\be3988334a2cd0011c0000008c10cc19.$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms"
4: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{7f350bf1-c163-1c68-533f-7db889fff253}", Type = REG_SZ (1), Data = {l:86 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0073006c0063002e0064006c006c002c0053004c0052006500410072006d00570069006e0064006f00770073000000}

POQ 18 ends.
2015-01-09 12:23:59, Info CSI 00000054 [SR] Verify complete
2015-01-09 12:23:59, Info CSI 00000055 [SR] Verifying 1 components
2015-01-09 12:23:59, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:59, Info CSI 00000057 Repair results created:
POQ 19 starts:

POQ 19 ends.
2015-01-09 12:23:59, Info CSI 00000058 [SR] Verify complete
2015-01-09 12:23:59, Info CSI 00000059 [SR] Verifying 1 components
2015-01-09 12:23:59, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2015-01-09 12:23:59, Info CSI 0000005b Repair results created:
POQ 20 starts:

POQ 20 ends.
2015-01-09 12:23:59, Info CSI 0000005c [SR] Verify complete
2015-01-09 12:33:59, Info CBS Reboot mark refs incremented to: 1
2015-01-09 12:33:59, Info CBS Scavenge: Starts
2015-01-09 12:33:59, Info CSI 0000005d@2015/1/9:20:33:59.993 CSI Transaction @0x14ef460 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"

2015-01-09 12:33:59, Info CBS Scavenge: Begin CSI Store
2015-01-09 12:34:00, Info CSI 0000005e Performing 1 operations; 1 are not lock/unlock and follow:
Scavenge (8): flags: 00000017
2015-01-09 12:34:00, Info CSI 0000005f Store coherency cookie matches last scavenge cookie, skipping scavenge.
2015-01-09 12:34:00, Info CSI 00000060 ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2015-01-09 12:34:00, Info CSI 00000061 Creating NT transaction (seq 2), objectname [6]"(null)"
2015-01-09 12:34:00, Info CSI 00000062 Created NT transaction (seq 2) result 0x00000000, handle @0x274
2015-01-09 12:34:00, Info CSI 00000063@2015/1/9:20:34:00.523 CSI perf trace:
CSIPERF:TXCOMMIT;17469
2015-01-09 12:34:00, Info CBS Scavenge: Completed, disposition: 0X1
2015-01-09 12:34:00, Info CSI 00000064@2015/1/9:20:34:00.523 CSI Transaction @0x14ef460 destroyed
2015-01-09 12:34:00, Info CBS Reboot mark refs: 0
2015-01-09 12:34:00, Info CBS Idle processing thread terminated normally
2015-01-09 12:34:00, Info CBS Ending the TrustedInstaller main loop.
2015-01-09 12:34:00, Info CBS Starting TrustedInstaller finalization.
2015-01-09 12:34:00, Info CBS Ending TrustedInstaller finalization.
2015-01-15 16:04:25, Info CBS Starting TrustedInstaller initialization.
2015-01-15 16:04:25, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2015-01-15 16:04:26, Info CSI 00000001@2015/1/16:00:04:26.788 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x500bde79 @0x50485d7d @0x5046205a @0xd31c99 @0xd31236 @0x768f75a8)
2015-01-15 16:04:27, Info CSI 00000002@2015/1/16:00:04:27.06 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x500bde79 @0x504c7183 @0x504c4013 @0xd31c99 @0xd31236 @0x768f75a8)
2015-01-15 16:04:27, Info CSI 00000003@2015/1/16:00:04:27.256 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x500bde79 @0x5ffc4bc8 @0x5ffc54a6 @0xd31327 @0xd31245 @0x768f75a8)
2015-01-15 16:04:27, Info CBS Ending TrustedInstaller initialization.
2015-01-15 16:04:27, Info CBS Starting the TrustedInstaller main loop.
2015-01-15 16:04:27, Info CBS TrustedInstaller service starts successfully.
2015-01-15 16:04:27, Info CBS SQM: Initializing online with Windows opt-in: False
2015-01-15 16:04:27, Info CBS SQM: Cleaning up report files older than 10 days.
2015-01-15 16:04:27, Info CBS SQM: Requesting upload of all unsent reports.
2015-01-15 16:04:27, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 16:04:27, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 16:04:27, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
2015-01-15 16:04:27, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 16:04:27, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2015-01-15 16:04:27, Info CBS NonStart: Checking to ensure startup processing was not required.
2015-01-15 16:04:27, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x143fe5c
2015-01-15 16:04:27, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2015-01-15 16:04:27, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c8
2015-01-15 16:04:27, Info CSI 00000007@2015/1/16:00:04:27.474 CSI perf trace:
CSIPERF:TXCOMMIT;605
2015-01-15 16:04:27, Info CBS NonStart: Success, startup processing not required as expected.
2015-01-15 16:04:27, Info CBS Startup processing thread terminated normally
2015-01-15 16:04:27, Info CSI 00000008 CSI Store 2016768 (0x001ec600) initialized
2015-01-15 16:04:27, Info CBS Session: 30421279_4268813806 initialized by client Windows Optional Component Manager.
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:04:40, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 16:04:40, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 16:05:03, Info CBS Session: 30421280_329495135 initialized by client Software Explorer.
2015-01-15 16:05:03, Info CBS Session: 30421280_329495136 initialized by client Software Explorer.
2015-01-15 16:05:03, Info CBS Session: 30421280_334019143 initialized by client Software Explorer.
2015-01-15 16:05:03, Info CBS Session: 30421280_336671147 initialized by client Software Explorer.
2015-01-15 16:05:04, Info CBS Session: 30421280_346967166 initialized by client Software Explorer.
2015-01-15 16:05:05, Info CBS Session: 30421280_348839169 initialized by client Software Explorer.
2015-01-15 16:26:29, Info CBS Reboot mark refs incremented to: 1
2015-01-15 16:26:29, Info CBS Scavenge: Starts
2015-01-15 16:26:29, Info CSI 00000009@2015/1/16:00:26:29.616 CSI Transaction @0x200e68 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"

2015-01-15 16:26:29, Info CBS Scavenge: Begin CSI Store
2015-01-15 16:26:30, Info CSI 0000000a Performing 1 operations; 1 are not lock/unlock and follow:
Scavenge (8): flags: 00000017
2015-01-15 16:26:30, Info CSI 0000000b Store coherency cookie matches last scavenge cookie, skipping scavenge.
2015-01-15 16:26:30, Info CSI 0000000c ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2015-01-15 16:26:30, Info CSI 0000000d Creating NT transaction (seq 2), objectname [6]"(null)"
2015-01-15 16:26:30, Info CSI 0000000e Created NT transaction (seq 2) result 0x00000000, handle @0x2bc
2015-01-15 16:26:30, Info CSI 0000000f@2015/1/16:00:26:30.662 CSI perf trace:
CSIPERF:TXCOMMIT;86946
2015-01-15 16:26:30, Info CBS Scavenge: Completed, disposition: 0X1
2015-01-15 16:26:30, Info CSI 00000010@2015/1/16:00:26:30.662 CSI Transaction @0x200e68 destroyed
2015-01-15 16:26:30, Info CBS Reboot mark refs: 0
2015-01-15 16:26:30, Info CBS Idle processing thread terminated normally
2015-01-15 16:26:30, Info CBS Ending the TrustedInstaller main loop.
2015-01-15 16:26:30, Info CBS Starting TrustedInstaller finalization.
2015-01-15 16:26:30, Info CBS Ending TrustedInstaller finalization.
2015-01-15 17:01:22, Info CBS Starting TrustedInstaller initialization.
2015-01-15 17:01:22, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2015-01-15 17:01:23, Info CSI 00000001@2015/1/16:01:01:23.517 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5098de79 @0x5abe5d7d @0x5abc205a @0x3e1c99 @0x3e1236 @0x768f75a8)
2015-01-15 17:01:23, Info CSI 00000002@2015/1/16:01:01:23.736 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5098de79 @0x5ac27183 @0x5ac24013 @0x3e1c99 @0x3e1236 @0x768f75a8)
2015-01-15 17:01:23, Info CSI 00000003@2015/1/16:01:01:23.751 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5098de79 @0x73984bc8 @0x739854a6 @0x3e1327 @0x3e1245 @0x768f75a8)
2015-01-15 17:01:23, Info CBS Ending TrustedInstaller initialization.
2015-01-15 17:01:23, Info CBS Starting the TrustedInstaller main loop.
2015-01-15 17:01:23, Info CBS TrustedInstaller service starts successfully.
2015-01-15 17:01:23, Info CBS SQM: Initializing online with Windows opt-in: False
2015-01-15 17:01:23, Info CBS SQM: Cleaning up report files older than 10 days.
2015-01-15 17:01:23, Info CBS SQM: Requesting upload of all unsent reports.
2015-01-15 17:01:23, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 17:01:23, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 17:01:23, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
2015-01-15 17:01:23, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 17:01:23, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2015-01-15 17:01:23, Info CBS NonStart: Checking to ensure startup processing was not required.
2015-01-15 17:01:23, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x12dfacc
2015-01-15 17:01:23, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2015-01-15 17:01:23, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c8
2015-01-15 17:01:23, Info CSI 00000007@2015/1/16:01:01:23.954 CSI perf trace:
CSIPERF:TXCOMMIT;12743
2015-01-15 17:01:23, Info CBS NonStart: Success, startup processing not required as expected.
2015-01-15 17:01:23, Info CBS Startup processing thread terminated normally
2015-01-15 17:01:24, Info CBS Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SOFTWARE' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\System32\config\SOFTWARE'.
2015-01-15 17:01:24, Info CBS Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SYSTEM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\System32\config\SYSTEM'.
2015-01-15 17:01:24, Info CBS Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SECURITY' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\System32\config\SECURITY'.
2015-01-15 17:01:24, Info CBS Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SAM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\System32\config\SAM'.
2015-01-15 17:01:24, Info CBS Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/COMPONENTS' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\System32\config\COMPONENTS'.
2015-01-15 17:01:24, Info CBS Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/DEFAULT' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\System32\config\DEFAULT'.
2015-01-15 17:01:24, Info CBS Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Users/default/ntuser.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Users\default\ntuser.dat'.
2015-01-15 17:01:24, Info CBS Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/system32/smi/store/Machine/schema.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\system32\smi\store\Machine\schema.dat'.
2015-01-15 17:01:24, Info CBS Offline image is: read-only
2015-01-15 17:01:24, Info CBS Disabling manifest caching, because the image is not writeable.
2015-01-15 17:01:24, Info CSI 00000008 CSI Store 1558208 (0x0017c6c0) initialized
2015-01-15 17:01:24, Info CBS Session: 4944_10000132 initialized by client SPP.
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:01:38, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:01:38, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:02:08, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SOFTWARE
2015-01-15 17:02:08, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SYSTEM
2015-01-15 17:02:09, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SECURITY
2015-01-15 17:02:09, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/SAM
2015-01-15 17:02:09, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/COMPONENTS
2015-01-15 17:02:09, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/System32/config/DEFAULT
2015-01-15 17:02:09, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Users/default/ntuser.dat
2015-01-15 17:02:09, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy6/Windows/system32/smi/store/Machine/schema.dat
2015-01-15 17:02:55, Info CBS Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SOFTWARE' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SOFTWARE'.
2015-01-15 17:02:55, Info CBS Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SYSTEM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SYSTEM'.
2015-01-15 17:02:55, Info CBS Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SECURITY' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SECURITY'.
2015-01-15 17:02:55, Info CBS Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SAM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SAM'.
2015-01-15 17:02:55, Info CBS Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/COMPONENTS' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\COMPONENTS'.
2015-01-15 17:02:55, Info CBS Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/DEFAULT' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\DEFAULT'.
2015-01-15 17:02:55, Info CBS Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Users/default/ntuser.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Users\default\ntuser.dat'.
2015-01-15 17:02:55, Info CBS Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/system32/smi/store/Machine/schema.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\system32\smi\store\Machine\schema.dat'.
2015-01-15 17:02:55, Info CBS Offline image is: read-only
2015-01-15 17:02:55, Info CBS Disabling manifest caching, because the image is not writeable.
2015-01-15 17:02:55, Info CSI 00000009 CSI Store 1558208 (0x0017c6c0) initialized
2015-01-15 17:02:55, Info CBS Session: 4944_10091205 initialized by client SPP.
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:03:13, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:03:13, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SOFTWARE
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SYSTEM
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SECURITY
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SAM
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/COMPONENTS
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/DEFAULT
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Users/default/ntuser.dat
2015-01-15 17:04:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/system32/smi/store/Machine/schema.dat
2015-01-15 17:06:08, Info CBS Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SOFTWARE' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\config\SOFTWARE'.
2015-01-15 17:06:08, Info CBS Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SYSTEM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\config\SYSTEM'.
2015-01-15 17:06:08, Info CBS Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SECURITY' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\config\SECURITY'.
2015-01-15 17:06:08, Info CBS Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SAM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\config\SAM'.
2015-01-15 17:06:08, Info CBS Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/COMPONENTS' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\config\COMPONENTS'.
2015-01-15 17:06:08, Info CBS Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/DEFAULT' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\config\DEFAULT'.
2015-01-15 17:06:08, Info CBS Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Users/default/ntuser.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Users\default\ntuser.dat'.
2015-01-15 17:06:09, Info CBS Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/system32/smi/store/Machine/schema.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\system32\smi\store\Machine\schema.dat'.
2015-01-15 17:06:09, Info CBS Offline image is: read-only
2015-01-15 17:06:09, Info CBS Disabling manifest caching, because the image is not writeable.
2015-01-15 17:06:09, Info CSI 0000000a CSI Store 1964024 (0x001df7f8) initialized
2015-01-15 17:06:09, Info CBS Session: 4944_10284911 initialized by client SPP.
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:06:28, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM]
2015-01-15 17:06:28, Info CBS Warning: Unrecognized packageExtended attribute.
2015-01-15 17:07:14, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SOFTWARE
2015-01-15 17:07:15, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SYSTEM
2015-01-15 17:07:15, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SECURITY
2015-01-15 17:07:15, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/SAM
2015-01-15 17:07:15, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/COMPONENTS
2015-01-15 17:07:15, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/System32/config/DEFAULT
2015-01-15 17:07:15, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Users/default/ntuser.dat
2015-01-15 17:07:15, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Windows/system32/smi/store/Machine/schema.dat
2015-01-15 17:17:15, Info CBS Reboot mark refs incremented to: 1
2015-01-15 17:17:15, Info CBS Scavenge: Starts
2015-01-15 17:17:15, Info CSI 0000000b CSI Store 1558016 (0x0017c600) initialized
2015-01-15 17:17:15, Info CSI 0000000c@2015/1/16:01:17:15.494 CSI Transaction @0x194e68 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"

2015-01-15 17:17:15, Info CBS Scavenge: Begin CSI Store
2015-01-15 17:17:18, Info CSI 0000000d Performing 1 operations; 1 are not lock/unlock and follow:
Scavenge (8): flags: 00000017
2015-01-15 17:17:18, Info CSI 0000000e Store coherency cookie matches last scavenge cookie, skipping scavenge.
2015-01-15 17:17:18, Info CSI 0000000f ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2015-01-15 17:17:18, Info CSI 00000010 Creating NT transaction (seq 2), objectname [6]"(null)"
2015-01-15 17:17:18, Info CSI 00000011 Created NT transaction (seq 2) result 0x00000000, handle @0x20c
2015-01-15 17:17:18, Info CSI 00000012@2015/1/16:01:17:18.958 CSI perf trace:
CSIPERF:TXCOMMIT;70771
2015-01-15 17:17:18, Info CBS Scavenge: Completed, disposition: 0X1
2015-01-15 17:17:18, Info CSI 00000013@2015/1/16:01:17:18.958 CSI Transaction @0x194e68 destroyed
2015-01-15 17:17:18, Info CBS Reboot mark refs: 0
2015-01-15 17:17:18, Info CBS Idle processing thread terminated normally
2015-01-15 17:17:18, Info CBS Ending the TrustedInstaller main loop.
2015-01-15 17:17:18, Info CBS Starting TrustedInstaller finalization.
2015-01-15 17:17:19, Info CBS Ending TrustedInstaller finalization.
2015-01-15 18:42:17, Info CBS Starting TrustedInstaller initialization.
2015-01-15 18:42:17, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2015-01-15 18:42:18, Info CSI 00000001@2015/1/16:02:42:18.364 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5098de79 @0x5abe5d7d @0x5abc205a @0x561c99 @0x561236 @0x768f75a8)
2015-01-15 18:42:18, Info CSI 00000002@2015/1/16:02:42:18.396 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5098de79 @0x5ac27183 @0x5ac24013 @0x561c99 @0x561236 @0x768f75a8)
2015-01-15 18:42:18, Info CSI 00000003@2015/1/16:02:42:18.396 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5098de79 @0x633f4bc8 @0x633f54a6 @0x561327 @0x561245 @0x768f75a8)
2015-01-15 18:42:18, Info CBS Ending TrustedInstaller initialization.
2015-01-15 18:42:18, Info CBS Starting the TrustedInstaller main loop.
2015-01-15 18:42:18, Info CBS TrustedInstaller service starts successfully.
2015-01-15 18:42:18, Info CBS SQM: Initializing online with Windows opt-in: False
2015-01-15 18:42:18, Info CBS SQM: Cleaning up report files older than 10 days.
2015-01-15 18:42:18, Info CBS SQM: Requesting upload of all unsent reports.
2015-01-15 18:42:18, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 18:42:18, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 18:42:18, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
2015-01-15 18:42:18, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2015-01-15 18:42:18, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2015-01-15 18:42:18, Info CBS NonStart: Checking to ensure startup processing was not required.
2015-01-15 18:42:18, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x53f990
2015-01-15 18:42:18, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2015-01-15 18:42:18, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c8
2015-01-15 18:42:18, Info CSI 00000007@2015/1/16:02:42:18.474 CSI perf trace:
CSIPERF:TXCOMMIT;537
2015-01-15 18:42:18, Info CBS NonStart: Success, startup processing not required as expected.
2015-01-15 18:42:18, Info CBS Startup processing thread terminated normally
2015-01-15 18:42:18, Info CSI 00000008 CSI Store 1689056 (0x0019c5e0) initialized
2015-01-15 18:42:21, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:42:21, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2015-01-15 18:42:26, Info CSI 0000000b Repair results created:
POQ 0 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\3ed237103631d001660000008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\5ef63e103631d001670000008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\1fb943103631d001680000008c13c807.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"

POQ 0 ends.
2015-01-15 18:42:26, Info CSI 0000000c [SR] Verify complete
2015-01-15 18:42:27, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2015-01-15 18:42:27, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2015-01-15 18:42:31, Info CSI 0000000f Repair results created:
POQ 1 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\28e7bc123631d001cd0000008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\490bc4123631d001ce0000008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\4b16d7123631d001cf0000008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\2cfde2123631d001d00000008c13c807.$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms"
4: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\edbfe7123631d001d10000008c13c807.$$_system32_windowspowershell_v1.0_modules_applocker_b50db0a500311141.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_applocker_b50db0a500311141.cdf-ms"
5: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\b29812133631d001d20000008c13c807.$$_system32_windowspowershell_v1.0_modules_applocker_en-us_0185315044ae185f.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_applocker_en-us_0185315044ae185f.cdf-ms"

POQ 1 ends.
2015-01-15 18:42:31, Info CSI 00000010 [SR] Verify complete
2015-01-15 18:42:31, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:42:31, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2015-01-15 18:42:38, Info CSI 00000013 Repair results created:
POQ 2 starts:

POQ 2 ends.
2015-01-15 18:42:38, Info CSI 00000014 [SR] Verify complete
2015-01-15 18:42:38, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:42:38, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2015-01-15 18:42:47, Info CSI 00000017 Repair results created:
POQ 3 starts:

POQ 3 ends.
2015-01-15 18:42:47, Info CSI 00000018 [SR] Verify complete
2015-01-15 18:42:48, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:42:48, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2015-01-15 18:42:52, Info CSI 0000001b Repair results created:
POQ 4 starts:

POQ 4 ends.
2015-01-15 18:42:52, Info CSI 0000001c [SR] Verify complete
2015-01-15 18:42:52, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2015-01-15 18:42:52, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2015-01-15 18:42:57, Info CSI 0000001f Repair results created:
POQ 5 starts:

POQ 5 ends.
2015-01-15 18:42:57, Info CSI 00000020 [SR] Verify complete
2015-01-15 18:42:58, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:42:58, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:01, Info CSI 00000023 Repair results created:
POQ 6 starts:

POQ 6 ends.
2015-01-15 18:43:01, Info CSI 00000024 [SR] Verify complete
2015-01-15 18:43:01, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:01, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:04, Info CSI 00000027 Repair results created:
POQ 7 starts:

POQ 7 ends.
2015-01-15 18:43:04, Info CSI 00000028 [SR] Verify complete
2015-01-15 18:43:05, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:05, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:07, Info CSI 0000002b Repair results created:
POQ 8 starts:

POQ 8 ends.
2015-01-15 18:43:07, Info CSI 0000002c [SR] Verify complete
2015-01-15 18:43:08, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:08, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:10, Info CSI 0000002f Repair results created:
POQ 9 starts:

POQ 9 ends.
2015-01-15 18:43:10, Info CSI 00000030 [SR] Verify complete
2015-01-15 18:43:10, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:10, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:12, Info CSI 00000033 Repair results created:
POQ 10 starts:

POQ 10 ends.
2015-01-15 18:43:12, Info CSI 00000034 [SR] Verify complete
2015-01-15 18:43:13, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:13, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:15, Info CSI 00000037 Repair results created:
POQ 11 starts:

POQ 11 ends.
2015-01-15 18:43:15, Info CSI 00000038 [SR] Verify complete
2015-01-15 18:43:16, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:16, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:23, Info CSI 0000003b Repair results created:
POQ 12 starts:

POQ 12 ends.
2015-01-15 18:43:23, Info CSI 0000003c [SR] Verify complete
2015-01-15 18:43:24, Info CSI 0000003d [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:24, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:33, Info CSI 0000003f Repair results created:
POQ 13 starts:

POQ 13 ends.
2015-01-15 18:43:33, Info CSI 00000040 [SR] Verify complete
2015-01-15 18:43:35, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:35, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:41, Info CSI 00000043 Repair results created:
POQ 14 starts:

POQ 14 ends.
2015-01-15 18:43:41, Info CSI 00000044 [SR] Verify complete
2015-01-15 18:43:42, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:42, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:48, Info CSI 00000047 Repair results created:
POQ 15 starts:

POQ 15 ends.
2015-01-15 18:43:48, Info CSI 00000048 [SR] Verify complete
2015-01-15 18:43:48, Info CSI 00000049 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:48, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:53, Info CSI 0000004b Repair results created:
POQ 16 starts:

POQ 16 ends.
2015-01-15 18:43:53, Info CSI 0000004c [SR] Verify complete
2015-01-15 18:43:53, Info CSI 0000004d [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:53, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2015-01-15 18:43:58, Info CSI 0000004f Repair results created:
POQ 17 starts:

POQ 17 ends.
2015-01-15 18:43:58, Info CSI 00000050 [SR] Verify complete
2015-01-15 18:43:58, Info CSI 00000051 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:43:58, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2015-01-15 18:44:10, Info CSI 00000053 Repair results created:
POQ 18 starts:

POQ 18 ends.
2015-01-15 18:44:10, Info CSI 00000054 [SR] Verify complete
2015-01-15 18:44:10, Info CSI 00000055 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:44:10, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2015-01-15 18:44:19, Info CSI 00000057 Repair results created:
POQ 19 starts:

POQ 19 ends.
2015-01-15 18:44:19, Info CSI 00000058 [SR] Verify complete
2015-01-15 18:44:19, Info CSI 00000059 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:44:19, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2015-01-15 18:44:23, Info CSI 0000005b Repair results created:
POQ 20 starts:

POQ 20 ends.
2015-01-15 18:44:23, Info CSI 0000005c [SR] Verify complete
2015-01-15 18:44:23, Info CSI 0000005d [SR] Verifying 100 (0x00000064) components
2015-01-15 18:44:23, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2015-01-15 18:44:57, Info CSI 0000005f Repair results created:
POQ 21 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\bca8ca653631d001a30800008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d6bcf653631d001a40800008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\a09ae9653631d001a50800008c13c807.$$_help_windows_en-us_b594929e73669c5e.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_en-us_b594929e73669c5e.cdf-ms"
3: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\626801663631d001a60800008c13c807.$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms"
4: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\fc66dc663631d001a70800008c13c807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms"
5: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\dd4de8663631d001a80800008c13c807.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\1f96f6663631d001a90800008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
7: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\3fbafd663631d001aa0800008c13c807.$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms"

2015-01-15 18:44:57, Info CSI 8: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c76040673631d001ab0800008c13c807.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"
9: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\58b4e5683631d001ac0800008c13c807.$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms"
10: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\ba20fb683631d001ad0800008c13c807.programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms"
11: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\935cd1693631d001ae0800008c13c807.$$_system32_compattel_387f970722416aa9.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_system32_compattel_387f970722416aa9.cdf-ms"
12: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\b380d8693631d001af0800008c13c807.$$_system32_compattel_complianceplugins_93078cd234b92c44.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_system32_compattel_complianceplugins_93078cd234b92c44.cdf-ms"
13: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\764ef0693631d001b00800008c13c807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms"
14: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6aff2693631d001b10800008c13c807.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms"

POQ 21 ends.
2015-01-15 18:44:57, Info CSI 00000060 [SR] Verify complete
2015-01-15 18:45:01, Info CSI 00000061 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:45:01, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2015-01-15 18:45:22, Info CSI 00000063 Repair results created:
POQ 22 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\1d1a35773631d001160900008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\dedc39773631d001170900008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\3e3e3c773631d001180900008c13c807.$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms"
3: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\5f6243773631d001190900008c13c807.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
4: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\bfc345773631d0011a0900008c13c807.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
5: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0e74c773631d0011b0900008c13c807.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\52a1e7773631d0011c0900008c13c807.$$_schcache_f995a5d4decb8cc0.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf-ms"
7: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\389e19783631d0011d0900008c13c807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms"
8: Move File: Source = [l:252{126}]"\S
2015-01-15 18:45:22, Info CSI ystemRoot\WinSxS\Temp\PendingRenames\6a1ab9783631d0011e0900008c13c807.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
9: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\8b3ec0783631d0011f0900008c13c807.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
10: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\ae6dda783631d001200900008c13c807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms"

POQ 22 ends.
2015-01-15 18:45:22, Info CSI 00000064 [SR] Verify complete
2015-01-15 18:45:22, Info CSI 00000065 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:45:22, Info CSI 00000066 [SR] Beginning Verify and Repair transaction
2015-01-15 18:45:34, Info CSI 00000067 Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Branding\Shellbrd" in component Microsoft-Windows-Branding-Shell-Professional, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:45:36, Info CSI 00000068 Ignoring duplicate ownership for directory [l:74{37}]"\??\C:\Windows\Branding\Basebrd\en-US" in component Microsoft-Windows-Branding-Base-Professional.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:45:36, Info CSI 00000069 Ignoring duplicate ownership for directory [l:62{31}]"\??\C:\Windows\Branding\Basebrd" in component Microsoft-Windows-Branding-Base-Professional, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:45:37, Info CSI 0000006a Repair results created:
POQ 23 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\435c16803631d001850900008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\435c16803631d001860900008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\031f1b803631d001870900008c13c807.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4e11f803631d001880900008c13c807.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
4: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\ae758e813631d001890900008c13c807.$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms"
5: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\0ed790813631d0018a0900008c13c807.$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\dee61a823631d0018b0900008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
7: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\9fa91f823631d0018c0900008c13c807.$$_system32_boot_06654401df2fc50e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms"

POQ 23 ends.
2015-01-15 18:45:37, Info CSI 0000006b [SR] Verify complete
2015-01-15 18:45:37, Info CSI 0000006c [SR] Verifying 100 (0x00000064) components
2015-01-15 18:45:37, Info CSI 0000006d [SR] Beginning Verify and Repair transaction
2015-01-15 18:45:46, Info CSI 0000006e Ignoring duplicate ownership for directory [ml:14{7},l:12{6}]"\??\C:" in component Microsoft-Windows-Client-Features-Default-Security, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:45:50, Info CSI 0000006f Repair results created:
POQ 24 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\4c8ee9863631d001f10900008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\4c8ee9863631d001f20900008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\acefeb863631d001f30900008c13c807.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\6db2f0863631d001f40900008c13c807.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
4: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\be4784873631d001f50900008c13c807.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms"
5: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\6407bb873631d001f60900008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\25cabf873631d001f70900008c13c807.$$_inf_bits_0ef6f148bde367d9.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0ef6f148bde367d9.cdf-ms"
7: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\06b1cb873631d001f80900008c13c807.$$_inf_bits_0409_a03dbeed63e8350a.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0409_a03dbeed63e8350a.cdf-ms"
8: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\681de1873631d001f90900008c13c807.$$_inf_msd
2015-01-15 18:45:50, Info CSI tc_0ef70686e1d9b30c.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0ef70686e1d9b30c.cdf-ms"
9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\29e0e5873631d001fa0900008c13c807.$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms"
10: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\b3913b883631d001fb0900008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
11: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5d949883631d001fc0900008c13c807.program_files_dvd_maker_405775de8763ce75.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_405775de8763ce75.cdf-ms"
12: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\b59c4e883631d001fd0900008c13c807.program_files_dvd_maker_en-us_5c61cfeeeb9f5061.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_en-us_5c61cfeeeb9f5061.cdf-ms"
13: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6c055883631d001fe0900008c13c807.$$_inf_msdtc_0409_5b1b92d34f36ae69.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0409_5b1b92d34f36ae69.cdf-ms"
14: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\e899048a3631d001ff0900008c13c807.$$_inf_bits_0000_a03dbf7d63e833bd.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_bits_0000_a03dbf7d63e833bd.cdf-ms"

POQ 24 ends.
2015-01-15 18:45:50, Info CSI 00000070 [SR] Verify complete
2015-01-15 18:45:51, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:45:51, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2015-01-15 18:45:59, Info CSI 00000073 Repair results created:
POQ 25 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c5ef5a8f3631d001640a00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\c5ef5a8f3631d001650a00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\67996b8f3631d001660a00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\275c708f3631d001670a00008c13c807.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms"
4: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\e81e758f3631d001680a00008c13c807.$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms"

POQ 25 ends.
2015-01-15 18:45:59, Info CSI 00000074 [SR] Verify complete
2015-01-15 18:46:00, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:46:00, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2015-01-15 18:46:12, Info CSI 00000077 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\es-ES" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"es-ES", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:12, Info CSI 00000078 Ignoring duplicate ownership for directory [l:60{30}]"\??\C:\Program Files\DVD Maker" in component Microsoft-Windows-ClipsInTheLibrary, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:12, Info CSI 00000079 Ignoring duplicate ownership for directory [l:74{37}]"\??\C:\Program Files\DVD Maker\Shared" in component Microsoft-Windows-ClipsInTheLibrary, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:14, Info CSI 0000007a Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\et-EE" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"et-EE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:15, Info CSI 0000007b Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ja-JP" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ja-JP", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:15, Info CSI 0000007c Repair results created:
POQ 26 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\91ef45963631d001cd0a00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\91ef45963631d001ce0a00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\12754f963631d001cf0a00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d23754963631d001d00a00008c13c807.$$_system32_hr-hr_485036ac7c4f596f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms"
4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\148062963631d001d10a00008c13c807.$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3ed0b5963631d001d20a00008c13c807.$$_system32_es-es_429cd1a084dc7119.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms"
6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\40dbc8963631d001d30a00008c13c807.$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms"
7: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\009ecd963631d001d40a00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
8: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\61ffcf9
2015-01-15 18:46:15, Info CSI 63631d001d50a00008c13c807.program_files_dvd_maker_405775de8763ce75.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_405775de8763ce75.cdf-ms"
9: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\e284d9963631d001d60a00008c13c807.program_files_dvd_maker_shared_a54613779b918be2.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_a54613779b918be2.cdf-ms"
10: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\44f1ee963631d001d70a00008c13c807.$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms"
11: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8639fd963631d001d80a00008c13c807.$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms"
12: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\28e30d973631d001d90a00008c13c807.$$_system32_com_066545e3d047e7c7.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_com_066545e3d047e7c7.cdf-ms"
13: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\692b1c973631d001da0a00008c13c807.$$_servicing_fc2045b9046cc796.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms"
14: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a4f23973631d001db0a00008c13c807.$$_servicing_editions_596ea20ddafb9f7d.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_servicing_editions_596ea20ddafb9f7d.cdf-ms"
15: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\4d1d3b973631d001dc0a00008c13c807.$$_system32_he-il_48502d1c7c4f6669.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms"
16: Move File: Source = [l:226{113}]"\SystemRoot
2015-01-15 18:46:15, Info CSI \WinSxS\Temp\PendingRenames\8f6549973631d001dd0a00008c13c807.$$_system32_ar-sa_3b02d130904371b4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms"
17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7ce90973631d001de0a00008c13c807.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\bccbc2973631d001df0a00008c13c807.$$_system32_el-gr_429cd0b684dc71bd.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms"
19: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0fadc973631d001e00a00008c13c807.$$_system32_ko-kr_4e039de673c23e4a.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms"
20: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e205f0973631d001e10a00008c13c807.$$_system32_da-dk_40b64d5e87b63595.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms"
21: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\e61b16983631d001e20a00008c13c807.$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms"
22: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\467d18983631d001e30a00008c13c807.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
23: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\07401d983631d001e40a00008c13c807.$$_resources_ease_of_access_themes_e29108c7f81ea04c.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_resources_ease_of_access_themes_e29108c7f81ea04c.cdf-ms"
24: Move File: S
2015-01-15 18:46:15, Info CSI ource = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ad039983631d001e50a00008c13c807.$$_system32_de-de_40b6416a87b647ef.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms"
25: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8cdb4c983631d001e60a00008c13c807.$$_system32_et-ee_429cb6e884dc9948.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms"
26: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ce235b983631d001e70a00008c13c807.$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms"
27: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\77eea4983631d001e80a00008c13c807.$$_system32_fi-fi_448337a68202d703.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms"
28: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b836b3983631d001e90a00008c13c807.$$_system32_fr-fr_448347788202c03b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms"
29: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\fa7ec1983631d001ea0a00008c13c807.$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms"

POQ 26 ends.
2015-01-15 18:46:15, Info CSI 0000007d [SR] Verify complete
2015-01-15 18:46:15, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2015-01-15 18:46:15, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2015-01-15 18:46:26, Info CSI 00000080 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pl-PL" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pl-PL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:26, Info CSI 00000081 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pt-PT" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pt-PT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:27, Info CSI 00000082 Ignoring duplicate ownership for directory [l:68{34}]"\??\C:\Windows\System32\sr-Latn-CS" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:20{10}]"sr-Latn-CS", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:31, Info CSI 00000083 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\nb-NO" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:33, Info CSI 00000084 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\th-TH" in component Microsoft-Windows-comdlg32.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"th-TH", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:46:33, Info CSI 00000085 Repair results created:
POQ 27 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\9c2e599f3631d0014f0b00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\9c2e599f3631d001500b00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\1db4629f3631d001510b00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3ed8699f3631d001520b00008c13c807.$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms"
4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\40e37c9f3631d001530b00008c13c807.$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\03b1949f3631d001540b00008c13c807.$$_system32_pt-pt_5783f7006581b92f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms"
6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\8641b19f3631d001550b00008c13c807.$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms"
7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\28ebc19f3631d001560b00008c13c807.$$_system32_uk-ua_61042a3457416b73.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms"
8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\Pend
2015-01-15 18:46:33, Info CSI ingRenames\0cdde09f3631d001570b00008c13c807.$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms"
9: Move File: Source = [l:206{103}]"\SystemRoot\WinSxS\Temp\PendingRenames\cc9fe59f3631d001580b00008c13c807.$$_temp_401038c9a18c18c0.cdf-ms", Destination = [l:118{59}]"\SystemRoot\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms"
10: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\ceaaf89f3631d001590b00008c13c807.programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms"
11: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\503002a03631d0015a0b00008c13c807.programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms"
12: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\b09104a03631d0015b0b00008c13c807.programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms"
13: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\12fe19a03631d0015c0b00008c13c807.$$_system32_zh-cn_6a8499504900c466.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms"
14: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b4a72aa03631d0015d0b00008c13c807.$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms"
15: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\56513ba03631d0015e0b00008c13c807.$$_system32_zh-tw_6a84aa664900aad6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$
2015-01-15 18:46:33, Info CSI _system32_zh-tw_6a84aa664900aad6.cdf-ms"
16: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3a4587a23631d0015f0b00008c13c807.$$_system32_nb-no_53b700d66b352886.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms"
17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\7e98a8a23631d001600b00008c13c807.$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms"
18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2458dfa23631d001610b00008c13c807.$$_system32_pt-br_5783f3346581bed3.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms"
19: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a9f30ea33631d001620b00008c13c807.$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms"
20: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\cc2229a33631d001630b00008c13c807.$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms"
21: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\0e6b37a33631d001640b00008c13c807.$$_system32_lt-lt_4fea189870e886c7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms"
22: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d1384fa33631d001650b00008c13c807.$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms"
23: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d34362a33631d001660b00008c13c807.$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system3
2015-01-15 18:46:33, Info CSI 2_tr-tr_5f1dd1e45a1af0a7.cdf-ms"
24: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\56d47ea33631d001670b00008c13c807.$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms"
25: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\19a296a33631d001680b00008c13c807.$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms"

POQ 27 ends.
2015-01-15 18:46:33, Info CSI 00000086 [SR] Verify complete
2015-01-15 18:46:33, Info CSI 00000087 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:46:33, Info CSI 00000088 [SR] Beginning Verify and Repair transaction
2015-01-15 18:46:54, Info CSI 00000089 Repair results created:
POQ 28 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\ec43d1ab3631d001cd0b00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\ec43d1ab3631d001ce0b00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\ac06d6ab3631d001cf0b00008c13c807.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms"
3: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\0c68d8ab3631d001d00b00008c13c807.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms"
4: Move File: Source = [l:248{124}]"\SystemRoot\WinSxS\Temp\PendingRenames\3ace51ac3631d001d10b00008c13c807.$$_diagnostics_system_device_9d2d754600160183.cdf-ms", Destination = [l:160{80}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_device_9d2d754600160183.cdf-ms"
5: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\fb9056ac3631d001d20b00008c13c807.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\5dfd6bac3631d001d30b00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\9f457aac3631d001d40b00008c13c807.$$_system32_drivers_dc1b782427b5ee1b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\
2015-01-15 18:46:54, Info CSI WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms"
8: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\c06981ac3631d001d50b00008c13c807.$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms"
9: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\621392ac3631d001d60b00008c13c807.$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms"
10: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\9bb297af3631d001d70b00008c13c807.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms"
11: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\1c38a1af3631d001d80b00008c13c807.$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms"
12: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\a1d3d0af3631d001d90b00008c13c807.$$_system32_dism_066548addf2fbd4b.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms"
13: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\4588f4af3631d001da0b00008c13c807.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms"
14: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\297a13b03631d001db0b00008c13c807.$$_system32_dism_en-us_064f3ab06d0848d3.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_dism_en-us_064f3ab06d0848d3.cdf-ms"

POQ 28 ends.
2015-01-15 18:46:54, Info CSI 0000008a [SR] Verify complete
2015-01-15 18:46:54, Info CSI 0000008b [SR] Verifying 100 (0x00000064) components
2015-01-15 18:46:54, Info CSI 0000008c [SR] Beginning Verify and Repair transaction
2015-01-15 18:47:13, Info CSI 0000008d Repair results created:
POQ 29 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\f37245bb3631d001400c00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\f37245bb3631d001410c00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\b3354abb3631d001420c00008c13c807.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\74f84ebb3631d001430c00008c13c807.$$_ime_imejp10_dicts_281006c600450618.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_dicts_281006c600450618.cdf-ms"
4: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\35bb53bb3631d001440c00008c13c807.$$_ime_imejp10_help_280ffde19e779392.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_help_280ffde19e779392.cdf-ms"
5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6405dbb3631d001450c00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\d66464bb3631d001460c00008c13c807.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms"
7: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\972769bb3631d001470c00008c13c807.$$_system32_ime_imejp10_aead4918eed09977.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_aead4918eed09977.cdf-ms"
8: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\Pend
2015-01-15 18:47:13, Info CSI ingRenames\58ea6dbb3631d001480c00008c13c807.$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms"

POQ 29 ends.
2015-01-15 18:47:13, Info CSI 0000008e [SR] Verify complete
2015-01-15 18:47:14, Info CSI 0000008f [SR] Verifying 100 (0x00000064) components
2015-01-15 18:47:14, Info CSI 00000090 [SR] Beginning Verify and Repair transaction
2015-01-15 18:47:22, Info CSI 00000091 Repair results created:
POQ 30 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\33b49abf3631d001ad0c00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\33b49abf3631d001ae0c00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\f3769fbf3631d001af0c00008c13c807.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms"
3: Move File: Source = [l:248{124}]"\SystemRoot\WinSxS\Temp\PendingRenames\f581b2bf3631d001b00c00008c13c807.$$_diagnostics_system_device_9d2d754600160183.cdf-ms", Destination = [l:160{80}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_device_9d2d754600160183.cdf-ms"
4: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{8d061f6b-ba73-d91c-b1a6-321233838362}", Type = REG_SZ (1), Data = {l:110 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00640068006300700063007300760063002e0064006c006c002c00440068006300700043006c00690065006e0074005f00470065006e006500720061006c0069007a0065000000}

POQ 30 ends.
2015-01-15 18:47:22, Info CSI 00000092 [SR] Verify complete
2015-01-15 18:47:22, Info CSI 00000093 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:47:22, Info CSI 00000094 [SR] Beginning Verify and Repair transaction
2015-01-15 18:47:35, Info CSI 00000095 Repair results created:
POQ 31 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e6bbcac63631d001150d00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\e6bbcac63631d001160d00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\a77ecfc63631d001170d00008c13c807.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
3: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\07e0d1c63631d001180d00008c13c807.$$_ehome_mcx_022df17cf4546600.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_mcx_022df17cf4546600.cdf-ms"
4: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\07e0d1c63631d001190d00008c13c807.$$_ehome_mcx_x02_7afb1a3b86c42e5e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_mcx_x02_7afb1a3b86c42e5e.cdf-ms"
5: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\2fa628c83631d0011a0d00008c13c807.programdata_microsoft_windows_devicemetadatastore_en-us_cc94fe8746890b55.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_en-us_cc94fe8746890b55.cdf-ms"
6: Move File: Source = [l:346{173}]"\SystemRoot\WinSxS\Temp\PendingRenames\2fa628c83631d0011b0d00008c13c807.programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9__0ce7c057892d5774.cdf-ms", Destination = [l:258{129}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9__0ce7c057892d5774.cdf-ms"
7: Move File: Source = [l:350{175}]"\SystemRoot\WinSxS\Temp\PendingRenames\2fa628c83631d0011c0d00008c13c807.programdata_microsoft_device_stage_devic
2015-01-15 18:47:35, Info CSI e_8702d817-5aad-4674-9ef3-4d3decd87120__8740ea4a07ab72cd.cdf-ms", Destination = [l:262{131}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_device_8702d817-5aad-4674-9ef3-4d3decd87120__8740ea4a07ab72cd.cdf-ms"

POQ 31 ends.
2015-01-15 18:47:35, Info CSI 00000096 [SR] Verify complete
2015-01-15 18:47:35, Info CSI 00000097 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:47:35, Info CSI 00000098 [SR] Beginning Verify and Repair transaction
2015-01-15 18:47:42, Info CSI 00000099 Repair results created:
POQ 32 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c41121cc3631d001810d00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\247323cc3631d001820d00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\84d425cc3631d001830d00008c13c807.program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms"
3: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\e43528cc3631d001840d00008c13c807.program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms"
4: Move File: Source = [l:304{152}]"\SystemRoot\WinSxS\Temp\PendingRenames\45972acc3631d001850d00008c13c807.program_files_windows_sidebar_gadgets_mediacenter.gadget_f08b590d17819d36.cdf-ms", Destination = [l:216{108}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_mediacenter.gadget_f08b590d17819d36.cdf-ms"
5: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\45972acc3631d001860d00008c13c807.program_files_windows_sidebar_gadgets_mediacenter.gadget_js_8dda2a54ef707137.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_mediacenter.gadget_js_8dda2a54ef707137.cdf-ms"
6: Move File: Source = [l:318{159}]"\SystemRoot\WinSxS\Temp\PendingRenames\a5f82ccc3631d001870d00008c13c807.program_files_windows_sidebar_gadgets_mediacenter.gadget_images_15a18af15dc71ee0.cdf-ms", Destination = [l:230{115}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_g
2015-01-15 18:47:42, Info CSI adgets_mediacenter.gadget_images_15a18af15dc71ee0.cdf-ms"
7: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRenames\055a2fcc3631d001880d00008c13c807.program_files_windows_sidebar_gadgets_mediacenter.gadget_css_8dda2b51661abce9.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_mediacenter.gadget_css_8dda2b51661abce9.cdf-ms"
8: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\66bb31cc3631d001890d00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
9: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\267e36cc3631d0018a0d00008c13c807.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms"
10: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\e7403bcc3631d0018b0d00008c13c807.$$_schemas_eaphost_52e2de002c0b1796.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_eaphost_52e2de002c0b1796.cdf-ms"
11: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\8d0072cc3631d0018c0d00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
12: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\ae2479cc3631d0018d0d00008c13c807.$$_inf_esent_0ef70656e1d1b1ac.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_inf_esent_0ef70656e1d1b1ac.cdf-ms"
13: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ae2479cc3631d0018e0d00008c13c807.$$_inf_esent_0000_5aeb75e54bde718e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_esent_0000_5aeb75e54bde718e.cdf-ms"
14: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\6ee77dcc3631d0018f0d00008c13c807.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cd
2015-01-15 18:47:42, Info CSI f-ms"
15: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\2faa82cc3631d001900d00008c13c807.$$_ehome_mediarenderer_923295b945ee30c7.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_mediarenderer_923295b945ee30c7.cdf-ms"
16: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\129ca1cc3631d001910d00008c13c807.program_files_windows_sidebar_gadgets_mediacenter.gadget_en-us_0eda41e17d8c829e.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_mediacenter.gadget_en-us_0eda41e17d8c829e.cdf-ms"
17: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\962cbecc3631d001920d00008c13c807.$$_schemas_eapmethods_2935fdc1307d3ad6.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_eapmethods_2935fdc1307d3ad6.cdf-ms"
18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\17b2c7cc3631d001930d00008c13c807.$$_inf_esent_0409_5aeb87034bde57c9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_esent_0409_5aeb87034bde57c9.cdf-ms"

POQ 32 ends.
2015-01-15 18:47:42, Info CSI 0000009a [SR] Verify complete
2015-01-15 18:47:43, Info CSI 0000009b [SR] Verifying 100 (0x00000064) components
2015-01-15 18:47:43, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2015-01-15 18:48:07, Info CSI 0000009d Repair results created:
POQ 33 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\f48a61d53631d001f80d00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\f48a61d53631d001f90d00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\b54d66d53631d001fa0d00008c13c807.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
3: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6716dd53631d001fb0d00008c13c807.$$_ehome_en-us_1a0f218933093e9c.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_en-us_1a0f218933093e9c.cdf-ms"
4: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\5d18b0d53631d001fc0d00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\7e3cb7d53631d001fd0d00008c13c807.$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms"
6: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\3fffbbd53631d001fe0d00008c13c807.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms"
7: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\9f60bed53631d001ff0d00008c13c807.$$_system32_tasks_microsoft_windows_media_center_ad67db1bbb2dd336.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_media_center_ad67db1bbb2dd336.cdf-ms"
8: Move File: S
2015-01-15 18:48:07, Info CSI ource = [l:306{153}]"\SystemRoot\WinSxS\Temp\PendingRenames\9f60bed53631d001000e00008c13c807.$$_system32_tasks_microsoft_windows_media_center_extender_02bff096ccf79441.cdf-ms", Destination = [l:218{109}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_media_center_extender_02bff096ccf79441.cdf-ms"
9: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\ffc1c0d53631d001010e00008c13c807.programdata_microsoft_ehome_72ce881aee6c0ff2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_ehome_72ce881aee6c0ff2.cdf-ms"
10: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\6023c3d53631d001020e00008c13c807.programdata_microsoft_ehome_logs_c9da3df2b39c6e43.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_ehome_logs_c9da3df2b39c6e43.cdf-ms"
11: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\c084c5d53631d001030e00008c13c807.users_public_recorded_tv_a6d3315b447834ed.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\users_public_recorded_tv_a6d3315b447834ed.cdf-ms"
12: Move File: Source = [l:294{147}]"\SystemRoot\WinSxS\Temp\PendingRenames\c084c5d53631d001040e00008c13c807.users_default_appdata_roaming_media_center_programs_b8fc97cb3886dd3f.cdf-ms", Destination = [l:206{103}]"\SystemRoot\WinSxS\FileMaps\users_default_appdata_roaming_media_center_programs_b8fc97cb3886dd3f.cdf-ms"
13: Set File Information: File = [l:116{58}]"\??\C:\Users\Default\AppData\Roaming\Media Center Programs", Attributes = 00000080
14: Set File Information: File = [l:68{34}]"\??\C:\ProgramData\Microsoft\eHome", Attributes = 00000080
15: Set File Information: File = [l:78{39}]"\??\C:\ProgramData\Microsoft\eHome\logs", Attributes = 00000080
16: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\8047cad53631d001050e00008c13c807.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms", Destination = [l:220{110}]"\
2015-01-15 18:48:07, Info CSI SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms"
17: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\2f334dd63631d001060e00008c13c807.users_public_recorded_tv_sample_media_273d5f336c167723.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\users_public_recorded_tv_sample_media_273d5f336c167723.cdf-ms"
18: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{14dda119-22a3-93c9-9095-ac4019ca3ce1}", Type = REG_SZ (1), Data = {l:92 b:43003a005c00570069006e0064006f00770073005c00650068006f006d0065005c00650068007300730065007400750070002e0064006c006c002c0053007900730050007200650070005f0043006c00650061006e00750070000000}
19: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{6461ebd9-511b-222f-2062-3fd9d1266740}", Type = REG_SZ (1), Data = {l:58 b:7700650072002e0064006c006c002c005700650072005300790073007000720065007000470065006e006500720061006c0069007a0065000000}
20: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{6461ebd9-511b-222f-71c7-f5472ac291e2}", Type = REG_SZ (1), Data = {l:58 b:7700650072002e0064006c006c002c0057006500720053007900730070007200650070005300700065006300690061006c0069007a0065000000}
21: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{6461ebd9-511b-222f-ac99-fda4b6fe1603}", Type = REG_SZ (1), Data = {l:52 b:7700650072002e0064006c006c002c00570065007200530079007300700072006500700043006c00650061006e00750070000000}
22: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{711b488f-c605-decb-c4d8-ce732ddcc48e}", Type = REG_SZ (1), Data = {l:106 b:43003a0
2015-01-15 18:48:07, Info CSI 05c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0077006500760074006100700069002e0064006c006c002c0045007600740049006e007400530079007300700072006500700043006c00650061006e00750070000000}

POQ 33 ends.
2015-01-15 18:48:07, Info CSI 0000009e [SR] Verify complete
2015-01-15 18:48:07, Info CSI 0000009f [SR] Verifying 100 (0x00000064) components
2015-01-15 18:48:07, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2015-01-15 18:48:27, Info CSI 000000a1 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\en-US" in component Microsoft-Windows-Foundation-Default-Security.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:48:28, Info CSI 000000a2 Ignoring duplicate ownership for directory [l:120{60}]"\??\C:\Program Files\Common Files\microsoft shared\ink\en-US" in component Microsoft-Windows-Foundation-Default-Security.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:48:37, Info CSI 000000a3 Repair results created:
POQ 34 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\994fede63631d0016b0e00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:304{152}]"\SystemRoot\WinSxS\Temp\PendingRenames\5a12f2e63631d0016c0e00008c13c807.programdata_microsoft_windows_nt_msfax_common_coverpages_642a277e0ccb775c.cdf-ms", Destination = [l:216{108}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_common_coverpages_642a277e0ccb775c.cdf-ms"
2: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\ba73f4e63631d0016d0e00008c13c807.programdata_microsoft_windows_nt_msfax_common_coverpages_en-us_eec635e583fac604.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_common_coverpages_en-us_eec635e583fac604.cdf-ms"
3: Move File: Source = [l:306{153}]"\SystemRoot\WinSxS\Temp\PendingRenames\db97fbe63631d0016e0e00008c13c807.programdata_microsoft_windows_nt_msfax_virtualinbox_en-us_9c5e5cbcf8e8df85.cdf-ms", Destination = [l:218{109}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_virtualinbox_en-us_9c5e5cbcf8e8df85.cdf-ms"
4: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\3bf9fde63631d0016f0e00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
5: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\9c5a00e73631d001700e00008c13c807.$$_digitallocker_en-us_ff53d45933582902.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_digitallocker_en-us_ff53d45933582902.cdf-ms"
6: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\bc7e07e73631d001710e00008c13c807.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
7: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\1d
2015-01-15 18:48:37, Info CSI e009e73631d001720e00008c13c807.$$_ime_en-us_0d349188e45a5789.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_ime_en-us_0d349188e45a5789.cdf-ms"
8: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d410ce73631d001730e00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
9: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\dda20ee73631d001740e00008c13c807.$$_inf_en-us_0ef70046e1d1b811.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_inf_en-us_0ef70046e1d1b811.cdf-ms"
10: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\9e6513e73631d001750e00008c13c807.$$_inf_remoteaccess_110554180baafc8b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_remoteaccess_110554180baafc8b.cdf-ms"
11: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\bf891ae73631d001760e00008c13c807.$$_inf_remoteaccess_0409_86bc979ae65d5e96.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_remoteaccess_0409_86bc979ae65d5e96.cdf-ms"
12: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\400f24e73631d001770e00008c13c807.$$_en-us_40104e69a1d105cc.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_en-us_40104e69a1d105cc.cdf-ms"
13: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\21f62fe73631d001780e00008c13c807.$$_policydefinitions_89130cdfc4d9c27c.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms"
14: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\815732e73631d001790e00008c13c807.$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms"
15: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\633e3ee73631d0017a0e00008c13c8
2015-01-15 18:48:37, Info CSI 07.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
16: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\836245e73631d0017b0e00008c13c807.$$_system32_oobe_06655c95df2fa06f.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms"
17: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\654951e73631d0017c0e00008c13c807.$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms"
18: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\250c56e73631d0017d0e00008c13c807.$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms"
19: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\e6ce5ae73631d0017e0e00008c13c807.$$_system32_sysprep_en-us_ed807a30a752749a.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sysprep_en-us_ed807a30a752749a.cdf-ms"
20: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\46305de73631d0017f0e00008c13c807.$$_system32_0409_06652563df2ff0c1.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_0409_06652563df2ff0c1.cdf-ms"
21: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a6915fe73631d001800e00008c13c807.$$_system32_setup_5d3758a05cf4a445.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms"
22: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\675464e73631d001810e00008c13c807.$$_system32_setup_en-us_afa35959583f5dbd.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_setup_en-us_afa35959583f5dbd.cdf-ms"
23: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\c7b566e73631
2015-01-15 18:48:37, Info CSI d001820e00008c13c807.$$_system32_migration_927a21df1acd7c18.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms"
24: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\281769e73631d001830e00008c13c807.$$_system32_migration_en-us_815d10948a0810a2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_en-us_815d10948a0810a2.cdf-ms"
25: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\483b70e73631d001840e00008c13c807.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
26: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\a99c72e73631d001850e00008c13c807.$$_system32_en-us_licenses_205e682c4ad0fe50.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_licenses_205e682c4ad0fe50.cdf-ms"
27: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\695f77e73631d001860e00008c13c807.$$_system32_drivers_dc1b782427b5ee1b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms"
28: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\2a227ce73631d001870e00008c13c807.$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms"
29: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a837ee73631d001880e00008c13c807.$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms"
30: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\eae480e73631d001890e00008c13c807.$$_system32_drivers_umdf_en-us_b8ba9f5b7f1c3933.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_en-us_b8ba9f5b7f1c3933.cdf
2015-01-15 18:48:37, Info CSI -ms"
31: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\aba785e73631d0018a0e00008c13c807.$$_system32_mui_dispspec_d93de566344a36d0.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_mui_dispspec_d93de566344a36d0.cdf-ms"
32: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\0b0988e73631d0018b0e00008c13c807.$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms"
33: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\6b6a8ae73631d0018c0e00008c13c807.$$_system32_wbem_06656d9fdf2f8577.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms"
34: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\cccb8ce73631d0018d0e00008c13c807.$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms"
35: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\2c2d8fe73631d0018e0e00008c13c807.$$_system32_com_066545e3d047e7c7.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_com_066545e3d047e7c7.cdf-ms"
36: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\2c2d8fe73631d0018f0e00008c13c807.$$_system32_com_en-us_4019834316e68b9b.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_system32_com_en-us_4019834316e68b9b.cdf-ms"
37: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\8c8e91e73631d001900e00008c13c807.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
38: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\edef93e73631d001910e00008c13c807.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d
2015-01-15 18:48:37, Info CSI 0d4910e83c2273.cdf-ms"
39: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\adb298e73631d001920e00008c13c807.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
40: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\ced69fe73631d001930e00008c13c807.$$_resources_themes_aero_en-us_ab16867f204414fa.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_en-us_ab16867f204414fa.cdf-ms"
41: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\2e38a2e73631d001940e00008c13c807.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
42: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\101faee73631d001950e00008c13c807.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
43: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\3043b5e73631d001960e00008c13c807.$$_resources_themes_aero_shell_normalcolor_en-us_8f1a9ecd4c3325e8.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_en-us_8f1a9ecd4c3325e8.cdf-ms"
44: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\f105bae73631d001970e00008c13c807.$$_help_mui_0409_c7942094fabea651.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_help_mui_0409_c7942094fabea651.cdf-ms"
45: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\122ac1e73631d001980e00008c13c807.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"
46: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRe
2015-01-15 18:48:37, Info CSI names\334ec8e73631d001990e00008c13c807.$$_apppatch_en-us_098dc872781aebb9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_en-us_098dc872781aebb9.cdf-ms"
47: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\93afcae73631d0019a0e00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
48: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\5372cfe73631d0019b0e00008c13c807.program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms"
49: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\b4d3d1e73631d0019c0e00008c13c807.program_files_internet_explorer_en-us_2650c83f8a48b821.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_internet_explorer_en-us_2650c83f8a48b821.cdf-ms"
50: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\7496d6e73631d0019d0e00008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
51: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\3559dbe73631d0019e0e00008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
52: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\f51be0e73631d0019f0e00008c13c807.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
53: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\567de2e73631d001a00e00008c13c807.program_files_common_files_microso
2015-01-15 18:48:37, Info CSI ft_shared_ink_en-us_8a16130a1a0cde0c.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_en-us_8a16130a1a0cde0c.cdf-ms"
54: Move File: Source = [l:306{153}]"\SystemRoot\WinSxS\Temp\PendingRenames\d702ece73631d001a10e00008c13c807.program_files_common_files_microsoft_shared_triedit_en-us_59ae2daa07429081.cdf-ms", Destination = [l:218{109}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_triedit_en-us_59ae2daa07429081.cdf-ms"
55: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\3764eee73631d001a20e00008c13c807.program_files_common_files_microsoft_shared_msinfo_817ad0c7c1c8e490.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_msinfo_817ad0c7c1c8e490.cdf-ms"
56: Move File: Source = [l:304{152}]"\SystemRoot\WinSxS\Temp\PendingRenames\f726f3e73631d001a30e00008c13c807.program_files_common_files_microsoft_shared_msinfo_en-us_98319174bb92bc08.cdf-ms", Destination = [l:216{108}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_msinfo_en-us_98319174bb92bc08.cdf-ms"
57: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\5888f5e73631d001a40e00008c13c807.program_files_common_files_microsoft_shared_textconv_dfb016a4185c8725.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_textconv_dfb016a4185c8725.cdf-ms"
58: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\184bfae73631d001a50e00008c13c807.program_files_common_files_microsoft_shared_textconv_en-us_c7ff7b7c6290f6ab.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_textconv_en-us_c7ff7b7c6290f6ab.cdf-ms"
59: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\fa3106e83631d001a60e00008c13c807.program_files_common_files_system_b13078daf1286f60.cdf-ms", Destination = [l:170{85}]"\SystemRoot\
2015-01-15 18:48:37, Info CSI WinSxS\FileMaps\program_files_common_files_system_b13078daf1286f60.cdf-ms"
60: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\1a560de83631d001a70e00008c13c807.program_files_common_files_system_msadc_48cda3763ecb3874.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_msadc_48cda3763ecb3874.cdf-ms"
61: Move File: Source = [l:282{141}]"\SystemRoot\WinSxS\Temp\PendingRenames\db1812e83631d001a80e00008c13c807.program_files_common_files_system_msadc_en-us_58bb034fa66b57cc.cdf-ms", Destination = [l:194{97}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_msadc_en-us_58bb034fa66b57cc.cdf-ms"
62: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\9cdb16e83631d001a90e00008c13c807.program_files_common_files_system_ado_149a784bc852a2c0.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_ado_149a784bc852a2c0.cdf-ms"
63: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\5c9e1be83631d001aa0e00008c13c807.program_files_common_files_system_ado_en-us_9c12689ac1360dc2.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_ado_en-us_9c12689ac1360dc2.cdf-ms"
64: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\5c9e1be83631d001ab0e00008c13c807.program_files_common_files_system_en-us_48bd774a3f1387ec.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_en-us_48bd774a3f1387ec.cdf-ms"
65: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\bcff1de83631d001ac0e00008c13c807.program_files_common_files_system_ole_db_48d1b11cd4e5cabe.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_ole_db_48d1b11cd4e5cabe.cdf-ms"
66: Move File: Source = [l:284{142}]"\SystemRoot\WinSxS\Temp\PendingRenames\bcff1de83631d001ad0e00008c13c807.program_files_common_files_system_ole_db_en-us_
2015-01-15 18:48:37, Info CSI 5ff73071fce05070.cdf-ms", Destination = [l:196{98}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_ole_db_en-us_5ff73071fce05070.cdf-ms"
67: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\7dc222e83631d001ae0e00008c13c807.program_files_windows_nt_6101456faac5015c.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_nt_6101456faac5015c.cdf-ms"
68: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\dd2325e83631d001af0e00008c13c807.program_files_windows_nt_tabletextservice_9475b2de2d92bc74.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_nt_tabletextservice_9475b2de2d92bc74.cdf-ms"
69: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\3d8527e83631d001b00e00008c13c807.program_files_windows_nt_tabletextservice_en-us_0e46adde4b3af550.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_nt_tabletextservice_en-us_0e46adde4b3af550.cdf-ms"
70: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\9ee629e83631d001b10e00008c13c807.program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms"
71: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\9ee629e83631d001b20e00008c13c807.program_files_windows_nt_accessories_en-us_4cfa7c92c2470350.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_nt_accessories_en-us_4cfa7c92c2470350.cdf-ms"
72: Move File: Source = [l:300{150}]"\SystemRoot\WinSxS\Temp\PendingRenames\14b6eae83631d001b30e00008c13c807.program_files_common_files_microsoft_shared_stationery_3f6c21eb4ac66a56.cdf-ms", Destination = [l:212{106}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_stationery_3f6c21eb4ac66a56.cdf-ms"
73: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\
2015-01-15 18:48:37, Info CSI d578efe83631d001b40e00008c13c807.$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms"
74: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\35daf1e83631d001b50e00008c13c807.$$_microsoft.net_framework_83386eac0379231b.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms"
75: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\953bf4e83631d001b60e00008c13c807.$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms"
76: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\56fef8e83631d001b70e00008c13c807.$$_microsoft.net_framework_v2.0.50727_config_9a0d48f3c07d2a12.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_config_9a0d48f3c07d2a12.cdf-ms"
77: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\b65ffbe83631d001b80e00008c13c807.$$_microsoft.net_framework_v1.0.3705_b19cf3207984c497.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v1.0.3705_b19cf3207984c497.cdf-ms"
78: Move File: Source = [l:206{103}]"\SystemRoot\WinSxS\Temp\PendingRenames\16c1fde83631d001b90e00008c13c807.$$_temp_401038c9a18c18c0.cdf-ms", Destination = [l:118{59}]"\SystemRoot\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms"
79: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\762200e93631d001ba0e00008c13c807.$$_media_401039ffa1d92906.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms"
80: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\762200e93631d001bb0e00008c13c807.$$_media_delta_0f36d7d9b4f7293c.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_media_delta_0f36d7d9b4
2015-01-15 18:48:37, Info CSI f7293c.cdf-ms"
81: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\762200e93631d001bc0e00008c13c807.$$_media_sonata_6b55eb3f91aab49e.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_media_sonata_6b55eb3f91aab49e.cdf-ms"
82: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\37e504e93631d001bd0e00008c13c807.$$_media_afternoon_ae5d080a6a887942.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_media_afternoon_ae5d080a6a887942.cdf-ms"
83: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\37e504e93631d001be0e00008c13c807.$$_media_landscape_e9488ca8249a3acf.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_media_landscape_e9488ca8249a3acf.cdf-ms"
84: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\37e504e93631d001bf0e00008c13c807.$$_media_quirky_6baa21a590d24b57.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_media_quirky_6baa21a590d24b57.cdf-ms"
85: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\f8a709e93631d001c00e00008c13c807.$$_media_savanna_6b39e54d8ae1e5ca.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_media_savanna_6b39e54d8ae1e5ca.cdf-ms"
86: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\f8a709e93631d001c10e00008c13c807.$$_media_garden_6cea56938e5bd6b1.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_media_garden_6cea56938e5bd6b1.cdf-ms"
87: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f8a709e93631d001c20e00008c13c807.$$_media_festival_d2aa354bee3f11cc.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_media_festival_d2aa354bee3f11cc.cdf-ms"
88: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\58090ce93631d001c30e00008c13c807.$$_media_raga_d0fd3c9ac0f8ab1b.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\$$_media_raga_d0fd3c9ac0f8ab1b.cdf-ms"
89: Mo
2015-01-15 18:48:37, Info CSI ve File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\b86a0ee93631d001c40e00008c13c807.$$_media_calligraphy_7b7c7a996fa5cd3c.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_media_calligraphy_7b7c7a996fa5cd3c.cdf-ms"
90: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\792d13e93631d001c50e00008c13c807.$$_media_characters_8ee06d90f7dead3a.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_media_characters_8ee06d90f7dead3a.cdf-ms"
91: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\792d13e93631d001c60e00008c13c807.$$_media_cityscape_b0cbff7c81824cc5.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_media_cityscape_b0cbff7c81824cc5.cdf-ms"
92: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\d98e15e93631d001c70e00008c13c807.$$_l2schemas_d7bb5637381de58c.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_l2schemas_d7bb5637381de58c.cdf-ms"
93: Move File: Source = [l:210{105}]"\SystemRoot\WinSxS\Temp\PendingRenames\99511ae93631d001c80e00008c13c807.$$_system_4c3aa2308f9f8f41.cdf-ms", Destination = [l:122{61}]"\SystemRoot\WinSxS\FileMaps\$$_system_4c3aa2308f9f8f41.cdf-ms"
94: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\db9928e93631d001c90e00008c13c807.$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms"
95: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\fcbd2fe93631d001ca0e00008c13c807.$$_system32_inetsrv_e6240a381854fe3d.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_inetsrv_e6240a381854fe3d.cdf-ms"
96: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\1de236e93631d001cb0e00008c13c807.$$_system32_drivers_etc_a531967eb3dfecbd.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_etc_a531967eb3dfecbd.cdf-ms"
97: Move F
2015-01-15 18:48:37, Info CSI ile: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d4339e93631d001cc0e00008c13c807.$$_system32_wbem_tmf_026f0fb07227ea72.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wbem_tmf_026f0fb07227ea72.cdf-ms"
98: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\5e2a45e93631d001cd0e00008c13c807.$$_fonts_40104ba9a1d20dac.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms"
99: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\7f4e4ce93631d001ce0e00008c13c807.$$_web_3f580d25a4c8e0a0.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_web_3f580d25a4c8e0a0.cdf-ms"
100: Set File Information: File = [l:40{20}]"\??\C:\Program Files", Attributes = 00000080
101: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a06c2ea3631d001cf0e00008c13c807.programdata_microsoft_windows_nt_msscan_549c401cd5c756f4.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_nt_msscan_549c401cd5c756f4.cdf-ms"
102: Set File Information: File = [l:126{63}]"\??\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages", Attributes = 00000080
103: Move File: Source = [l:210{105}]"\SystemRoot\WinSxS\Temp\PendingRenames\adb6f2eb3631d001d00e00008c13c807.$$_addins_2452dff8cb692cdd.cdf-ms", Destination = [l:122{61}]"\SystemRoot\WinSxS\FileMaps\$$_addins_2452dff8cb692cdd.cdf-ms"
104: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\f3953ded3631d001d10e00008c13c807.$$_system32_en_9da4492827ac64e5.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en_9da4492827ac64e5.cdf-ms"

POQ 34 ends.
2015-01-15 18:48:37, Info CSI 000000a4 [SR] Verify complete
2015-01-15 18:48:37, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:48:37, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2015-01-15 18:48:55, Info CSI 000000a7 Repair results created:
POQ 35 starts:

POQ 35 ends.
2015-01-15 18:48:55, Info CSI 000000a8 [SR] Verify complete
2015-01-15 18:48:56, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:48:56, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2015-01-15 18:49:28, Info CSI 000000ab Repair results created:
POQ 36 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\ba056e063731d0019a0f00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\ba056e063731d0019b0f00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\ba056e063731d0019c0f00008c13c807.program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms"
3: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\7ac872063731d0019d0f00008c13c807.program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms"
4: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\da2975063731d0019e0f00008c13c807.program_files_windows_sidebar_gadgets_weather.gadget_a4898b91b8575c47.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weather.gadget_a4898b91b8575c47.cdf-ms"
5: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\3b8b77063731d0019f0f00008c13c807.program_files_windows_sidebar_gadgets_weather.gadget_en-us_d90b1afcc77a7607.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weather.gadget_en-us_d90b1afcc77a7607.cdf-ms"
6: Move File: Source = [l:314{157}]"\SystemRoot\WinSxS\Temp\PendingRenames\3b8b77063731d001a00f00008c13c807.program_files_windows_sidebar_gadgets_weather.gadget_en-us_js_4f0bf75a094013ae.cdf-ms", Destination = [l:226{113}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weath
2015-01-15 18:49:28, Info CSI er.gadget_en-us_js_4f0bf75a094013ae.cdf-ms"
7: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\9bec79063731d001a10f00008c13c807.program_files_windows_sidebar_gadgets_weather.gadget_en-us_css_863292ab8d2936a8.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weather.gadget_en-us_css_863292ab8d2936a8.cdf-ms"
8: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\b02bcd083731d001a20f00008c13c807.program_files_windows_sidebar_gadgets_calendar.gadget_b054eca6667f3063.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_calendar.gadget_b054eca6667f3063.cdf-ms"
9: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\71eed1083731d001a30f00008c13c807.program_files_windows_sidebar_gadgets_calendar.gadget_en-us_e8aa0ae297615c6d.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_calendar.gadget_en-us_e8aa0ae297615c6d.cdf-ms"
10: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\d14fd4083731d001a40f00008c13c807.program_files_windows_sidebar_gadgets_calendar.gadget_en-us_js_45a8e205c0b938de.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_calendar.gadget_en-us_js_45a8e205c0b938de.cdf-ms"
11: Move File: Source = [l:318{159}]"\SystemRoot\WinSxS\Temp\PendingRenames\d14fd4083731d001a50f00008c13c807.program_files_windows_sidebar_gadgets_calendar.gadget_en-us_css_4d83524d9d6217bc.cdf-ms", Destination = [l:230{115}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_calendar.gadget_en-us_css_4d83524d9d6217bc.cdf-ms"
12: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\f273db083731d001a60f00008c13c807.program_files_windows_sidebar_gadgets_clock.gadget_85cde96256fb59df.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_clock.gadget_85
2015-01-15 18:49:28, Info CSI cde96256fb59df.cdf-ms"
13: Move File: Source = [l:304{152}]"\SystemRoot\WinSxS\Temp\PendingRenames\b236e0083731d001a70f00008c13c807.program_files_windows_sidebar_gadgets_clock.gadget_en-us_b92194be8e78846b.cdf-ms", Destination = [l:216{108}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_clock.gadget_en-us_b92194be8e78846b.cdf-ms"
14: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\1398e2083731d001a80f00008c13c807.program_files_windows_sidebar_gadgets_clock.gadget_en-us_js_2690dfedc0f833b4.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_clock.gadget_en-us_js_2690dfedc0f833b4.cdf-ms"
15: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRenames\73f9e4083731d001a90f00008c13c807.program_files_windows_sidebar_gadgets_clock.gadget_en-us_css_2690e0e99412a2f4.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_clock.gadget_en-us_css_2690e0e99412a2f4.cdf-ms"
16: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\803b57093731d001aa0f00008c13c807.program_files_windows_sidebar_gadgets_rssfeeds.gadget_22ec6b16cd2d39ce.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_rssfeeds.gadget_22ec6b16cd2d39ce.cdf-ms"
17: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\803b57093731d001ab0f00008c13c807.program_files_windows_sidebar_gadgets_rssfeeds.gadget_en-us_42036cf020e8a972.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_rssfeeds.gadget_en-us_42036cf020e8a972.cdf-ms"
18: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\41fe5b093731d001ac0f00008c13c807.program_files_windows_sidebar_gadgets_rssfeeds.gadget_en-us_js_eebbf22d9f05f549.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_rssfeeds.gadget_en-us_js_eebbf22d9f05f549.cdf
2015-01-15 18:49:28, Info CSI -ms"
19: Move File: Source = [l:318{159}]"\SystemRoot\WinSxS\Temp\PendingRenames\41fe5b093731d001ad0f00008c13c807.program_files_windows_sidebar_gadgets_rssfeeds.gadget_en-us_css_adeac7d6c2b30bf7.cdf-ms", Destination = [l:230{115}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_rssfeeds.gadget_en-us_css_adeac7d6c2b30bf7.cdf-ms"
20: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\c28365093731d001ae0f00008c13c807.program_files_windows_sidebar_gadgets_currency.gadget_964bdce27d2d6734.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_currency.gadget_964bdce27d2d6734.cdf-ms"
21: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\22e567093731d001af0f00008c13c807.program_files_windows_sidebar_gadgets_currency.gadget_en-us_8182ef952052028a.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_currency.gadget_en-us_8182ef952052028a.cdf-ms"
22: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\22e567093731d001b00f00008c13c807.program_files_windows_sidebar_gadgets_currency.gadget_en-us_js_9037510893ce6463.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_currency.gadget_en-us_js_9037510893ce6463.cdf-ms"
23: Move File: Source = [l:318{159}]"\SystemRoot\WinSxS\Temp\PendingRenames\22e567093731d001b10f00008c13c807.program_files_windows_sidebar_gadgets_currency.gadget_en-us_css_cf9198f7f6b7f8df.cdf-ms", Destination = [l:230{115}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_currency.gadget_en-us_css_cf9198f7f6b7f8df.cdf-ms"
24: Move File: Source = [l:300{150}]"\SystemRoot\WinSxS\Temp\PendingRenames\5b82400a3731d001b20f00008c13c807.program_files_windows_sidebar_gadgets_slideshow.gadget_1d53bb9c29c0aa6d.cdf-ms", Destination = [l:212{106}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_slideshow.gadget_1d53bb9c29c0aa6d.cdf-ms"

2015-01-15 18:49:28, Info CSI 25: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRenames\1b45450a3731d001b30f00008c13c807.program_files_windows_sidebar_gadgets_slideshow.gadget_en-us_23311f020fdd83c5.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_slideshow.gadget_en-us_23311f020fdd83c5.cdf-ms"
26: Move File: Source = [l:318{159}]"\SystemRoot\WinSxS\Temp\PendingRenames\7ca6470a3731d001b40f00008c13c807.program_files_windows_sidebar_gadgets_slideshow.gadget_en-us_js_ca39c98b64be74a4.cdf-ms", Destination = [l:230{115}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_slideshow.gadget_en-us_js_ca39c98b64be74a4.cdf-ms"
27: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c694c0a3731d001b50f00008c13c807.program_files_windows_sidebar_gadgets_slideshow.gadget_en-us_css_ca39ca876b477a1a.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_slideshow.gadget_en-us_css_ca39ca876b477a1a.cdf-ms"
28: Move File: Source = [l:314{157}]"\SystemRoot\WinSxS\Temp\PendingRenames\5f98660a3731d001b60f00008c13c807.program_files_windows_sidebar_gadgets_slideshow.gadget_images_db83d22ffb6579d1.cdf-ms", Destination = [l:226{113}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_slideshow.gadget_images_db83d22ffb6579d1.cdf-ms"
29: Move File: Source = [l:336{168}]"\SystemRoot\WinSxS\Temp\PendingRenames\5f98660a3731d001b70f00008c13c807.program_files_windows_sidebar_gadgets_slideshow.gadget_images_in_sidebar_845277d664af085f.cdf-ms", Destination = [l:248{124}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_slideshow.gadget_images_in_sidebar_845277d664af085f.cdf-ms"
30: Move File: Source = [l:336{168}]"\SystemRoot\WinSxS\Temp\PendingRenames\bff9680a3731d001b80f00008c13c807.program_files_windows_sidebar_gadgets_slideshow.gadget_images_on_desktop_8c4fbdc6458a98d1.cdf-ms", Destination = [l:248{124}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gad
2015-01-15 18:49:28, Info CSI gets_slideshow.gadget_images_on_desktop_8c4fbdc6458a98d1.cdf-ms"
31: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\e949bc0a3731d001b90f00008c13c807.program_files_windows_sidebar_gadgets_picturepuzzle.gadget_284c80f2b12171b5.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_picturepuzzle.gadget_284c80f2b12171b5.cdf-ms"
32: Move File: Source = [l:322{161}]"\SystemRoot\WinSxS\Temp\PendingRenames\49abbe0a3731d001ba0f00008c13c807.program_files_windows_sidebar_gadgets_picturepuzzle.gadget_images_113209543e53c7d7.cdf-ms", Destination = [l:234{117}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_picturepuzzle.gadget_images_113209543e53c7d7.cdf-ms"

POQ 36 ends.
2015-01-15 18:49:28, Info CSI 000000ac [SR] Verify complete
2015-01-15 18:49:29, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2015-01-15 18:49:29, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2015-01-15 18:49:46, Info CSI 000000af Repair results created:
POQ 37 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\9011a7133731d0011f1000008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\9011a7133731d001201000008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\9011a7133731d001211000008c13c807.program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms"
3: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\f072a9133731d001221000008c13c807.program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms"
4: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\1197b0133731d001231000008c13c807.program_files_windows_sidebar_gadgets_picturepuzzle.gadget_284c80f2b12171b5.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_picturepuzzle.gadget_284c80f2b12171b5.cdf-ms"
5: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\71f8b2133731d001241000008c13c807.program_files_windows_sidebar_gadgets_picturepuzzle.gadget_en-us_40e1f69776c7e3c9.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_picturepuzzle.gadget_en-us_40e1f69776c7e3c9.cdf-ms"
6: Move File: Source = [l:326{163}]"\SystemRoot\WinSxS\Temp\PendingRenames\71f8b2133731d001251000008c13c807.program_files_windows_sidebar_gadgets_picturepuzzle.gadget_en-us_js_ee4c57e840f5e5a0.cdf-ms", Destination = [l:238{119}]"\SystemRoot\WinSxS\FileMaps\program_files
2015-01-15 18:49:46, Info CSI _windows_sidebar_gadgets_picturepuzzle.gadget_en-us_js_ee4c57e840f5e5a0.cdf-ms"
7: Move File: Source = [l:328{164}]"\SystemRoot\WinSxS\Temp\PendingRenames\32bbb7133731d001261000008c13c807.program_files_windows_sidebar_gadgets_picturepuzzle.gadget_en-us_css_ee4c58e41ef91b16.cdf-ms", Destination = [l:240{120}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_picturepuzzle.gadget_en-us_css_ee4c58e41ef91b16.cdf-ms"
8: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\f488cf133731d001271000008c13c807.program_files_windows_sidebar_gadgets_clock.gadget_85cde96256fb59df.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_clock.gadget_85cde96256fb59df.cdf-ms"
9: Move File: Source = [l:306{153}]"\SystemRoot\WinSxS\Temp\PendingRenames\55ead1133731d001281000008c13c807.program_files_windows_sidebar_gadgets_clock.gadget_images_11f95cf60938de7b.cdf-ms", Destination = [l:218{109}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_clock.gadget_images_11f95cf60938de7b.cdf-ms"
10: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\27056f143731d001291000008c13c807.program_files_dvd_maker_405775de8763ce75.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_405775de8763ce75.cdf-ms"
11: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\876671143731d0012a1000008c13c807.program_files_dvd_maker_shared_a54613779b918be2.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_a54613779b918be2.cdf-ms"
12: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\aca09e143731d0012b1000008c13c807.program_files_windows_sidebar_gadgets_currency.gadget_964bdce27d2d6734.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_currency.gadget_964bdce27d2d6734.cdf-ms"
13: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRename
2015-01-15 18:49:46, Info CSI s\0d02a1143731d0012c1000008c13c807.program_files_windows_sidebar_gadgets_currency.gadget_images_818b19610434093a.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_currency.gadget_images_818b19610434093a.cdf-ms"
14: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\cdc4a5143731d0012d1000008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
15: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\2d26a8143731d0012e1000008c13c807.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms"
16: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\e53d77153731d0012f1000008c13c807.program_files_windows_sidebar_gadgets_rssfeeds.gadget_22ec6b16cd2d39ce.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_rssfeeds.gadget_22ec6b16cd2d39ce.cdf-ms"
17: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRenames\a6007c153731d001301000008c13c807.program_files_windows_sidebar_gadgets_rssfeeds.gadget_images_420b96bc9fb8ab54.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_rssfeeds.gadget_images_420b96bc9fb8ab54.cdf-ms"
18: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\ea539d153731d001311000008c13c807.program_files_windows_sidebar_gadgets_calendar.gadget_b054eca6667f3063.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_calendar.gadget_b054eca6667f3063.cdf-ms"
19: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRenames\4ab59f153731d001321000008c13c807.program_files_windows_sidebar_gadgets_calendar.gadget_images_e8b234ae384ba7b1.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_calendar.gadget_image
2015-01-15 18:49:46, Info CSI s_e8b234ae384ba7b1.cdf-ms"
20: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\993f20163731d001331000008c13c807.program_files_windows_sidebar_gadgets_cpu.gadget_3ea229fc96d38c13.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_cpu.gadget_3ea229fc96d38c13.cdf-ms"
21: Move File: Source = [l:300{150}]"\SystemRoot\WinSxS\Temp\PendingRenames\f9a022163731d001341000008c13c807.program_files_windows_sidebar_gadgets_cpu.gadget_en-us_268aa9af5ba2d05f.cdf-ms", Destination = [l:212{106}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_cpu.gadget_en-us_268aa9af5ba2d05f.cdf-ms"
22: Move File: Source = [l:306{153}]"\SystemRoot\WinSxS\Temp\PendingRenames\590225163731d001351000008c13c807.program_files_windows_sidebar_gadgets_cpu.gadget_en-us_js_e0a0cbba78d6d4d6.cdf-ms", Destination = [l:218{109}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_cpu.gadget_en-us_js_e0a0cbba78d6d4d6.cdf-ms"
23: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\ba6327163731d001361000008c13c807.program_files_windows_sidebar_gadgets_cpu.gadget_en-us_css_25b24cc85d6f7250.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_cpu.gadget_en-us_css_25b24cc85d6f7250.cdf-ms"
24: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\fbab35163731d001371000008c13c807.program_files_windows_sidebar_gadgets_cpu.gadget_images_987b0ad259a4806b.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_cpu.gadget_images_987b0ad259a4806b.cdf-ms"
25: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\df9d54163731d001381000008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
26: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\a88ca5163731d001391000008c13c807.program_fi
2015-01-15 18:49:46, Info CSI les_windows_sidebar_gadgets_weather.gadget_a4898b91b8575c47.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weather.gadget_a4898b91b8575c47.cdf-ms"
27: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\a88ca5163731d0013a1000008c13c807.program_files_windows_sidebar_gadgets_weather.gadget_images_585d106689450aab.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weather.gadget_images_585d106689450aab.cdf-ms"
28: Move File: Source = [l:324{162}]"\SystemRoot\WinSxS\Temp\PendingRenames\08eea7163731d0013b1000008c13c807.program_files_windows_sidebar_gadgets_weather.gadget_images_144dpi_12b2fa65af7b87ad.cdf-ms", Destination = [l:236{118}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weather.gadget_images_144dpi_12b2fa65af7b87ad.cdf-ms"
29: Move File: Source = [l:324{162}]"\SystemRoot\WinSxS\Temp\PendingRenames\694faa163731d0013c1000008c13c807.program_files_windows_sidebar_gadgets_weather.gadget_images_120dpi_12fb0c15aed95ff3.cdf-ms", Destination = [l:236{118}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_weather.gadget_images_120dpi_12fb0c15aed95ff3.cdf-ms"
30: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\2912af163731d0013d1000008c13c807.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms"

spypcsense
2015-01-16, 05:19
cbs log Part 2

POQ 37 ends.
2015-01-15 18:49:46, Info CSI 000000b0 [SR] Verify complete
2015-01-15 18:49:47, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:49:47, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2015-01-15 18:49:52, Info CSI 000000b3 Repair results created:
POQ 38 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\af30221a3731d001a21000008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\0f92241a3731d001a31000008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\6ff3261a3731d001a41000008c13c807.$$_globalization_els_hyphenationdictionaries_62199cb34951fc74.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_els_hyphenationdictionaries_62199cb34951fc74.cdf-ms"

POQ 38 ends.
2015-01-15 18:49:52, Info CSI 000000b4 [SR] Verify complete
2015-01-15 18:49:52, Info CSI 000000b5 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:49:52, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2015-01-15 18:49:54, Info CSI 000000b7 Repair results created:
POQ 39 starts:

POQ 39 ends.
2015-01-15 18:49:54, Info CSI 000000b8 [SR] Verify complete
2015-01-15 18:49:54, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:49:54, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2015-01-15 18:49:57, Info CSI 000000bb Repair results created:
POQ 40 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e8cf271d3731d0016d1100008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\48312a1d3731d0016e1100008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\09f42e1d3731d0016f1100008c13c807.$$_globalization_els_transliteration_1547068d18bc2738.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_els_transliteration_1547068d18bc2738.cdf-ms"
3: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\cecc591d3731d001701100008c13c807.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms"

POQ 40 ends.
2015-01-15 18:49:57, Info CSI 000000bc [SR] Verify complete
2015-01-15 18:49:58, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2015-01-15 18:49:58, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2015-01-15 18:50:08, Info CSI 000000bf Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\el-GR" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"el-GR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:08, Info CSI 000000c0 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ko-KR" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ko-KR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:08, Info CSI 000000c1 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\da-DK" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"da-DK", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:12, Info CSI 000000c2 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\nl-NL" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"nl-NL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:12, Info CSI 000000c3 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\sk-SK" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"sk-SK", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:12, Info CSI 000000c4 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\hr-HR" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"hr-HR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:12, Info CSI 000000c5 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\hu-HU" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"hu-HU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:12, Info CSI 000000c6 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\bg-BG" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"bg-BG", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:12, Info CSI 000000c7 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ro-RO" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ro-RO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000c8 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ru-RU" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ru-RU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000c9 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\cs-CZ" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"cs-CZ", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000ca Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\sv-SE" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"sv-SE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000cb Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\de-DE" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"de-DE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000cc Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\lt-LT" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"lt-LT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000cd Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\lv-LV" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"lv-LV", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000ce Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\tr-TR" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"tr-TR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000cf Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\it-IT" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"it-IT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:13, Info CSI 000000d0 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\fr-FR" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"fr-FR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:14, Info CSI 000000d1 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\fi-FI" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"fi-FI", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:14, Info CSI 000000d2 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\he-IL" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"he-IL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:14, Info CSI 000000d3 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\uk-UA" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"uk-UA", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:14, Info CSI 000000d4 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\nb-NO" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:14, Info CSI 000000d5 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\sl-SI" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"sl-SI", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:15, Info CSI 000000d6 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\en-US" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-us", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:15, Info CSI 000000d7 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\zh-CN" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-CN", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:15, Info CSI 000000d8 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\zh-TW" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-TW", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:18, Info CSI 000000d9 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pt-BR" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pt-BR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:18, Info CSI 000000da Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ar-SA" in component Microsoft-Windows-Installer-Engine.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ar-SA", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:50:18, Info CSI 000000db Repair results created:
POQ 41 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\5e2459233731d001d51100008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\5e2459233731d001d61100008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\dfa962233731d001d71100008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\612f6c233731d001d81100008c13c807.$$_system32_el-gr_429cd0b684dc71bd.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms"
4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a7fbf233731d001d91100008c13c807.$$_system32_ko-kr_4e039de673c23e4a.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2c29d0233731d001da1100008c13c807.$$_system32_da-dk_40b64d5e87b63595.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms"
6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2e34e3233731d001db1100008c13c807.$$_system32_et-ee_429cb6e884dc9948.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms"
7: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\462ecb253731d001dc1100008c13c807.$$_system32_ime_imetc10_aead306aeed0be86.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imetc10_aead306aeed0be86.cdf-ms"
8: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\Pe
2015-01-15 18:50:18, Info CSI ndingRenames\07f1cf253731d001dd1100008c13c807.$$_system32_ime_imetc10_applets_93adac07b5e841fb.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imetc10_applets_93adac07b5e841fb.cdf-ms"
9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a99ae0253731d001de1100008c13c807.$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms"
10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ebe2ee253731d001df1100008c13c807.$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms"
11: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2c2bfd253731d001e01100008c13c807.$$_system32_hr-hr_485036ac7c4f596f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms"
12: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ced40d263731d001e11100008c13c807.$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms"
13: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\101d1c263731d001e21100008c13c807.$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms"
14: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\51652a263731d001e31100008c13c807.$$_system32_pt-pt_5783f7006581b92f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms"
15: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f30e3b263731d001e41100008c13c807.$$_system32_es-es_429cd1a084dc7119.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms"
16: Move File: Source = [l:226{113}]"\System
2015-01-15 18:50:18, Info CSI Root\WinSxS\Temp\PendingRenames\355749263731d001e51100008c13c807.$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms"
17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\779f57263731d001e61100008c13c807.$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms"
18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b8e765263731d001e71100008c13c807.$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms"
19: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\fa2f74263731d001e81100008c13c807.$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms"
20: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c7882263731d001e91100008c13c807.$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms"
21: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\7dc090263731d001ea1100008c13c807.$$_system32_de-de_40b6416a87b647ef.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms"
22: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\bf089f263731d001eb1100008c13c807.$$_system32_lt-lt_4fea189870e886c7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms"
23: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\0051ad263731d001ec1100008c13c807.$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms"
24: Move File: Source = [l:226{113}]"\SystemRoot\Win
2015-01-15 18:50:18, Info CSI SxS\Temp\PendingRenames\4299bb263731d001ed1100008c13c807.$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms"
25: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\84e1c9263731d001ee1100008c13c807.$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms"
26: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e64ddf263731d001ef1100008c13c807.$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms"
27: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\88f7ef263731d001f01100008c13c807.$$_system32_fr-fr_448347788202c03b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms"
28: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ab260a273731d001f11100008c13c807.$$_system32_fi-fi_448337a68202d703.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms"
29: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ed6e18273731d001f21100008c13c807.$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms"
30: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\2eb726273731d001f31100008c13c807.$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms"
31: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\70ff34273731d001f41100008c13c807.$$_system32_he-il_48502d1c7c4f6669.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms"
32: Move File: Source = [l:226{113}]"\SystemRoot\W
2015-01-15 18:50:18, Info CSI inSxS\Temp\PendingRenames\d36b4a273731d001f51100008c13c807.$$_system32_uk-ua_61042a3457416b73.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms"
33: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\974475273731d001f61100008c13c807.$$_system32_nb-no_53b700d66b352886.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms"
34: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\d98c83273731d001f71100008c13c807.$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms"
35: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3cf998273731d001f81100008c13c807.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
36: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d41a7273731d001f91100008c13c807.$$_system32_zh-cn_6a8499504900c466.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms"
37: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\5f28b3273731d001fa1100008c13c807.$$_system32_zh-tw_6a84aa664900aad6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms"
38: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\bd80cf293731d001fb1100008c13c807.$$_system32_pt-br_5783f3346581bed3.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms"
39: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\fec8dd293731d001fc1100008c13c807.$$_system32_ar-sa_3b02d130904371b4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms"

POQ 41 ends.
2015-01-15 18:50:18, Info CSI 000000dc [SR] Verify complete
2015-01-15 18:50:19, Info CSI 000000dd [SR] Verifying 100 (0x00000064) components
2015-01-15 18:50:19, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2015-01-15 18:50:24, Info CSI 000000df Repair results created:
POQ 42 starts:

POQ 42 ends.
2015-01-15 18:50:24, Info CSI 000000e0 [SR] Verify complete
2015-01-15 18:50:25, Info CSI 000000e1 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:50:25, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2015-01-15 18:50:35, Info CSI 000000e3 Repair results created:
POQ 43 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\2076af333731d001c51200008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\2076af333731d001c61200008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\80d7b1333731d001c71200008c13c807.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\80d7b1333731d001c81200008c13c807.$$_ime_imesc5_dicts_32255cd579e8854e.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imesc5_dicts_32255cd579e8854e.cdf-ms"
4: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\a1fbb8333731d001c91200008c13c807.$$_ime_imesc5_help_693c441c0201a8fa.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imesc5_help_693c441c0201a8fa.cdf-ms"
5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\2281c2333731d001ca1200008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\e343c7333731d001cb1200008c13c807.$$_system32_ime_imesc5_46a6606042ef6565.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imesc5_46a6606042ef6565.cdf-ms"
7: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\a306cc333731d001cc1200008c13c807.$$_system32_ime_imesc5_applets_7ab7847ddb9a9a48.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imesc5_applets_7ab7847ddb9a9a48.cdf-ms"

POQ 43 ends.
2015-01-15 18:50:35, Info CSI 000000e4 [SR] Verify complete
2015-01-15 18:50:35, Info CSI 000000e5 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:50:35, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2015-01-15 18:50:41, Info CSI 000000e7 Repair results created:
POQ 44 starts:
0: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{dac50502-74b9-13b4-0470-6c42dc9b8f85}", Type = REG_SZ (1), Data = {l:118 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c006900700068006c0070007300760063002e0064006c006c002c004900700068006c0070007300760063005300790073007000720065007000470065006e006500720061006c0069007a0065000000}

POQ 44 ends.
2015-01-15 18:50:41, Info CSI 000000e8 [SR] Verify complete
2015-01-15 18:50:42, Info CSI 000000e9 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:50:42, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2015-01-15 18:51:00, Info CSI 000000eb Repair results created:
POQ 45 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\64d3b13e3731d001951300008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\c434b43e3731d001961300008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\46babd3e3731d001971300008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\c73fc73e3731d001981300008c13c807.$$_system32_spool_drivers_color_714407f67ff22f9d.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spool_drivers_color_714407f67ff22f9d.cdf-ms"
4: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\0b14ff3f3731d001991300008c13c807.programdata_microsoft_identitycrl_9ceb7e1568e6c6e7.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_identitycrl_9ceb7e1568e6c6e7.cdf-ms"
5: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\43b1d7403731d0019a1300008c13c807.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
6: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\2598e3403731d0019b1300008c13c807.$$_ime_imetc10_dicts_31e93cd9cd8cc931.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imetc10_dicts_31e93cd9cd8cc931.cdf-ms"
7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\46bcea403731d0019c1300008c13c807.$$_ime_imetc10_help_31e933f572191d05.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imetc10_help_31e933f572191d05.cdf-ms"
8: Move File: Source = [l:
2015-01-15 18:51:00, Info CSI 238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\e865fb403731d0019d1300008c13c807.$$_system32_ime_imetc10_aead306aeed0be86.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imetc10_aead306aeed0be86.cdf-ms"
9: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\088a02413731d0019e1300008c13c807.$$_system32_ime_imetc10_applets_93adac07b5e841fb.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imetc10_applets_93adac07b5e841fb.cdf-ms"
10: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa3313413731d0019f1300008c13c807.$$_globalization_sorting_04883de290c6ef1b.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_sorting_04883de290c6ef1b.cdf-ms"

POQ 45 ends.
2015-01-15 18:51:00, Info CSI 000000ec [SR] Verify complete
2015-01-15 18:51:00, Info CSI 000000ed [SR] Verifying 100 (0x00000064) components
2015-01-15 18:51:00, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2015-01-15 18:51:24, Info CSI 000000ef Ignoring duplicate ownership for directory [l:108{54}]"\??\C:\Program Files\Common Files\microsoft shared\vgx" in component Microsoft-Windows-IE-VGX, Version = 11.2.9600.17358, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:51:39, Info CSI 000000f0 Repair results created:
POQ 46 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\5fc2e04f3731d001041400008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\5fc2e04f3731d001051400008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\ed895c503731d001061400008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\0eae63503731d001071400008c13c807.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms"
4: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\423516513731d001081400008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
5: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\423516513731d001091400008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
6: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\a29618513731d0010a1400008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
7: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\63591d513731d0010b1400008c13c807.program_files_common_files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common
2015-01-15 18:51:39, Info CSI _files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms"
8: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\d10219583731d0010c1400008c13c807.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
9: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\31641b583731d0010d1400008c13c807.$$_ime_imekr8_dicts_2ff7cb9394decb12.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imekr8_dicts_2ff7cb9394decb12.cdf-ms"
10: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\f22620583731d0010e1400008c13c807.$$_ime_imekr8_help_6edfa6f9f9cba42e.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imekr8_help_6edfa6f9f9cba42e.cdf-ms"
11: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\93d030583731d0010f1400008c13c807.$$_system32_ime_imekr8_46a67c6e42ef3b99.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imekr8_46a67c6e42ef3b99.cdf-ms"
12: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\93d030583731d001101400008c13c807.$$_system32_ime_imekr8_applets_4b4e797746aa967c.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imekr8_applets_4b4e797746aa967c.cdf-ms"
13: Move File: Source = [l:248{124}]"\SystemRoot\WinSxS\Temp\PendingRenames\cc6d09593731d001111400008c13c807.$$_system32_ime_imekr8_dicts_4b36d5aba5194cae.cdf-ms", Destination = [l:160{80}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imekr8_dicts_4b36d5aba5194cae.cdf-ms"
14: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{295bd270-325d-8af6-955f-89cdd4c4c24b}", Type = REG_SZ (1), Data = {l:128 b:43003a005c00500072006f006700720061006d002000460069006c00650073005c0049006e007400650072006e006500740020004500780070006c006f007200650072005c00690065007300730065007400750070002e0064006c006c002c00530079007300
2015-01-15 18:51:39, Info CSI 50007200650070005f0043006c00650061006e00750070000000}

POQ 46 ends.
2015-01-15 18:51:39, Info CSI 000000f1 [SR] Verify complete
2015-01-15 18:51:39, Info CSI 000000f2 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:51:39, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2015-01-15 18:51:48, Info CSI 000000f4 Repair results created:
POQ 47 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\49625d5e3731d001761400008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\aac35f5e3731d001771400008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"

POQ 47 ends.
2015-01-15 18:51:48, Info CSI 000000f5 [SR] Verify complete
2015-01-15 18:51:49, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:51:49, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2015-01-15 18:51:54, Info CSI 000000f8 Repair results created:
POQ 48 starts:

POQ 48 ends.
2015-01-15 18:51:54, Info CSI 000000f9 [SR] Verify complete
2015-01-15 18:51:54, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2015-01-15 18:51:54, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2015-01-15 18:52:23, Info CSI 000000fc Repair results created:
POQ 49 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\904db66c3731d001401500008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\904db66c3731d001411500008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\5110bb6c3731d001421500008c13c807.$$_globalization_mct_0b932a9a9cc9f99b.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_0b932a9a9cc9f99b.cdf-ms"
3: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\d295c46c3731d001431500008c13c807.$$_globalization_mct_mct-cn_link_61ec583d26fa028d.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-cn_link_61ec583d26fa028d.cdf-ms"
4: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\f3b9cb6c3731d001441500008c13c807.$$_globalization_mct_mct-gb_link_61442ee528aa6cdd.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-gb_link_61442ee528aa6cdd.cdf-ms"
5: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\5526e16c3731d001451500008c13c807.$$_globalization_mct_mct-jp_link_60f41b35291f89a8.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-jp_link_60f41b35291f89a8.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\ec1d03723731d001461500008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
7: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\6da30c723731d001471500008c13c807.$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_2650d8
2015-01-15 18:52:23, Info CSI d30fee1fe9.cdf-ms"
8: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\ef2816723731d001481500008c13c807.$$_system32_migwiz_dlmanifests_f1386c432966667b.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_f1386c432966667b.cdf-ms"
9: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\4f8a18723731d001491500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-ie-esc_881b20a0d2777648.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-ie-esc_881b20a0d2777648.cdf-ms"
10: Move File: Source = [l:358{179}]"\SystemRoot\WinSxS\Temp\PendingRenames\0f4d1d723731d0014a1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms", Destination = [l:270{135}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms"
11: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRenames\70ae1f723731d0014b1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-mediaplayer_644fa9f0de4025eb.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-mediaplayer_644fa9f0de4025eb.cdf-ms"
12: Move File: Source = [l:322{161}]"\SystemRoot\WinSxS\Temp\PendingRenames\d00f22723731d0014c1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-storagemigration_d55783f2ccb64b27.cdf-ms", Destination = [l:234{117}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-storagemigration_d55783f2ccb64b27.cdf-ms"
13: Move File: Source = [l:330{165}]"\SystemRoot\WinSxS\Temp\PendingRenames\51952b723731d0014d1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-com-complus-setup-dl_1ee4026d5f5876ce.cdf-ms", Destination = [l:242{121}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-com-complus-setup-dl_1
2015-01-15 18:52:23, Info CSI ee4026d5f5876ce.cdf-ms"
14: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\b1f62d723731d0014e1500008c13c807.$$_system32_migwiz_dlmanifests_networking-mpssvc-svc_e23ab12e0e23ec55.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_networking-mpssvc-svc_e23ab12e0e23ec55.cdf-ms"
15: Move File: Source = [l:326{163}]"\SystemRoot\WinSxS\Temp\PendingRenames\d21a35723731d0014f1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-mediaplayer-drm-dl_552be0fd1dd444d0.cdf-ms", Destination = [l:238{119}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-mediaplayer-drm-dl_552be0fd1dd444d0.cdf-ms"
16: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\327c37723731d001501500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-ndis_f0ef0c61452d5b28.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-ndis_f0ef0c61452d5b28.cdf-ms"
17: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\53a03e723731d001511500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-unimodem-config_2000ab316115550f.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-unimodem-config_2000ab316115550f.cdf-ms"
18: Move File: Source = [l:306{153}]"\SystemRoot\WinSxS\Temp\PendingRenames\146343723731d001521500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-shmig-dl_45622e527f470963.cdf-ms", Destination = [l:218{109}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-shmig-dl_45622e527f470963.cdf-ms"
19: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\146343723731d001531500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-tapisetup_0be6007940c10533.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-tapisetup_0be6007940c1053
2015-01-15 18:52:23, Info CSI 3.cdf-ms"
20: Move File: Source = [l:340{170}]"\SystemRoot\WinSxS\Temp\PendingRenames\d42548723731d001541500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-networkloadbalancing-core_c9b56fe0156d9ead.cdf-ms", Destination = [l:252{126}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-networkloadbalancing-core_c9b56fe0156d9ead.cdf-ms"
21: Move File: Source = [l:334{167}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5494f723731d001551500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-dhcpservermigplugin-dl_0534ab06e10ae139.cdf-ms", Destination = [l:246{123}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-dhcpservermigplugin-dl_0534ab06e10ae139.cdf-ms"
22: Move File: Source = [l:340{170}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5494f723731d001561500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-directoryservices-adam-dl_6c3018cc6f347ede.cdf-ms", Destination = [l:252{126}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-directoryservices-adam-dl_6c3018cc6f347ede.cdf-ms"
23: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5494f723731d001571500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-offlinefiles-dl_ed0c7082ff497ba5.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-offlinefiles-dl_ed0c7082ff497ba5.cdf-ms"
24: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5494f723731d001581500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-rasapi_86cec7ccd5753cec.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-rasapi_86cec7ccd5753cec.cdf-ms"
25: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\b60c54723731d001591500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-iis-dl_8822f736d253acda.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\$
2015-01-15 18:52:23, Info CSI $_system32_migwiz_dlmanifests_microsoft-windows-iis-dl_8822f736d253acda.cdf-ms"
26: Move File: Source = [l:328{164}]"\SystemRoot\WinSxS\Temp\PendingRenames\b60c54723731d0015a1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-rasserver-migplugin_9fbe397ae34120be.cdf-ms", Destination = [l:240{120}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-rasserver-migplugin_9fbe397ae34120be.cdf-ms"
27: Move File: Source = [l:306{153}]"\SystemRoot\WinSxS\Temp\PendingRenames\b60c54723731d0015b1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-wmi-core_0fa6ec0ad029fddb.cdf-ms", Destination = [l:218{109}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-wmi-core_0fa6ec0ad029fddb.cdf-ms"
28: Move File: Source = [l:360{180}]"\SystemRoot\WinSxS\Temp\PendingRenames\166e56723731d0015c1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-performancecounterinfrastructure-dl_887290e36ed2c960.cdf-ms", Destination = [l:272{136}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-performancecounterinfrastructure-dl_887290e36ed2c960.cdf-ms"
29: Move File: Source = [l:304{152}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7305b723731d0015d1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-adfs-dl_893986f097ae8ea9.cdf-ms", Destination = [l:216{108}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-adfs-dl_893986f097ae8ea9.cdf-ms"
30: Move File: Source = [l:322{161}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7305b723731d0015e1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-com-dtc-setup-dl_a3b468532c03dbe0.cdf-ms", Destination = [l:234{117}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-com-dtc-setup-dl_a3b468532c03dbe0.cdf-ms"
31: Move File: Source = [l:340{170}]"\SystemRoot\WinSxS\Temp\PendingRenames\37925d723731d0015f1500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-msmq-messagingcoreservice_a2ca72db0
2015-01-15 18:52:23, Info CSI bdebee3.cdf-ms", Destination = [l:252{126}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-msmq-messagingcoreservice_a2ca72db0bdebee3.cdf-ms"
32: Move File: Source = [l:322{161}]"\SystemRoot\WinSxS\Temp\PendingRenames\37925d723731d001601500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-bluetooth-config_40d5c57bfa898bfd.cdf-ms", Destination = [l:234{117}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-bluetooth-config_40d5c57bfa898bfd.cdf-ms"
33: Move File: Source = [l:328{164}]"\SystemRoot\WinSxS\Temp\PendingRenames\37925d723731d001611500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-iasserver-migplugin_96e6769f772696e5.cdf-ms", Destination = [l:240{120}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-iasserver-migplugin_96e6769f772696e5.cdf-ms"
34: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\f75462723731d001621500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-sxs_214556d37cabee6c.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-sxs_214556d37cabee6c.cdf-ms"
35: Move File: Source = [l:330{165}]"\SystemRoot\WinSxS\Temp\PendingRenames\f75462723731d001631500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-rasconnectionmanager_2597396f593c1559.cdf-ms", Destination = [l:242{121}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-rasconnectionmanager_2597396f593c1559.cdf-ms"
36: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\f75462723731d001641500008c13c807.$$_system32_migwiz_dlmanifests_bitsextensions-server_7d542a16c26409f3.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_bitsextensions-server_7d542a16c26409f3.cdf-ms"
37: Move File: Source = [l:332{166}]"\SystemRoot\WinSxS\Temp\PendingRenames\58b664723731d001651500008c13c807.$$_system32_migwiz_dlmanifests_microsoft
2015-01-15 18:52:23, Info CSI -windows-international-core-dl_d66e65e1080457e5.cdf-ms", Destination = [l:244{122}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-international-core-dl_d66e65e1080457e5.cdf-ms"
38: Move File: Source = [l:334{167}]"\SystemRoot\WinSxS\Temp\PendingRenames\58b664723731d001661500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-activedirectory-webservices-dl_b2cdce29afb29e47.cdf-ms", Destination = [l:246{123}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-activedirectory-webservices-dl_b2cdce29afb29e47.cdf-ms"
39: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\58b664723731d001671500008c13c807.$$_system32_migwiz_dlmanifests_microsoft-windows-networkbridge_6f3babcf8612f78b.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-networkbridge_6f3babcf8612f78b.cdf-ms"
40: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\9e1499723731d001681500008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
41: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\fe759b723731d001691500008c13c807.program_files_windows_mail_e07902f329fe05e9.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms"
42: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\be38a0723731d0016a1500008c13c807.program_files_windows_mail_en-us_4eecf28483baad93.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_mail_en-us_4eecf28483baad93.cdf-ms"
43: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\028cc1723731d0016b1500008c13c807.$$_globalization_mct_mct-fr_link_61883fa127c9357e.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-fr_link_61883fa127c9357e.cdf-ms"
44: Move File: Source = [l:256{128}
2015-01-15 18:52:23, Info CSI ]"\SystemRoot\WinSxS\Temp\PendingRenames\956963733731d0016c1500008c13c807.$$_globalization_mct_mct-kr_link_60d41355295e9929.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-kr_link_60d41355295e9929.cdf-ms"
45: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\552c68733731d0016d1500008c13c807.$$_globalization_mct_mct-in_link_6114231528e07a27.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-in_link_6114231528e07a27.cdf-ms"
46: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\58377b733731d0016e1500008c13c807.$$_globalization_mct_mct-br_link_621863112684e5c2.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-br_link_621863112684e5c2.cdf-ms"
47: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\c1c4c9733731d0016f1500008c13c807.$$_globalization_mct_mct-es_link_61ae48fb276f1f58.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-es_link_61ae48fb276f1f58.cdf-ms"
48: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{caba9027-caf4-2360-f9a8-572bb66ac5ae}", Type = REG_SZ (1), Data = {l:166 ml:166 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c004c0061006e00670043006c00650061006e00750070005300..730070007200650070005f00470065006e006500720061006c0069007a0065005f004d00550049004c0061006e00670043006c00650061006e00750070000000}

POQ 49 ends.
2015-01-15 18:52:23, Info CSI 000000fd [SR] Verify complete
2015-01-15 18:52:23, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2015-01-15 18:52:23, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2015-01-15 18:52:39, Info CSI 00000100 Repair results created:
POQ 50 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\059f887b3731d001d41500008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\059f887b3731d001d51500008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\8624927b3731d001d61500008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\07aa9b7b3731d001d71500008c13c807.$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms"
4: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\c86ca07b3731d001d81500008c13c807.$$_system32_migwiz_replacementmanifests_174c7b92bb7d581f.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_174c7b92bb7d581f.cdf-ms"
5: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\28cea27b3731d001d91500008c13c807.$$_system32_migwiz_replacementmanifests_usb_395978177bf6d5e1.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_usb_395978177bf6d5e1.cdf-ms"
6: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\49f2a97b3731d001da1500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-windows-ndis_b44547c729f73574.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-ndis_b44547c729f73574.cdf-ms"
7: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\a953ac7b3731d001db1500008c13c807.$$_system32_migwiz_replacementm
2015-01-15 18:52:39, Info CSI anifests_windowssearchengine_145004789b880a4a.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_windowssearchengine_145004789b880a4a.cdf-ms"
8: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\ca77b37b3731d001dc1500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-windows-iis-rm_9ee468490d6de347.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-iis-rm_9ee468490d6de347.cdf-ms"
9: Move File: Source = [l:318{159}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a3ab87b3731d001dd1500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-windows-shmig_9ef85dcb89d16c58.cdf-ms", Destination = [l:230{115}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-shmig_9ef85dcb89d16c58.cdf-ms"
10: Move File: Source = [l:328{164}]"\SystemRoot\WinSxS\Temp\PendingRenames\4bfdbc7b3731d001de1500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-international-core_05a14960964e6af4.cdf-ms", Destination = [l:240{120}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-international-core_05a14960964e6af4.cdf-ms"
11: Move File: Source = [l:342{171}]"\SystemRoot\WinSxS\Temp\PendingRenames\2ce4c87b3731d001df1500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-windows-offlinefiles-core_3b64983f65339578.cdf-ms", Destination = [l:254{127}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-offlinefiles-core_3b64983f65339578.cdf-ms"
12: Move File: Source = [l:368{184}]"\SystemRoot\WinSxS\Temp\PendingRenames\8d45cb7b3731d001e01500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-windows-terminalservices-licenseserver_cff2bf5f876a8fcd.cdf-ms", Destination = [l:280{140}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-terminalservices-licenseserver_cff2bf5f876a8fcd.cdf-ms"
13: Move File: Source =
2015-01-15 18:52:39, Info CSI [l:380{190}]"\SystemRoot\WinSxS\Temp\PendingRenames\8d45cb7b3731d001e11500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-windows-terminalservices-appserver-licensing_10d3d9d862990d9c.cdf-ms", Destination = [l:292{146}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-terminalservices-appserver-licensing_10d3d9d862990d9c.cdf-ms"
14: Move File: Source = [l:346{173}]"\SystemRoot\WinSxS\Temp\PendingRenames\4d08d07b3731d001e21500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-windows-audio-mmecore-other_5137bedd30b4e5d8.cdf-ms", Destination = [l:258{129}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-audio-mmecore-other_5137bedd30b4e5d8.cdf-ms"
15: Move File: Source = [l:346{173}]"\SystemRoot\WinSxS\Temp\PendingRenames\6e2cd77b3731d001e31500008c13c807.$$_system32_migwiz_replacementmanifests_microsoft-activedirectory-webservices_fbfc8031b6420fb6.cdf-ms", Destination = [l:258{129}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-activedirectory-webservices_fbfc8031b6420fb6.cdf-ms"
16: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\31faee7b3731d001e41500008c13c807.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms"
17: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\915bf17b3731d001e51500008c13c807.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms"
18: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\7242fd7b3731d001e61500008c13c807.$$_globalization_mct_0b932a9a9cc9f99b.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_0b932a9a9cc9f99b.cdf-ms"
19: Move File: Source = [l:256{128}]"\SystemRoot\Wi
2015-01-15 18:52:39, Info CSI nSxS\Temp\PendingRenames\1902347c3731d001e71500008c13c807.$$_globalization_mct_mct-tw_link_5f99c60f2c0b417d.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-tw_link_5f99c60f2c0b417d.cdf-ms"
20: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c314e7c3731d001e81500008c13c807.$$_globalization_mct_mct-ru_link_5fddd6cb2b7b1e0d.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-ru_link_5fddd6cb2b7b1e0d.cdf-ms"
21: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\1d185a7c3731d001e91500008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
22: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\fefe657c3731d001ea1500008c13c807.program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms"
23: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\bfc16a7c3731d001eb1500008c13c807.program_files_windows_media_player_en-us_94ff97943fc617cd.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_en-us_94ff97943fc617cd.cdf-ms"
24: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\616b7b7c3731d001ec1500008c13c807.$$_globalization_mct_mct-us_link_5f6dbb3b2c805e48.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-us_link_5f6dbb3b2c805e48.cdf-ms"
25: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\4252877c3731d001ed1500008c13c807.$$_globalization_mct_mct-pl_link_6013e4152b2a0a1e.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-pl_link_6013e4152b2a0a1e.cdf-ms"

POQ 50 ends.
2015-01-15 18:52:39, Info CSI 00000101 [SR] Verify complete
2015-01-15 18:52:39, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:52:39, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2015-01-15 18:52:51, Info CSI 00000104 Repair results created:
POQ 51 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\6a9d4e833731d001521600008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\2b6053833731d001531600008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\8bc155833731d001541600008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\4b845a833731d001551600008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\6ca861833731d001561600008c13c807.program_files_common_files_microsoft_shared_dao_3c86dc390b3b2f48.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_dao_3c86dc390b3b2f48.cdf-ms"
5: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\d32a9d833731d001571600008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\54b0a6833731d001581600008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
7: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\b411a9833731d001591600008c13c807.$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps
2015-01-15 18:52:51, Info CSI \$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms"
8: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\75d4ad833731d0015a1600008c13c807.$$_system32_migwiz_en-us_b32d907252d3e073.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_en-us_b32d907252d3e073.cdf-ms"
9: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\2ff78f843731d0015b1600008c13c807.$$_system32_migwiz_postmigres_data_8383ed297796e30e.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_postmigres_data_8383ed297796e30e.cdf-ms"
10: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\2ff78f843731d0015c1600008c13c807.$$_system32_migwiz_postmigres_web_997c3ff186280ede.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_postmigres_web_997c3ff186280ede.cdf-ms"
11: Move File: Source = [l:282{141}]"\SystemRoot\WinSxS\Temp\PendingRenames\8f5892843731d0015d1600008c13c807.$$_system32_migwiz_postmigres_web_base_images_0e64dea9756e1d4c.cdf-ms", Destination = [l:194{97}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migwiz_postmigres_web_base_images_0e64dea9756e1d4c.cdf-ms"

POQ 51 ends.
2015-01-15 18:52:51, Info CSI 00000105 [SR] Verify complete
2015-01-15 18:52:51, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:52:51, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2015-01-15 18:53:27, Info CSI 00000108 Repair results created:
POQ 52 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\27d751913731d001c21600008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\27d751913731d001c31600008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\e79956913731d001c41600008c13c807.$$_globalization_mct_0b932a9a9cc9f99b.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_0b932a9a9cc9f99b.cdf-ms"
3: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\e79956913731d001c51600008c13c807.$$_globalization_mct_mct-nl_wallpaper_7235f966b110fc48.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-nl_wallpaper_7235f966b110fc48.cdf-ms"
4: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\a85c5b913731d001c61600008c13c807.$$_globalization_mct_mct-nl_theme_8967bd886cf6373b.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-nl_theme_8967bd886cf6373b.cdf-ms"
5: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\a85c5b913731d001c71600008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
6: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\691f60913731d001c81600008c13c807.program_files_windows_mail_e07902f329fe05e9.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms"
7: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\29e264913731d001c91600008c13c807.program_files_windows_mail_en-us_4eecf28483baad93.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\program
2015-01-15 18:53:27, Info CSI _files_windows_mail_en-us_4eecf28483baad93.cdf-ms"
8: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\dde30d923731d001ca1600008c13c807.$$_globalization_mct_mct-fr_wallpaper_05f024915762788a.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-fr_wallpaper_05f024915762788a.cdf-ms"
9: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\fd0715923731d001cb1600008c13c807.$$_globalization_mct_mct-fr_theme_8a94075c6a378a79.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-fr_theme_8a94075c6a378a79.cdf-ms"
10: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\beca19923731d001cc1600008c13c807.$$_globalization_mct_mct-fr_rssfeed_4ac0bceb7c80d736.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-fr_rssfeed_4ac0bceb7c80d736.cdf-ms"
11: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\85ae57923731d001cd1600008c13c807.$$_globalization_mct_mct-ca_wallpaper_2a609fdb2b110530.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-ca_wallpaper_2a609fdb2b110530.cdf-ms"
12: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\46715c923731d001ce1600008c13c807.$$_globalization_mct_mct-ca_theme_8ade199269dd7453.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-ca_theme_8ade199269dd7453.cdf-ms"
13: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\bc401d933731d001cf1600008c13c807.$$_globalization_mct_mct-us_wallpaper_fd038f79a93f8240.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-us_wallpaper_fd038f79a93f8240.cdf-ms"
14: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\1ca21f933731d001d01600008c13c807.$$_globalization_mct_mct-us_rssfeed_41d427d3ce5de0ec.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mc
2015-01-15 18:53:27, Info CSI t_mct-us_rssfeed_41d427d3ce5de0ec.cdf-ms"
15: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\1ca21f933731d001d11600008c13c807.$$_globalization_mct_mct-us_theme_887982f66eeeb343.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-us_theme_887982f66eeeb343.cdf-ms"
16: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\08c08a933731d001d21600008c13c807.$$_globalization_mct_mct-za_wallpaper_92a67a51c073d8f7.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-za_wallpaper_92a67a51c073d8f7.cdf-ms"
17: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\c9828f933731d001d31600008c13c807.$$_globalization_mct_mct-za_theme_87a14dce71263ecc.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-za_theme_87a14dce71263ecc.cdf-ms"
18: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5ddf5933731d001d41600008c13c807.$$_globalization_mct_mct-cn_wallpaper_372e32f4f173ef3b.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-cn_wallpaper_372e32f4f173ef3b.cdf-ms"
19: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\1602fd933731d001d51600008c13c807.$$_globalization_mct_mct-cn_rssfeed_7bfecb4f16924de7.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-cn_rssfeed_7bfecb4f16924de7.cdf-ms"
20: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\7663ff933731d001d61600008c13c807.$$_globalization_mct_mct-cn_theme_8af81ff869685788.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-cn_theme_8af81ff869685788.cdf-ms"
21: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\a4c978943731d001d71600008c13c807.$$_globalization_mct_mct-in_wallpaper_ccd11e1de0c55e21.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-in_wall
2015-01-15 18:53:27, Info CSI paper_ccd11e1de0c55e21.cdf-ms"
22: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\042b7b943731d001d81600008c13c807.$$_globalization_mct_mct-in_theme_8a1fead06b4ecf22.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-in_theme_8a1fead06b4ecf22.cdf-ms"
23: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\f353f9943731d001d91600008c13c807.$$_globalization_mct_mct-jp_wallpaper_bd0f2dfdffcb2ee0.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-jp_wallpaper_bd0f2dfdffcb2ee0.cdf-ms"
24: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\53b5fb943731d001da1600008c13c807.$$_globalization_mct_mct-jp_theme_89ffe2f06b8ddea3.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-jp_theme_89ffe2f06b8ddea3.cdf-ms"
25: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\811b75953731d001db1600008c13c807.$$_globalization_mct_mct-kr_wallpaper_ad4d3dde1ed0ff9f.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-kr_wallpaper_ad4d3dde1ed0ff9f.cdf-ms"
26: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\41de79953731d001dc1600008c13c807.$$_globalization_mct_mct-kr_theme_89dfdb106bccee24.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-kr_theme_89dfdb106bccee24.cdf-ms"
27: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\e308a1963731d001dd1600008c13c807.$$_globalization_mct_mct-de_wallpaper_1c96edbf4139bedd.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-de_wallpaper_1c96edbf4139bedd.cdf-ms"
28: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\e308a1963731d001de1600008c13c807.$$_globalization_mct_mct-de_theme_8ac212ae6a0a7f66.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-de_theme_8ac212ae6
2015-01-15 18:53:27, Info CSI a0a7f66.cdf-ms"
29: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\6dbaf6963731d001df1600008c13c807.$$_globalization_mct_mct-mx_wallpaper_8fc19ba253ff8a0b.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-mx_wallpaper_8fc19ba253ff8a0b.cdf-ms"
30: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\ce1bf9963731d001e01600008c13c807.$$_globalization_mct_mct-mx_theme_89a3cc4c6c3908b8.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-mx_theme_89a3cc4c6c3908b8.cdf-ms"
31: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\168540973731d001e11600008c13c807.$$_globalization_mct_mct-tr_wallpaper_0dc19e9b85cb25f8.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-tr_wallpaper_0dc19e9b85cb25f8.cdf-ms"
32: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\76e642973731d001e21600008c13c807.$$_globalization_mct_mct-tr_theme_889b8b546ea6a18b.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-tr_theme_889b8b546ea6a18b.cdf-ms"
33: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\23c7b2973731d001e31600008c13c807.$$_globalization_mct_mct-tw_wallpaper_12ae39a56fa26c4b.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-tw_wallpaper_12ae39a56fa26c4b.cdf-ms"
34: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\a44cbc973731d001e41600008c13c807.$$_globalization_mct_mct-tw_rssfeed_577ed1ff94c0caf7.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-tw_rssfeed_577ed1ff94c0caf7.cdf-ms"
35: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\a44cbc973731d001e51600008c13c807.$$_globalization_mct_mct-tw_theme_88a58dca6e799678.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-tw_theme_88a58dca6e799678.cdf
2015-01-15 18:53:27, Info CSI -ms"
36: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\f5e14f983731d001e61600008c13c807.$$_globalization_mct_mct-pl_wallpaper_4ec19d1f00d6cbea.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-pl_wallpaper_4ec19d1f00d6cbea.cdf-ms"
37: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6a454983731d001e71600008c13c807.$$_globalization_mct_mct-pl_theme_891fabd06d985f19.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-pl_theme_891fabd06d985f19.cdf-ms"
38: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\1c2790983731d001e81600008c13c807.$$_globalization_mct_mct-es_wallpaper_18a671b72b110530.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-es_wallpaper_18a671b72b110530.cdf-ms"
39: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\fe0d9c983731d001e91600008c13c807.$$_globalization_mct_mct-es_theme_8aba10b669dd7453.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-es_theme_8aba10b669dd7453.cdf-ms"
40: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\3f56aa983731d001ea1600008c13c807.$$_globalization_mct_mct-br_wallpaper_4cd8dd20b7d6d946.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-br_wallpaper_4cd8dd20b7d6d946.cdf-ms"
41: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0b7ac983731d001eb1600008c13c807.$$_globalization_mct_mct-br_rssfeed_91a9757adcf537f2.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-br_rssfeed_91a9757adcf537f2.cdf-ms"
42: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\0019af983731d001ec1600008c13c807.$$_globalization_mct_mct-br_theme_8b242acc68f33abd.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-br_theme_8b242acc68f33abd.cdf-ms"
4
2015-01-15 18:53:27, Info CSI 3: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\446cd0983731d001ed1600008c13c807.$$_globalization_mct_mct-it_wallpaper_d2b9d829c62e18eb.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-it_wallpaper_d2b9d829c62e18eb.cdf-ms"
44: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\042fd5983731d001ee1600008c13c807.$$_globalization_mct_mct-it_theme_8a2bedc46b18c1d8.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-it_theme_8a2bedc46b18c1d8.cdf-ms"
45: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\74dd5c993731d001ef1600008c13c807.$$_globalization_mct_mct-ru_wallpaper_342a57e928b9b3bb.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-ru_wallpaper_342a57e928b9b3bb.cdf-ms"
46: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\d43e5f993731d001f01600008c13c807.$$_globalization_mct_mct-ru_theme_88e99e866de97308.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-ru_theme_88e99e866de97308.cdf-ms"
47: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\5ce5a1993731d001f11600008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
48: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\1ca8a6993731d001f21600008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
49: Move File: Source = [l:300{150}]"\SystemRoot\WinSxS\Temp\PendingRenames\dd6aab993731d001f31600008c13c807.program_files_common_files_microsoft_shared_stationery_3f6c21eb4ac66a56.cdf-ms", Destination = [l:212{106}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_stationery_3f6c2
2015-01-15 18:53:27, Info CSI 1eb4ac66a56.cdf-ms"
50: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\3fd7c0993731d001f41600008c13c807.$$_globalization_mct_mct-au_wallpaper_6187684a82a84eda.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-au_wallpaper_6187684a82a84eda.cdf-ms"
51: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\60fbc7993731d001f51600008c13c807.$$_globalization_mct_mct-au_theme_8b4e352268872029.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-au_theme_8b4e352268872029.cdf-ms"
52: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\745e739a3731d001f61600008c13c807.$$_globalization_mct_mct-gb_wallpaper_e474064dc62e18eb.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-gb_wallpaper_e474064dc62e18eb.cdf-ms"
53: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\d4bf759a3731d001f71600008c13c807.$$_globalization_mct_mct-gb_theme_8a4ff6a06b18c1d8.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-gb_theme_8a4ff6a06b18c1d8.cdf-ms"
54: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\95827a9a3731d001f81600008c13c807.$$_globalization_mct_mct-gb_rssfeed_29449ea7eb4c7797.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_mct_mct-gb_rssfeed_29449ea7eb4c7797.cdf-ms"
55: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{fac80c8b-8a93-0a48-c3b8-8689a568f16e}", Type = REG_SZ (1), Data = {l:180 ml:180 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0041007500780069006c006900610072007900440069007300..64006f00770073005300690064006500530068006f0077005f0053007900730070007200650070005f00470065006e006500720061006c0069007a0065000000}

POQ 52 ends.
2015-01-15 18:53:27, Info CSI 00000109 [SR] Verify complete
2015-01-15 18:53:28, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2015-01-15 18:53:28, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2015-01-15 18:53:46, Info CSI 0000010c Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\he-IL" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"he-IL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:51, Info CSI 0000010d Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\sl-SI" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"sl-SI", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:52, Info CSI 0000010e Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\en-US" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-us", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:52, Info CSI 0000010f Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pt-BR" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pt-BR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:53, Info CSI 00000110 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ar-SA" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ar-SA", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:53, Info CSI 00000111 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\el-GR" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"el-GR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:53, Info CSI 00000112 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ko-KR" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ko-KR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:54, Info CSI 00000113 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\da-DK" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"da-DK", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:54, Info CSI 00000114 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\et-EE" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"et-EE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:54, Info CSI 00000115 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\it-IT" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"it-IT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:56, Info CSI 00000116 Ignoring duplicate ownership for directory [l:114{57}]"\??\C:\Program Files\Windows Media Player\Network Sharing" in component Microsoft-Windows-MediaPlayer-Core, Version = 6.1.7601.18150, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:56, Info CSI 00000117 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\fi-FI" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"fi-FI", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:56, Info CSI 00000118 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\fr-FR" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"fr-FR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:56, Info CSI 00000119 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\nl-NL" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"nl-NL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:57, Info CSI 0000011a Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\sk-SK" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"sk-SK", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:57, Info CSI 0000011b Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\hr-HR" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"hr-HR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:57, Info CSI 0000011c Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\hu-HU" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"hu-HU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:57, Info CSI 0000011d Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pl-PL" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pl-PL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:57, Info CSI 0000011e Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pt-PT" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pt-PT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 0000011f Ignoring duplicate ownership for directory [l:68{34}]"\??\C:\Windows\System32\sr-Latn-CS" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:20{10}]"sr-Latn-CS", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000120 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\es-ES" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"es-ES", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000121 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\bg-BG" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"bg-BG", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000122 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ro-RO" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ro-RO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000123 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ru-RU" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ru-RU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000124 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\cs-CZ" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"cs-CZ", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000125 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\de-DE" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"de-DE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000126 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\lt-LT" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"lt-LT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:58, Info CSI 00000127 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\lv-LV" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"lv-LV", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:59, Info CSI 00000128 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ja-JP" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ja-JP", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:53:59, Info CSI 00000129 Repair results created:
POQ 53 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\fa0384a53731d0015d1700008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\fa0384a53731d0015e1700008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\dbea8fa53731d0015f1700008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\9cad94a53731d001601700008c13c807.$$_system32_he-il_48502d1c7c4f6669.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms"
4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f15a7ba83731d001611700008c13c807.$$_system32_nb-no_53b700d66b352886.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f670a1a83731d001621700008c13c807.$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms"
6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e28e0ca93731d001631700008c13c807.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
7: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\0ad44ca93731d001641700008c13c807.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms"
8: Move File: Source = [l:226{113}]"
2015-01-15 18:53:59, Info CSI \SystemRoot\WinSxS\Temp\PendingRenames\8d6469a93731d001651700008c13c807.$$_system32_pt-br_5783f3346581bed3.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms"
9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8f6f7ca93731d001661700008c13c807.$$_system32_ar-sa_3b02d130904371b4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms"
10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\705688a93731d001671700008c13c807.$$_system32_el-gr_429cd0b684dc71bd.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms"
11: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3324a0a93731d001681700008c13c807.$$_system32_ko-kr_4e039de673c23e4a.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms"
12: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\82ae20aa3731d001691700008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
13: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\82ae20aa3731d0016a1700008c13c807.program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms"
14: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\e20f23aa3731d0016b1700008c13c807.program_files_windows_media_player_skins_94ff8de43fd42ce5.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_skins_94ff8de43fd42ce5.cdf-ms"
15: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\03342aaa3731d0016c1700008c13c807.program_files_windows_media_player_icons_94ff7ddc3fca431d.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps
2015-01-15 18:53:59, Info CSI \program_files_windows_media_player_icons_94ff7ddc3fca431d.cdf-ms"
16: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4f62eaa3731d0016d1700008c13c807.program_files_windows_media_player_visualizations_e380711fc66b5d12.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_visualizations_e380711fc66b5d12.cdf-ms"
17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ca1768aa3731d0016e1700008c13c807.$$_system32_da-dk_40b64d5e87b63595.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms"
18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\0c6076aa3731d0016f1700008c13c807.$$_system32_et-ee_429cb6e884dc9948.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms"
19: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\6ecc8baa3731d001701700008c13c807.$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms"
20: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\2f10a7ab3731d001711700008c13c807.program_files_windows_media_player_media_renderer_5001a1a5de706f6e.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_media_renderer_5001a1a5de706f6e.cdf-ms"
21: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\efd2abab3731d001721700008c13c807.program_files_windows_media_player_network_sharing_aed05552f451fd7d.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_network_sharing_aed05552f451fd7d.cdf-ms"
22: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\f2ddbeab3731d001731700008c13c807.$$_system32_fi-fi_448337a68202d703.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms"
2015-01-15 18:53:59, Info CSI
23: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3326cdab3731d001741700008c13c807.$$_system32_fr-fr_448347788202c03b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms"
24: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\756edbab3731d001751700008c13c807.$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms"
25: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\3e5d2cac3731d001761700008c13c807.$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms"
26: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0063dac3731d001771700008c13c807.$$_system32_hr-hr_485036ac7c4f596f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms"
27: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\82b04dac3731d001781700008c13c807.$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms"
28: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\245a5eac3731d001791700008c13c807.$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms"
29: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\266571ac3731d0017a1700008c13c807.$$_system32_pt-pt_5783f7006581b92f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms"
30: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\287084ac3731d0017b1700008c13c807.$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-m
2015-01-15 18:53:59, Info CSI s"
31: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\0a5790ac3731d0017c1700008c13c807.$$_system32_es-es_429cd1a084dc7119.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms"
32: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\4b9f9eac3731d0017d1700008c13c807.$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms"
33: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\4eaab1ac3731d0017e1700008c13c807.$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms"
34: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\50b5c4ac3731d0017f1700008c13c807.$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms"
35: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\52c0d7ac3731d001801700008c13c807.$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms"
36: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\9408e6ac3731d001811700008c13c807.$$_system32_de-de_40b6416a87b647ef.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms"
37: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\36b2f6ac3731d001821700008c13c807.$$_system32_lt-lt_4fea189870e886c7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms"
38: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\38bd09ad3731d001831700008c13c807.$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms"

2015-01-15 18:53:59, Info CSI 39: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\da661aad3731d001841700008c13c807.programdata_microsoft_windows_drm_1409f63e8e701274.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_drm_1409f63e8e701274.cdf-ms"
40: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\5bec23ad3731d001851700008c13c807.programdata_microsoft_windows_drm_cache_0462a9ca8b56f2bc.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_drm_cache_0462a9ca8b56f2bc.cdf-ms"
41: Set File Information: File = [l:92{46}]"\??\C:\ProgramData\Microsoft\Windows\DRM\Cache", Attributes = 00000086
42: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\9c3432ad3731d001861700008c13c807.$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms"
43: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{bf281659-8e31-15b8-8be8-952d26f3a531}", Type = REG_SZ (1), Data = {l:134 ml:134 b:43003a005c00500072006f006700720061006d002000460069006c00650073005c00570069006e0064006f007700730020004d00650064006900610020005000..650072005c0077006d007300730065007400750070002e0064006c006c002c0053007900730050007200650070005f0043006c00650061006e00750070000000}
44: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{ad80020d-cdd2-0d41-1b30-cf21359228e2}", Type = REG_SZ (1), Data = {l:66 b:7300700077006d0070002e0064006c006c002c0053007900730070007200650070005f00470065006e006500720061006c0069007a0065005f0057004d0050000000}
45: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{230f0754-852e-7035-6049-1807de6941d3}", Type = REG_SZ (1), Data = {l:42 b:640072006d007600320063006c0
2015-01-15 18:53:59, Info CSI 074002e0064006c006c002c0053007900730070007200650070000000}

POQ 53 ends.
2015-01-15 18:53:59, Info CSI 0000012a [SR] Verify complete
2015-01-15 18:53:59, Info CSI 0000012b [SR] Verifying 100 (0x00000064) components
2015-01-15 18:53:59, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2015-01-15 18:54:03, Info CSI 0000012d Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\uk-UA" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"uk-UA", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:04, Info CSI 0000012e Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\zh-HK" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-HK", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:04, Info CSI 0000012f Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\zh-TW" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-TW", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:04, Info CSI 00000130 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\zh-CN" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"zh-CN", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:05, Info CSI 00000131 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\th-TH" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"th-TH", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:05, Info CSI 00000132 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\tr-TR" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"tr-TR", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:06, Info CSI 00000133 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\sv-SE" in component Microsoft-Windows-mlang.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"sv-SE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:06, Info CSI 00000134 Repair results created:
POQ 54 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\eecbf2af3731d001eb1700008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\eecbf2af3731d001ec1700008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\cfb2feaf3731d001ed1700008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8f7503b03731d001ee1700008c13c807.$$_system32_uk-ua_61042a3457416b73.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms"
4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\311f14b03731d001ef1700008c13c807.$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\130620b03731d001f01700008c13c807.$$_system32_zh-tw_6a84aa664900aad6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms"
6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b5af30b03731d001f11700008c13c807.$$_system32_zh-cn_6a8499504900c466.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms"
7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ff238bb03731d001f21700008c13c807.$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms"
8: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames
2015-01-15 18:54:06, Info CSI \5f858db03731d001f31700008c13c807.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms"
9: Move File: Source = [l:284{142}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0e68fb03731d001f41700008c13c807.$$_system32_tasks_microsoft_windows_synccenter_6c995d37b2976a17.cdf-ms", Destination = [l:196{98}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_synccenter_6c995d37b2976a17.cdf-ms"
10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e315aab03731d001f51700008c13c807.$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms"
11: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e520bdb03731d001f61700008c13c807.$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms"
12: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\4582bfb03731d001f71700008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
13: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\4582bfb03731d001f81700008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
14: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\4582bfb03731d001f91700008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
15: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\a5e3c1b03731d001fa1700008c13c807.program_files_common_files_microsoft_shared_msinfo_817ad0c7c1c8e490.cdf-ms", Destination =
2015-01-15 18:54:06, Info CSI [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_msinfo_817ad0c7c1c8e490.cdf-ms"
16: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\54cf44b13731d001fb1700008c13c807.$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms"
17: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{6547dc9f-8eb1-f49f-af73-72df2987e480}", Type = REG_SZ (1), Data = {l:62 b:6d0073006d006d00730070002e0064006c006c002c004d006f0075006e0074004d00670072005f00470065006e006500720061006c0069007a0065000000}

POQ 54 ends.
2015-01-15 18:54:06, Info CSI 00000135 [SR] Verify complete
2015-01-15 18:54:06, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:54:06, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2015-01-15 18:54:12, Info CSI 00000138 Repair results created:
POQ 55 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\a66605b43731d001601800008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\a66605b43731d001611800008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\06c807b43731d001621800008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\27ec0eb43731d001631800008c13c807.$$_inf_.net_clr_data_0864fda87da3c851.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_data_0864fda87da3c851.cdf-ms"
4: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\27ec0eb43731d001641800008c13c807.$$_inf_.net_clr_data_0409_9334f23ff02764ac.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_data_0409_9334f23ff02764ac.cdf-ms"
5: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\27ec0eb43731d001651800008c13c807.$$_inf_.net_clr_networking_d061836896f4f29d.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_networking_d061836896f4f29d.cdf-ms"
6: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\874d11b43731d001661800008c13c807.$$_inf_.net_clr_networking_0409_417ab2a4909264b0.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_networking_0409_417ab2a4909264b0.cdf-ms"
7: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\874d11b43731d001671800008c13c807.$$_inf_.net_data_provider_for_oracle_07838adde9419766.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_oracle_07838add
2015-01-15 18:54:12, Info CSI e9419766.cdf-ms"
8: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\874d11b43731d001681800008c13c807.$$_inf_.net_data_provider_for_oracle_0409_1ac885a6f00b112b.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_oracle_0409_1ac885a6f00b112b.cdf-ms"
9: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\874d11b43731d001691800008c13c807.$$_inf_.net_data_provider_for_sqlserver_7cfd5f3e72497ce1.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_sqlserver_7cfd5f3e72497ce1.cdf-ms"
10: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\e7ae13b43731d0016a1800008c13c807.$$_inf_.net_data_provider_for_sqlserver_0409_22ef188981b08c78.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_sqlserver_0409_22ef188981b08c78.cdf-ms"
11: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\e7ae13b43731d0016b1800008c13c807.$$_inf_.netframework_266880c2626e99c6.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.netframework_266880c2626e99c6.cdf-ms"
12: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\e7ae13b43731d0016c1800008c13c807.$$_inf_.netframework_0409_fd6b70814927192f.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.netframework_0409_fd6b70814927192f.cdf-ms"
13: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\c9951fb43731d0016d1800008c13c807.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms"
14: Move File: Source = [l:268{134}]"\SystemRoot\WinSxS\Temp\PendingRenames\895824b43731d0016e1800008c13c807.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms", Destination = [l:180{90}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms"
15:
2015-01-15 18:54:12, Info CSI Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0eae9b43731d0016f1800008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
16: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0eae9b43731d001701800008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
17: Move File: Source = [l:304{152}]"\SystemRoot\WinSxS\Temp\PendingRenames\204cecb43731d001711800008c13c807.program_files_common_files_speechengines_microsoft_tts20_01244a1856097a63.cdf-ms", Destination = [l:216{108}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_speechengines_microsoft_tts20_01244a1856097a63.cdf-ms"
18: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\204cecb43731d001721800008c13c807.program_files_common_files_speechengines_microsoft_tts20_en-us_d560227d1a443333.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_speechengines_microsoft_tts20_en-us_d560227d1a443333.cdf-ms"
19: Move File: Source = [l:332{166}]"\SystemRoot\WinSxS\Temp\PendingRenames\204cecb43731d001731800008c13c807.program_files_common_files_speechengines_microsoft_tts20_en-us_enu-dsk_bd3acd2fa8162df2.cdf-ms", Destination = [l:244{122}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_speechengines_microsoft_tts20_en-us_enu-dsk_bd3acd2fa8162df2.cdf-ms"
20: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2f5fcb43731d001741800008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
21: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\e52417b53731d001751800008c13c807.$$_system32_ias_0665534bd047d20d.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ias_0665534bd047d20d.cdf-ms"

2015-01-15 18:54:12, Info CSI

POQ 55 ends.
2015-01-15 18:54:12, Info CSI 00000139 [SR] Verify complete
2015-01-15 18:54:12, Info CSI 0000013a [SR] Verifying 100 (0x00000064) components
2015-01-15 18:54:12, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2015-01-15 18:54:36, Info CSI 0000013c Repair results created:
POQ 56 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\460db7bc3731d001da1800008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\460db7bc3731d001db1800008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c792c0bc3731d001dc1800008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\27f4c2bc3731d001dd1800008c13c807.$$_system32_networklist_029a48465a9cac56.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_networklist_029a48465a9cac56.cdf-ms"
4: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\8755c5bc3731d001de1800008c13c807.$$_system32_networklist_icons_2b49083c03963dec.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_system32_networklist_icons_2b49083c03963dec.cdf-ms"
5: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\8755c5bc3731d001df1800008c13c807.$$_system32_networklist_icons_stockicons_c7f9dde8d52dc62c.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\$$_system32_networklist_icons_stockicons_c7f9dde8d52dc62c.cdf-ms"
6: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\08dbcebc3731d001e01800008c13c807.$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms"
7: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\08dbcebc3731d001e11800008c13c807.$$_microsoft.net_framework_83386eac0379231b.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_83386e
2015-01-15 18:54:36, Info CSI ac0379231b.cdf-ms"
8: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\c99dd3bc3731d001e21800008c13c807.$$_microsoft.net_framework_v3.5_5588a8293fdc4499.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v3.5_5588a8293fdc4499.cdf-ms"
9: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\c99dd3bc3731d001e31800008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
10: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\29ffd5bc3731d001e41800008c13c807.program_files_reference_assemblies_microsoft_framework_v3.5_44577da22216c264.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.5_44577da22216c264.cdf-ms"
11: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\b1a518bd3731d001e51800008c13c807.$$_microsoft.net_framework_v3.5_1033_b573e20073d26166.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v3.5_1033_b573e20073d26166.cdf-ms"
12: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\11071bbd3731d001e61800008c13c807.$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms"
13: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\71681dbd3731d001e71800008c13c807.$$_microsoft.net_framework_v2.0.50727_subsetlist_2a1589056b6db300.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_subsetlist_2a1589056b6db300.cdf-ms"
14: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2c91fbd3731d001e81800008c13c807.program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\
2015-01-15 18:54:36, Info CSI program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms"
15: Move File: Source = [l:332{166}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2c91fbd3731d001e91800008c13c807.program_files_reference_assemblies_microsoft_framework_v3.0_subsetlist_717872f9b2221111.cdf-ms", Destination = [l:244{122}]"\SystemRoot\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_subsetlist_717872f9b2221111.cdf-ms"
16: Move File: Source = [l:332{166}]"\SystemRoot\WinSxS\Temp\PendingRenames\322b22bd3731d001ea1800008c13c807.program_files_reference_assemblies_microsoft_framework_v3.5_redistlist_bd550cc45cc12a27.cdf-ms", Destination = [l:244{122}]"\SystemRoot\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.5_redistlist_bd550cc45cc12a27.cdf-ms"
17: Move File: Source = [l:332{166}]"\SystemRoot\WinSxS\Temp\PendingRenames\928c24bd3731d001eb1800008c13c807.program_files_reference_assemblies_microsoft_framework_v3.5_subsetlist_76650e039bf95764.cdf-ms", Destination = [l:244{122}]"\SystemRoot\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.5_subsetlist_76650e039bf95764.cdf-ms"
18: Move File: Source = [l:284{142}]"\SystemRoot\WinSxS\Temp\PendingRenames\949737bd3731d001ec1800008c13c807.$$_microsoft.net_framework_v2.0.50727_mui_0409_fbbb44c0c63bd26c.cdf-ms", Destination = [l:196{98}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_mui_0409_fbbb44c0c63bd26c.cdf-ms"
19: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\555a3cbd3731d001ed1800008c13c807.$$_microsoft.net_framework_v2.0.50727_1033_7994eb100abd5435.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_1033_7994eb100abd5435.cdf-ms"
20: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\b5bb3ebd3731d001ee1800008c13c807.$$_microsoft.net_framework_v2.0.50727_config_9a0d48f3c07d2a12.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_fra
2015-01-15 18:54:36, Info CSI mework_v2.0.50727_config_9a0d48f3c07d2a12.cdf-ms"
21: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\b5bb3ebd3731d001ef1800008c13c807.$$_microsoft.net_framework_v1.0.3705_b19cf3207984c497.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v1.0.3705_b19cf3207984c497.cdf-ms"
22: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\161d41bd3731d001f01800008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
23: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\767e43bd3731d001f11800008c13c807.$$_inf_.net_clr_data_0864fda87da3c851.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_data_0864fda87da3c851.cdf-ms"
24: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\767e43bd3731d001f21800008c13c807.$$_inf_.net_clr_data_0000_9334e121f0277e71.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_data_0000_9334e121f0277e71.cdf-ms"
25: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\767e43bd3731d001f31800008c13c807.$$_inf_.net_clr_networking_d061836896f4f29d.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_networking_d061836896f4f29d.cdf-ms"
26: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6df45bd3731d001f41800008c13c807.$$_inf_.net_clr_networking_0000_417aaafa90927065.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_clr_networking_0000_417aaafa90927065.cdf-ms"
27: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6df45bd3731d001f51800008c13c807.$$_inf_.net_data_provider_for_oracle_07838adde9419766.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_oracle_07838adde9419766.cdf-ms"
28: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6df45bd37
2015-01-15 18:54:36, Info CSI 31d001f61800008c13c807.$$_inf_.net_data_provider_for_oracle_0000_1ac87488f00b2af0.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_oracle_0000_1ac87488f00b2af0.cdf-ms"
29: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\d6df45bd3731d001f71800008c13c807.$$_inf_.net_data_provider_for_sqlserver_7cfd5f3e72497ce1.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_sqlserver_7cfd5f3e72497ce1.cdf-ms"
30: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\364148bd3731d001f81800008c13c807.$$_inf_.net_data_provider_for_sqlserver_0000_22ef191981b08b2b.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.net_data_provider_for_sqlserver_0000_22ef191981b08b2b.cdf-ms"
31: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\364148bd3731d001f91800008c13c807.$$_inf_.netframework_266880c2626e99c6.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.netframework_266880c2626e99c6.cdf-ms"
32: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\97a24abd3731d001fa1800008c13c807.$$_inf_.netframework_0000_fd6b5f63492732f4.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_inf_.netframework_0000_fd6b5f63492732f4.cdf-ms"
33: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\182854bd3731d001fb1800008c13c807.$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms"
34: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\ceb980c33731d001fc1800008c13c807.program_files_msbuild_microsoft_windows_workflow_foundation_v3.5_06f0ac2a38886194.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\program_files_msbuild_microsoft_windows_workflow_foundation_v3.5_06f0ac2a38886194.cdf-ms"

POQ 56 ends.
2015-01-15 18:54:36, Info CSI 0000013d [SR] Verify complete
2015-01-15 18:54:37, Info CSI 0000013e [SR] Verifying 100 (0x00000064) components
2015-01-15 18:54:37, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2015-01-15 18:54:51, Info CSI 00000140 Ignoring duplicate ownership for directory [l:72{36}]"\??\C:\Program Files\DVD Maker\en-US" in component Microsoft-Windows-OpticalMediaDisc-API.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:54:53, Info CSI 00000141 Repair results created:
POQ 57 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\31ad33cb3731d001611900008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\31ad33cb3731d001621900008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\f16f38cb3731d001631900008c13c807.program_files_dvd_maker_405775de8763ce75.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_405775de8763ce75.cdf-ms"
3: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\f16f38cb3731d001641900008c13c807.program_files_dvd_maker_shared_a54613779b918be2.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_a54613779b918be2.cdf-ms"
4: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\51d13acb3731d001651900008c13c807.program_files_dvd_maker_shared_dvdstyles_5fb67e37dd207bb6.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_5fb67e37dd207bb6.cdf-ms"
5: Move File: Source = [l:300{150}]"\SystemRoot\WinSxS\Temp\PendingRenames\51d13acb3731d001661900008c13c807.program_files_dvd_maker_shared_dvdstyles_layeredtitles_c4062449752ea4b1.cdf-ms", Destination = [l:212{106}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_layeredtitles_c4062449752ea4b1.cdf-ms"
6: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\f37a4bcb3731d001671900008c13c807.program_files_dvd_maker_shared_dvdstyles_travel_c63680851907e918.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_travel_c63680851907e918.cdf-ms"
7: Move File: Source = [l:290{145}]"\Sy
2015-01-15 18:54:53, Info CSI stemRoot\WinSxS\Temp\PendingRenames\149f52cb3731d001681900008c13c807.program_files_dvd_maker_shared_dvdstyles_memories_f44b6a98846b15a5.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_memories_f44b6a98846b15a5.cdf-ms"
8: Move File: Source = [l:282{141}]"\SystemRoot\WinSxS\Temp\PendingRenames\d76c6acb3731d001691900008c13c807.program_files_dvd_maker_shared_dvdstyles_pets_8bfb87d82731d4bc.cdf-ms", Destination = [l:194{97}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_pets_8bfb87d82731d4bc.cdf-ms"
9: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\f89071cb3731d0016a1900008c13c807.program_files_dvd_maker_shared_dvdstyles_resizingpanels_d3ead0ed83352928.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_resizingpanels_d3ead0ed83352928.cdf-ms"
10: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\6a4a0ccc3731d0016b1900008c13c807.program_files_dvd_maker_shared_dvdstyles_sports_c6567ebf18c8e989.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_sports_c6567ebf18c8e989.cdf-ms"
11: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\caab0ecc3731d0016c1900008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
12: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\edda28cc3731d0016d1900008c13c807.program_files_dvd_maker_shared_dvdstyles_babygirl_08d06a5a64874f02.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_babygirl_08d06a5a64874f02.cdf-ms"
13: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\939a5fcc3731d0016e1900008c13c807.program_files_dvd_maker_en-us_5c61cfeeeb9f5061.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_en-us_5c61cfeeeb9f5061.cdf-ms"
14: Move File: Source =
2015-01-15 18:54:53, Info CSI [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\142069cc3731d0016f1900008c13c807.program_files_dvd_maker_shared_dvdstyles_babyboy_c89d1dc244d4409a.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_babyboy_c89d1dc244d4409a.cdf-ms"
15: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\74816bcc3731d001701900008c13c807.program_files_dvd_maker_shared_dvdstyles_videowall_3cbc91699310ec3d.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_videowall_3cbc91699310ec3d.cdf-ms"
16: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\566877cc3731d001711900008c13c807.program_files_dvd_maker_shared_dvdstyles_oldage_c6de81a917a8cf68.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_oldage_c6de81a917a8cf68.cdf-ms"
17: Move File: Source = [l:282{141}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7ed80cc3731d001721900008c13c807.program_files_dvd_maker_shared_dvdstyles_push_8bfb73162731f37e.cdf-ms", Destination = [l:194{97}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_push_8bfb73162731f37e.cdf-ms"
18: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\374f83cc3731d001731900008c13c807.program_files_dvd_maker_shared_dvdstyles_flippage_f73c094c7f16edbe.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_flippage_f73c094c7f16edbe.cdf-ms"
19: Move File: Source = [l:304{152}]"\SystemRoot\WinSxS\Temp\PendingRenames\f81188cc3731d001741900008c13c807.program_files_dvd_maker_shared_dvdstyles_specialoccasion_e32b316f8a75bd6e.cdf-ms", Destination = [l:216{108}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_specialoccasion_e32b316f8a75bd6e.cdf-ms"
20: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\58738acc3731d001751900008c13c807.program_files_dvd_maker_shared_dvdstyles_vi
2015-01-15 18:54:53, Info CSI gnette_f1288c9089f4958a.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_vignette_f1288c9089f4958a.cdf-ms"
21: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\88e416cd3731d001761900008c13c807.program_files_dvd_maker_shared_dvdstyles_performance_62d38a628f8404ee.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_performance_62d38a628f8404ee.cdf-ms"
22: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\ca2c25cd3731d001771900008c13c807.program_files_dvd_maker_shared_dvdstyles_huecycle_de51e7f0a4721fb8.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_huecycle_de51e7f0a4721fb8.cdf-ms"
23: Move File: Source = [l:294{147}]"\SystemRoot\WinSxS\Temp\PendingRenames\6ee148cd3731d001781900008c13c807.program_files_dvd_maker_shared_dvdstyles_rectangles_5bea48dc003ff122.cdf-ms", Destination = [l:206{103}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_rectangles_5bea48dc003ff122.cdf-ms"
24: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\8f0550cd3731d001791900008c13c807.program_files_dvd_maker_shared_dvdstyles_stacking_dcc38bcea7f2f1e4.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_stacking_dcc38bcea7f2f1e4.cdf-ms"
25: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\58f4a0cd3731d0017a1900008c13c807.program_files_dvd_maker_shared_dvdstyles_shatter_c6467e7e49f697fb.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdstyles_shatter_c6467e7e49f697fb.cdf-ms"
26: Move File: Source = [l:282{141}]"\SystemRoot\WinSxS\Temp\PendingRenames\d979aacd3731d0017b1900008c13c807.program_files_dvd_maker_shared_dvdstyles_full_8bfb7c162731e4e9.cdf-ms", Destination = [l:194{97}]"\SystemRoot\WinSxS\FileMaps\program_files_dvd_maker_shared_dvdsty
2015-01-15 18:54:53, Info CSI les_full_8bfb7c162731e4e9.cdf-ms"

POQ 57 ends.
2015-01-15 18:54:53, Info CSI 00000142 [SR] Verify complete
2015-01-15 18:54:54, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:54:54, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2015-01-15 18:55:02, Info CSI 00000145 Repair results created:
POQ 58 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\5d0e21d23731d001e01900008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:346{173}]"\SystemRoot\WinSxS\Temp\PendingRenames\bd6f23d23731d001e11900008c13c807.programdata_microsoft_device_stage_task_e35be42d-f742-4d96-a50a-1775fb1a7a42__96ac8d0751fb5c2c.cdf-ms", Destination = [l:258{129}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_task_e35be42d-f742-4d96-a50a-1775fb1a7a42__96ac8d0751fb5c2c.cdf-ms"
2: Move File: Source = [l:356{178}]"\SystemRoot\WinSxS\Temp\PendingRenames\1dd125d23731d001e21900008c13c807.programdata_microsoft_device_stage_task_e35be42d-f742-4d96-a50a-1775fb1a7a42_en-us_98bc184903c637fe.cdf-ms", Destination = [l:268{134}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_task_e35be42d-f742-4d96-a50a-1775fb1a7a42_en-us_98bc184903c637fe.cdf-ms"
3: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\803d3bd23731d001e31900008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
4: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\01c344d23731d001e41900008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
5: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\c18549d23731d001e51900008c13c807.$$_system32_printing_admin_scripts_en-us_f242a041737eb912.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\$$_system32_printing_admin_scripts_en-us_f242a041737eb912.cdf-ms"
6: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\845361d23731d001e61900008c13c807.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms"

2015-01-15 18:55:02, Info CSI 7: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\e4b463d23731d001e71900008c13c807.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms"
8: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\653a6dd23731d001e81900008c13c807.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms"
9: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\26fd71d23731d001e91900008c13c807.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms"
10: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\e9ca89d23731d001ea1900008c13c807.$$_system32_spool_tools_e03b2d8f300154a4.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spool_tools_e03b2d8f300154a4.cdf-ms"
11: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\492c8cd23731d001eb1900008c13c807.$$_system32_spool_tools_en-us_103725fe114f4888.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spool_tools_en-us_103725fe114f4888.cdf-ms"
12: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\1010cad23731d001ec1900008c13c807.$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms"
13: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\7071ccd23731d001ed1900008c13c807.$$_system32_windowspowershell_v1.0_en-us_028e6949cac04f1d.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_en-us_028e6949cac04f1d.cdf-ms"
14: Move File: Source = [l:242{121}]"\SystemRoot\Win
2015-01-15 18:55:02, Info CSI SxS\Temp\PendingRenames\9195d3d23731d001ee1900008c13c807.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms"
15: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\f2f6d5d23731d001ef1900008c13c807.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms"
16: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\566efed23731d001f01900008c13c807.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms"
17: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6cf00d33731d001f11900008c13c807.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms"
18: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\779205d33731d001f21900008c13c807.$$_pla_reports_a2604845b2b380ca.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_pla_reports_a2604845b2b380ca.cdf-ms"
19: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7f307d33731d001f31900008c13c807.$$_pla_reports_en-us_04eb81229a78dfb4.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_pla_reports_en-us_04eb81229a78dfb4.cdf-ms"
20: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7f307d33731d001f41900008c13c807.$$_pla_rules_0bde462ce96f215e.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_pla_rules_0bde462ce96f215e.cdf-ms"
21: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7f307d33731d001f51900008c13c807.$$_pla_rules_en-us_8cd2a7c250e636a2.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_pla_rules_
2015-01-15 18:55:02, Info CSI en-us_8cd2a7c250e636a2.cdf-ms"
22: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\3a601dd33731d001f61900008c13c807.$$_system32_spool_tools_microsoft_xps_document_writer_6c7957555c36cebb.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spool_tools_microsoft_xps_document_writer_6c7957555c36cebb.cdf-ms"

POQ 58 ends.
2015-01-15 18:55:02, Info CSI 00000146 [SR] Verify complete
2015-01-15 18:55:03, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:55:03, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2015-01-15 18:55:07, Info CSI 00000149 Repair results created:
POQ 59 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\84d6a4d53731d0015b1a00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\4599a9d53731d0015c1a00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\2680b5d53731d0015d1a00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\47a4bcd53731d0015e1a00008c13c807.$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms"
4: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\a705bfd53731d0015f1a00008c13c807.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms"
5: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\a705bfd53731d001601a00008c13c807.$$_pla_reports_a2604845b2b380ca.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_pla_reports_a2604845b2b380ca.cdf-ms"
6: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\0867c1d53731d001611a00008c13c807.$$_pla_rules_0bde462ce96f215e.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_pla_rules_0bde462ce96f215e.cdf-ms"
7: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\0c7de7d53731d001621a00008c13c807.$$_system32_spool_tools_e03b2d8f300154a4.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spool_tools_e03b2d8f300154a4.cdf-ms"
8: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Tem
2015-01-15 18:55:07, Info CSI p\PendingRenames\6cdee9d53731d001631a00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
9: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\2da1eed53731d001641a00008c13c807.$$_inf_pnrpsvc_3932681b8fb41c9d.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_inf_pnrpsvc_3932681b8fb41c9d.cdf-ms"
10: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\2da1eed53731d001651a00008c13c807.$$_inf_pnrpsvc_0409_437342b1fe2eac8a.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_pnrpsvc_0409_437342b1fe2eac8a.cdf-ms"
11: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\ae26f8d53731d001661a00008c13c807.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms"

POQ 59 ends.
2015-01-15 18:55:07, Info CSI 0000014a [SR] Verify complete
2015-01-15 18:55:08, Info CSI 0000014b [SR] Verifying 100 (0x00000064) components
2015-01-15 18:55:08, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2015-01-15 18:55:13, Info CSI 0000014d Repair results created:
POQ 60 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\451cedd83731d001cb1a00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\451cedd83731d001cc1a00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c6a1f6d83731d001cd1a00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\c8ac09d93731d001ce1a00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
4: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\e9d010d93731d001cf1a00008c13c807.program_files_windows_photo_viewer_6eb173d8debcda9a.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_photo_viewer_6eb173d8debcda9a.cdf-ms"
5: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\2b191fd93731d001d01a00008c13c807.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms"
6: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\ebdb23d93731d001d11a00008c13c807.program_files_windows_photo_viewer_en-us_bb1893748d4240dc.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_photo_viewer_en-us_bb1893748d4240dc.cdf-ms"
7: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\8d8534d93731d001d21a00008c13c807.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_diagnos
2015-01-15 18:55:13, Info CSI tics_system_performance_d48bf95b5c828123.cdf-ms"
8: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\0e0b3ed93731d001d31a00008c13c807.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms"
9: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\b0b44ed93731d001d41a00008c13c807.$$_system32_spool_drivers_w32x86_3_8416c27bd490b8bd.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spool_drivers_w32x86_3_8416c27bd490b8bd.cdf-ms"
10: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\f2fc5cd93731d001d51a00008c13c807.programdata_microsoft_windows_devicemetadatastore_en-us_cc94fe8746890b55.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_en-us_cc94fe8746890b55.cdf-ms"
11: Move File: Source = [l:346{173}]"\SystemRoot\WinSxS\Temp\PendingRenames\f2fc5cd93731d001d61a00008c13c807.programdata_microsoft_device_stage_task_e35be42d-f742-4d96-a50a-1775fb1a7a42__96ac8d0751fb5c2c.cdf-ms", Destination = [l:258{129}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_task_e35be42d-f742-4d96-a50a-1775fb1a7a42__96ac8d0751fb5c2c.cdf-ms"
12: Move File: Source = [l:350{175}]"\SystemRoot\WinSxS\Temp\PendingRenames\f2fc5cd93731d001d71a00008c13c807.programdata_microsoft_device_stage_device_113527a4-45d4-4b6f-b567-97838f1b04b0__5d055d2c3e7e3719.cdf-ms", Destination = [l:262{131}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_device_113527a4-45d4-4b6f-b567-97838f1b04b0__5d055d2c3e7e3719.cdf-ms"
13: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\36507ed93731d001d81a00008c13c807.$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms"
14: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS
2015-01-15 18:55:13, Info CSI \Temp\PendingRenames\19429dd93731d001d91a00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
15: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\7aa39fd93731d001da1a00008c13c807.$$_inf_pnrpsvc_3932681b8fb41c9d.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_inf_pnrpsvc_3932681b8fb41c9d.cdf-ms"
16: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\7aa39fd93731d001db1a00008c13c807.$$_inf_pnrpsvc_0000_43733b07fe2eb83f.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_pnrpsvc_0000_43733b07fe2eb83f.cdf-ms"
17: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{15547833-e568-43c4-b74d-4e1efd035af7}", Type = REG_SZ (1), Data = {l:106 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c007300700070006e0070002e0064006c006c002c0053007900730070007200650070005f00470065006e006500720061006c0069007a0065005f0050006e0070000000}
18: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{15547833-e568-43c4-a63c-82c27e3d227b}", Type = REG_SZ (1), Data = {l:106 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c007300700070006e0070002e0064006c006c002c0053007900730070007200650070005f005300700065006300690061006c0069007a0065005f0050006e0070000000}

POQ 60 ends.
2015-01-15 18:55:13, Info CSI 0000014e [SR] Verify complete
2015-01-15 18:55:14, Info CSI 0000014f [SR] Verifying 100 (0x00000064) components
2015-01-15 18:55:14, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2015-01-15 18:55:17, Info CSI 00000151 Repair results created:
POQ 61 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b3c18edb3731d001401b00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\152ea4db3731d001411b00008c13c807.programdata_microsoft_network_connections_2e5c3accd04dd407.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_network_connections_2e5c3accd04dd407.cdf-ms"

POQ 61 ends.
2015-01-15 18:55:17, Info CSI 00000152 [SR] Verify complete
2015-01-15 18:55:17, Info CSI 00000153 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:55:17, Info CSI 00000154 [SR] Beginning Verify and Repair transaction
2015-01-15 18:55:24, Info CSI 00000155 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\setup" in component Microsoft-Windows-RasConnectionManager, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:55:24, Info CSI 00000156 Repair results created:
POQ 62 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\eeecbddf3731d001a61b00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\aeafc2df3731d001a71b00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\6f72c7df3731d001a81b00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\cfd3c9df3731d001a91b00008c13c807.$$_inf_remoteaccess_110554180baafc8b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_remoteaccess_110554180baafc8b.cdf-ms"
4: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\cfd3c9df3731d001aa1b00008c13c807.$$_inf_remoteaccess_0000_86bc982ae65d5d49.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_remoteaccess_0000_86bc982ae65d5d49.cdf-ms"
5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\f202e4df3731d001ab1b00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\b3c5e8df3731d001ac1b00008c13c807.$$_system32_setup_5d3758a05cf4a445.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms"
7: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\b5d0fbdf3731d001ad1b00008c13c807.$$_system32_ras_06656461d047b86c.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ras_06656461d047b86c.cdf-ms"
8: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\da0a29e
2015-01-15 18:55:24, Info CSI 03731d001ae1b00008c13c807.$$_system32_migration_927a21df1acd7c18.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms"
9: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\9bcd2de03731d001af1b00008c13c807.$$_system32_migration_wsmt_rras_replacementmanifests_475f557ec0a59abb.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_wsmt_rras_replacementmanifests_475f557ec0a59abb.cdf-ms"
10: Move File: Source = [l:366{183}]"\SystemRoot\WinSxS\Temp\PendingRenames\fb2e30e03731d001b01b00008c13c807.$$_system32_migration_wsmt_rras_replacementmanifests_microsoft-windows-rasapi-migplugin_4c5cfbc1ceebb383.cdf-ms", Destination = [l:278{139}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_wsmt_rras_replacementmanifests_microsoft-windows-rasapi-migplugin_4c5cfbc1ceebb383.cdf-ms"
11: Move File: Source = [l:372{186}]"\SystemRoot\WinSxS\Temp\PendingRenames\bcf134e03731d001b11b00008c13c807.$$_system32_migration_wsmt_rras_replacementmanifests_microsoft-windows-rasserver-migplugin_b1d9b81e0b884bcc.cdf-ms", Destination = [l:284{142}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_wsmt_rras_replacementmanifests_microsoft-windows-rasserver-migplugin_b1d9b81e0b884bcc.cdf-ms"
12: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\7cb439e03731d001b21b00008c13c807.$$_system32_migration_wsmt_rras_dlmanifests_3797d36d4dbe18ed.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_wsmt_rras_dlmanifests_3797d36d4dbe18ed.cdf-ms"
13: Move File: Source = [l:354{177}]"\SystemRoot\WinSxS\Temp\PendingRenames\dc153ce03731d001b31b00008c13c807.$$_system32_migration_wsmt_rras_dlmanifests_microsoft-windows-rasserver-migplugin_60ef4b1ac8368ae4.cdf-ms", Destination = [l:266{133}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_wsmt_rras_dlmanifests_microsoft-windows-rasserver-migplugin_60ef4b1ac8368ae4.cdf-ms"
14: Move File: Source = [l:212{106}]"\SystemRoot\WinSx
2015-01-15 18:55:24, Info CSI S\Temp\PendingRenames\fd3943e03731d001b41b00008c13c807.$$_tracing_bca9e27848ac4cc0.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_tracing_bca9e27848ac4cc0.cdf-ms"

spypcsense
2015-01-16, 05:26
Call it a night?

Here's part 3 but I'm feeling guilty taking up so much of your time. How about we continue this tomorrow or ??

POQ 62 ends.
2015-01-15 18:55:24, Info CSI 00000157 [SR] Verify complete
2015-01-15 18:55:25, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:55:25, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2015-01-15 18:55:57, Info CSI 0000015a Repair results created:
POQ 63 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c52535e93731d001191c00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\85e839e93731d0011a1c00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\066e43e93731d0011b1c00008c13c807.$$_web_3f580d25a4c8e0a0.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_web_3f580d25a4c8e0a0.cdf-ms"
3: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\67cf45e93731d0011c1c00008c13c807.$$_web_wallpaper_landscapes_dd1321c96ffce30a.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_web_wallpaper_landscapes_dd1321c96ffce30a.cdf-ms"
4: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\d05ec1eb3731d0011d1c00008c13c807.$$_speech_engines_sr_en-gb_3201b387cd317f4d.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_speech_engines_sr_en-gb_3201b387cd317f4d.cdf-ms"
5: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\f182c8eb3731d0011e1c00008c13c807.$$_speech_engines_lexicon_en-gb_bd71d721f658dd56.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_speech_engines_lexicon_en-gb_bd71d721f658dd56.cdf-ms"
6: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\9537eceb3731d0011f1c00008c13c807.$$_media_401039ffa1d92906.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms"
7: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\f598eeeb3731d001201c00008c13c807.$$_media_calligraphy_7b7c7a996fa5cd3c.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_media_calligraphy_7b7c7a996fa5cd3c.cdf-ms"
8: Move File: Source = [l:204{
2015-01-15 18:55:57, Info CSI 102}]"\SystemRoot\WinSxS\Temp\PendingRenames\55faf0eb3731d001211c00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
9: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\b65bf3eb3731d001221c00008c13c807.$$_inf_rdyboost_95e76b07334dd353.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_rdyboost_95e76b07334dd353.cdf-ms"
10: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\16bdf5eb3731d001231c00008c13c807.$$_inf_rdyboost_0409_50c6198d7330ca6a.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_rdyboost_0409_50c6198d7330ca6a.cdf-ms"
11: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\5ca09af13731d001241c00008c13c807.$$_speech_engines_sr_en-us_3201cbb7cd315cd0.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_speech_engines_sr_en-us_3201cbb7cd315cd0.cdf-ms"
12: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\bc019df13731d001251c00008c13c807.$$_speech_engines_lexicon_en-us_bd71d54bf658e12b.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_speech_engines_lexicon_en-us_bd71d54bf658e12b.cdf-ms"
13: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\1d639ff13731d001261c00008c13c807.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
14: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\dd25a4f13731d001271c00008c13c807.$$_ehome_createdisc_ed3f8f2e7a4426af.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_ed3f8f2e7a4426af.cdf-ms"
15: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\9ee8a8f13731d001281c00008c13c807.$$_ehome_createdisc_sfxplugins_5b043573249413c8.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_sfxplugins_5b043573249413c8.cdf-ms"
16
2015-01-15 18:55:57, Info CSI : Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\2384d8f13731d001291c00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
17: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\44a8dff13731d0012a1c00008c13c807.$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms"
18: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\056be4f13731d0012b1c00008c13c807.$$_system32_speech_speechux_en-us_84f7db2c593a03f7.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_speechux_en-us_84f7db2c593a03f7.cdf-ms"
19: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\4dd42bf23731d0012c1c00008c13c807.$$_media_quirky_6baa21a590d24b57.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_media_quirky_6baa21a590d24b57.cdf-ms"
20: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\ef7d3cf23731d0012d1c00008c13c807.$$_system32_spp_tokens_identity_11b267e2f2add041.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_tokens_identity_11b267e2f2add041.cdf-ms"
21: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\d06448f23731d0012e1c00008c13c807.$$_media_garden_6cea56938e5bd6b1.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_media_garden_6cea56938e5bd6b1.cdf-ms"
22: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\30c64af23731d0012f1c00008c13c807.$$_ehome_createdisc_filters_5fe1b967f204215a.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_filters_5fe1b967f204215a.cdf-ms"
23: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\b24b54f23731d001301c00008c13c807.$$_media_sonata_6b55eb3f91aab49e.cdf-ms", Destination = [l:134{67}]"\SystemR
2015-01-15 18:55:57, Info CSI oot\WinSxS\FileMaps\$$_media_sonata_6b55eb3f91aab49e.cdf-ms"
24: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2f071f33731d001311c00008c13c807.$$_web_wallpaper_characters_a0a6ad47bc54d5d2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_web_wallpaper_characters_a0a6ad47bc54d5d2.cdf-ms"
25: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\355d87f33731d001321c00008c13c807.$$_system32_spp_tokens_issuance_2c48fd0ccc1c41cc.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_tokens_issuance_2c48fd0ccc1c41cc.cdf-ms"
26: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\1f70dff33731d001331c00008c13c807.$$_system32_speech_speechux_en-gb_84f7bae6593a3452.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_speechux_en-gb_84f7bae6593a3452.cdf-ms"

POQ 63 ends.
2015-01-15 18:55:57, Info CSI 0000015b [SR] Verify complete
2015-01-15 18:55:58, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2015-01-15 18:55:58, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2015-01-15 18:56:14, Info CSI 0000015e Ignoring duplicate ownership for directory [l:72{36}]"\??\C:\Windows\Web\Wallpaper\Windows" in component Microsoft-Windows-Shell-Wallpaper-Windows, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:56:19, Info CSI 0000015f Repair results created:
POQ 64 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\1ff77cfb3731d001981c00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\1ff77cfb3731d001991c00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:268{134}]"\SystemRoot\WinSxS\Temp\PendingRenames\80587ffb3731d0019a1c00008c13c807.program_files_microsoft_games_freecell_8a64219b3898a872.cdf-ms", Destination = [l:180{90}]"\SystemRoot\WinSxS\FileMaps\program_files_microsoft_games_freecell_8a64219b3898a872.cdf-ms"
3: Set File Information: File = [l:90{45}]"\??\C:\Program Files\Microsoft Games\FreeCell", Attributes = 00000080
4: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\f41c2dfc3731d0019b1c00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
5: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\f41c2dfc3731d0019c1c00008c13c807.$$_web_3f580d25a4c8e0a0.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_web_3f580d25a4c8e0a0.cdf-ms"
6: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\547e2ffc3731d0019d1c00008c13c807.$$_web_wallpaper_architecture_7e5377d6faf00937.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_web_wallpaper_architecture_7e5377d6faf00937.cdf-ms"
7: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\d50339fc3731d0019e1c00008c13c807.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms"
8: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\9a5d7afd3731d0019f1c00008c13c807.program_files_microsoft_games_mahjong_dcfa9fdbc2
2015-01-15 18:56:19, Info CSI dc0658.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_microsoft_games_mahjong_dcfa9fdbc2dc0658.cdf-ms"
9: Set File Information: File = [l:88{44}]"\??\C:\Program Files\Microsoft Games\Mahjong", Attributes = 00000080
10: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c078bfd3731d001a01c00008c13c807.program_files_microsoft_games_solitaire_9f0b32c582494770.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\program_files_microsoft_games_solitaire_9f0b32c582494770.cdf-ms"
11: Set File Information: File = [l:92{46}]"\??\C:\Program Files\Microsoft Games\Solitaire", Attributes = 00000080
12: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\5d2b92fd3731d001a11c00008c13c807.$$_web_wallpaper_windows_bcf8a09f6400ad61.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_web_wallpaper_windows_bcf8a09f6400ad61.cdf-ms"
13: Set File Information: File = [l:72{36}]"\??\C:\Windows\Web\Wallpaper\Windows", Attributes = 00000081
14: Move File: Source = [l:248{124}]"\SystemRoot\WinSxS\Temp\PendingRenames\ffd4a2fd3731d001a21c00008c13c807.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms", Destination = [l:160{80}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms"
15: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\20f9a9fd3731d001a31c00008c13c807.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms"
16: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\a17eb3fd3731d001a41c00008c13c807.$$_media_401039ffa1d92906.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms"
17: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\6141b8fd3731d001a51c00008c13c807.$$_media_characters_8ee06d90f7dead3a.cdf-ms", Destination = [l:142{71}]"\SystemRoot
2015-01-15 18:56:19, Info CSI \WinSxS\FileMaps\$$_media_characters_8ee06d90f7dead3a.cdf-ms"
18: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\03ebc8fd3731d001a61c00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
19: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4adcdfd3731d001a71c00008c13c807.$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms"
20: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\9a5fa7ff3731d001a81c00008c13c807.program_files_microsoft_games_chess_f208efe92d96a840.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\program_files_microsoft_games_chess_f208efe92d96a840.cdf-ms"
21: Set File Information: File = [l:84{42}]"\??\C:\Program Files\Microsoft Games\Chess", Attributes = 00000080
22: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\7c46b3ff3731d001a91c00008c13c807.$$_prefetch_1688e4e8b2f89473.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_1688e4e8b2f89473.cdf-ms"
23: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c09b8ff3731d001aa1c00008c13c807.$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms"
24: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c09b8ff3731d001ab1c00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
25: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\9c6abaff3731d001ac1c00008c13c807.$$_inf_rdyboost_95e76b07334dd353.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_rdyboost_95e76b07334dd353.cdf-ms"
26: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\Pendi
2015-01-15 18:56:19, Info CSI ngRenames\fdcbbcff3731d001ad1c00008c13c807.$$_inf_rdyboost_0000_50c61a1d7330c91d.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_rdyboost_0000_50c61a1d7330c91d.cdf-ms"
27: Set File Information: File = [l:46{23}]"\??\C:\Windows\prefetch", Attributes = 00000080
28: Move File: Source = [l:282{141}]"\SystemRoot\WinSxS\Temp\PendingRenames\1ef0c3ff3731d001ae1c00008c13c807.program_files_microsoft_games_spidersolitaire_90112e27328c9411.cdf-ms", Destination = [l:194{97}]"\SystemRoot\WinSxS\FileMaps\program_files_microsoft_games_spidersolitaire_90112e27328c9411.cdf-ms"
29: Set File Information: File = [l:104{52}]"\??\C:\Program Files\Microsoft Games\SpiderSolitaire", Attributes = 00000080
30: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\cad033003831d001af1c00008c13c807.$$_media_delta_0f36d7d9b4f7293c.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_media_delta_0f36d7d9b4f7293c.cdf-ms"
31: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\2d3d49003831d001b01c00008c13c807.program_files_microsoft_games_hearts_f212eaeda359a1b3.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_microsoft_games_hearts_f212eaeda359a1b3.cdf-ms"
32: Set File Information: File = [l:86{43}]"\??\C:\Program Files\Microsoft Games\Hearts", Attributes = 00000080
33: Move File: Source = [l:326{163}]"\SystemRoot\WinSxS\Temp\PendingRenames\71906a003831d001b11c00008c13c807.$$_system32_spp_tokens_skus_security-spp-component-sku-professional_b76e8f28df7dd879.cdf-ms", Destination = [l:238{119}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_tokens_skus_security-spp-component-sku-professional_b76e8f28df7dd879.cdf-ms"
34: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{3e796be2-5c36-3f55-5fbc-2ce1ce25c0e2}", Type = REG_SZ (1), Data = {l:102 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c007300790
2015-01-15 18:56:19, Info CSI 073006d00610069006e002e0064006c006c002c005000660053007600530079007300700072006500700043006c00650061006e00750070000000}

POQ 64 ends.
2015-01-15 18:56:19, Info CSI 00000160 [SR] Verify complete
2015-01-15 18:56:19, Info CSI 00000161 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:56:19, Info CSI 00000162 [SR] Beginning Verify and Repair transaction
2015-01-15 18:56:24, Info CSI 00000163 Repair results created:
POQ 65 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4323e033831d001161d00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4323e033831d001171d00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\45b847033831d001181d00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\47c35a033831d001191d00008c13c807.$$_system32_slmgr_0409_c09c721c0002fb96.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_slmgr_0409_c09c721c0002fb96.cdf-ms"
4: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\cb5377033831d0011a1d00008c13c807.$$_media_401039ffa1d92906.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8b167c033831d0011b1d00008c13c807.$$_media_festival_d2aa354bee3f11cc.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_media_festival_d2aa354bee3f11cc.cdf-ms"
6: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\cd5e8a033831d0011c1d00008c13c807.$$_system32_spp_tokens_pkeyconfig_d8fc0830c525895a.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_tokens_pkeyconfig_d8fc0830c525895a.cdf-ms"
7: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\8d218f033831d0011d1d00008c13c807.$$_security_fe3ad40cd6e08c7c.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_security_fe3ad40cd6e08c7c.cdf-ms"
8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\Pe
2015-01-15 18:56:24, Info CSI ndingRenames\ae4596033831d0011e1d00008c13c807.$$_security_audit_073f574e8f328f85.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_security_audit_073f574e8f328f85.cdf-ms"
9: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\9442c8033831d0011f1d00008c13c807.$$_media_savanna_6b39e54d8ae1e5ca.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_media_savanna_6b39e54d8ae1e5ca.cdf-ms"
10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\7529d4033831d001201d00008c13c807.$$_media_heritage_bd7af0f60e3b0705.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_media_heritage_bd7af0f60e3b0705.cdf-ms"
11: Move File: Source = [l:268{134}]"\SystemRoot\WinSxS\Temp\PendingRenames\d68ad6033831d001211d00008c13c807.$$_globalization_els_spelldictionaries_f8bab08f83431341.cdf-ms", Destination = [l:180{90}]"\SystemRoot\WinSxS\FileMaps\$$_globalization_els_spelldictionaries_f8bab08f83431341.cdf-ms"

POQ 65 ends.
2015-01-15 18:56:24, Info CSI 00000164 [SR] Verify complete
2015-01-15 18:56:24, Info CSI 00000165 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:56:24, Info CSI 00000166 [SR] Beginning Verify and Repair transaction
2015-01-15 18:56:32, Info CSI 00000167 Repair results created:
POQ 66 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\3d9055073831d001861d00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\9df157073831d001871d00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\5db45c073831d001881d00008c13c807.$$_media_401039ffa1d92906.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms"
3: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\be155f073831d001891d00008c13c807.$$_media_cityscape_b0cbff7c81824cc5.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_media_cityscape_b0cbff7c81824cc5.cdf-ms"
4: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\e14479073831d0018a1d00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\016980073831d0018b1d00008c13c807.$$_system32_sppui_5d3749c25cf4bbd3.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sppui_5d3749c25cf4bbd3.cdf-ms"
6: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\c43698073831d0018c1d00008c13c807.$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms"
7: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\85f99c073831d0018d1d00008c13c807.$$_system32_speech_speechux_en-us_84f7db2c593a03f7.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_speechux_en-us_84f7db2c593a03f7.cdf-ms"
8: Move File: Source = [l:228{114}]"\S
2015-01-15 18:56:32, Info CSI ystemRoot\WinSxS\Temp\PendingRenames\e765b2073831d0018e1d00008c13c807.$$_media_landscape_e9488ca8249a3acf.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_media_landscape_e9488ca8249a3acf.cdf-ms"
9: Move File: Source = [l:248{124}]"\SystemRoot\WinSxS\Temp\PendingRenames\2dc4e6073831d0018f1d00008c13c807.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms", Destination = [l:160{80}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms"
10: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\52fe13083831d001901d00008c13c807.$$_media_afternoon_ae5d080a6a887942.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_media_afternoon_ae5d080a6a887942.cdf-ms"
11: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\944622083831d001911d00008c13c807.$$_security_fe3ad40cd6e08c7c.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_security_fe3ad40cd6e08c7c.cdf-ms"
12: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0a188083831d001921d00008c13c807.$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms"
13: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{375d881d-4c47-3a15-88bf-66c14455b53b}", Type = REG_SZ (1), Data = {l:84 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0073006300650063006c0069002e0064006c006c002c0053006300650053007900730050007200650070000000}

POQ 66 ends.
2015-01-15 18:56:32, Info CSI 00000168 [SR] Verify complete
2015-01-15 18:56:32, Info CSI 00000169 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:56:32, Info CSI 0000016a [SR] Beginning Verify and Repair transaction
2015-01-15 18:56:47, Info CSI 0000016b Ignoring duplicate ownership for directory [l:44{22}]"\??\C:\Windows\Cursors" in component Microsoft-Windows-Shell-Cursors, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:56:48, Info CSI 0000016c Repair results created:
POQ 67 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\571cee103831d001f71d00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\7840f5103831d001f81d00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\f9c5fe103831d001f91d00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\ba8803113831d001fa1d00008c13c807.$$_system32_icsxml_1f8f393b196e65ae.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_system32_icsxml_1f8f393b196e65ae.cdf-ms"
4: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\e1cd43113831d001fb1d00008c13c807.$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms"
5: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\c7ca75113831d001fc1d00008c13c807.$$_cursors_bff8b8b245707919.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_cursors_bff8b8b245707919.cdf-ms"
6: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\4c66a5113831d001fd1d00008c13c807.$$_web_3f580d25a4c8e0a0.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_web_3f580d25a4c8e0a0.cdf-ms"
7: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\adc7a7113831d001fe1d00008c13c807.$$_web_wallpaper_scenes_bd7cd5771e94d62b.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_web_wallpaper_scenes_bd7cd5771e94d62b.cdf-ms"
8: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenam
2015-01-15 18:56:48, Info CSI es\ee0fb6113831d001ff1d00008c13c807.$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms"
9: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\b8fe06123831d001001e00008c13c807.$$_web_wallpaper_nature_be2d0c211d1167a9.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_web_wallpaper_nature_be2d0c211d1167a9.cdf-ms"
10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\dd3834123831d001011e00008c13c807.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
11: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\df4347123831d001021e00008c13c807.$$_media_401039ffa1d92906.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms"
12: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\3fa549123831d001031e00008c13c807.$$_media_raga_d0fd3c9ac0f8ab1b.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\$$_media_raga_d0fd3c9ac0f8ab1b.cdf-ms"
13: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{7f350bf1-c163-1c68-533f-7db889fff253}", Type = REG_SZ (1), Data = {l:86 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0073006c0063002e0064006c006c002c0053004c0052006500410072006d00570069006e0064006f00770073000000}
14: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{47e247a7-3c97-d462-3200-c2f12d89732a}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0073006800730065007400750070002e0064006c006c002c0053007900730070007200650070005f0043006c00650061006e00750070005f005300680065006c006c000000}

2015-01-15 18:56:48, Info CSI 15: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{47e247a7-3c97-d462-5ee6-b970cace3cd8}", Type = REG_SZ (1), Data = {l:114 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0073006800730065007400750070002e0064006c006c002c0053007900730070007200650070005f00470065006e006500720061006c0069007a0065005f005300680065006c006c000000}
16: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{47e247a7-3c97-d462-0753-7a178cea9807}", Type = REG_SZ (1), Data = {l:114 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0073006800730065007400750070002e0064006c006c002c0053007900730070007200650070005f005300700065006300690061006c0069007a0065005f005300680065006c006c000000}
17: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{0b8461a2-e83a-3433-4561-c2be81045f3e}", Type = REG_SZ (1), Data = {l:140 ml:140 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c006f006f00620065005c00770069006e007300650074007500..53007000530065007400750070004f006e006c0069006e006500530065007400740069006e00670073005300700065006300690061006c0069007a0065000000}

POQ 67 ends.
2015-01-15 18:56:48, Info CSI 0000016d [SR] Verify complete
2015-01-15 18:56:49, Info CSI 0000016e [SR] Verifying 100 (0x00000064) components
2015-01-15 18:56:49, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2015-01-15 18:56:59, Info CSI 00000170 Repair results created:
POQ 68 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\18e34c153831d001681e00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\18e34c153831d001691e00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\78444f153831d0016a1e00008c13c807.program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_8d6dbc4becba56da.cdf-ms"
3: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\390754153831d0016b1e00008c13c807.program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_gadgets_265d2ddf4d58a723.cdf-ms"
4: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\5a2b5b153831d0016c1e00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\dbb064153831d0016d1e00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
6: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\3b1267153831d0016e1e00008c13c807.$$_system32_smi_schema_b445cd341d59fadc.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_smi_schema_b445cd341d59fadc.cdf-ms"
7: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\ddbb77153831d0016f1e00008c13c807.$$_system32_spp_tokens_channels_ocur_c1b54526a616e8b6.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\$$_system32_spp_tokens_channels_ocur_
2015-01-15 18:56:59, Info CSI c1b54526a616e8b6.cdf-ms"
8: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\d28645173831d001701e00008c13c807.$$_ehome_40103e2da1d121de.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms"
9: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\93494a173831d001711e00008c13c807.$$_ehome_createdisc_ed3f8f2e7a4426af.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_ed3f8f2e7a4426af.cdf-ms"
10: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\f3aa4c173831d001721e00008c13c807.$$_ehome_createdisc_sonicresources_7e22c968e006c522.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_sonicresources_7e22c968e006c522.cdf-ms"
11: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\78467c173831d001731e00008c13c807.$$_ehome_createdisc_styles_pal_55d264f56641a00e.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_styles_pal_55d264f56641a00e.cdf-ms"
12: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\d9a77e173831d001741e00008c13c807.$$_ehome_createdisc_styles_pal_symphony_b9729623521ab9e5.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_styles_pal_symphony_b9729623521ab9e5.cdf-ms"
13: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\d9a77e173831d001751e00008c13c807.$$_ehome_createdisc_styles_pal_symphony_symphony_f1d008156719fefe.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_styles_pal_symphony_symphony_f1d008156719fefe.cdf-ms"
14: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\996a83173831d001761e00008c13c807.$$_ehome_createdisc_style_0d4521df11573950.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_style_0d4521df11573950.cdf-ms"
15: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\Pendi
2015-01-15 18:56:59, Info CSI ngRenames\93ca60183831d001771e00008c13c807.program_files_windows_sidebar_en-us_467d8a71f43f36ce.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_sidebar_en-us_467d8a71f43f36ce.cdf-ms"
16: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\165b7d183831d001781e00008c13c807.$$_ehome_createdisc_styles_ntsc_c4d1e502f2c449b1.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_styles_ntsc_c4d1e502f2c449b1.cdf-ms"
17: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\76bc7f183831d001791e00008c13c807.$$_ehome_createdisc_styles_ntsc_symphony_daaa4003771a0c78.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_styles_ntsc_symphony_daaa4003771a0c78.cdf-ms"
18: Move File: Source = [l:290{145}]"\SystemRoot\WinSxS\Temp\PendingRenames\d71d82183831d0017a1e00008c13c807.$$_ehome_createdisc_styles_ntsc_symphony_symphony_97a43ae95f09b239.cdf-ms", Destination = [l:202{101}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_styles_ntsc_symphony_symphony_97a43ae95f09b239.cdf-ms"
19: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\377f84183831d0017b1e00008c13c807.$$_ehome_createdisc_components_ccfb52aef0cf0151.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_components_ccfb52aef0cf0151.cdf-ms"
20: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\f74189183831d0017c1e00008c13c807.$$_ehome_createdisc_components_tables_c2b8c3e0749098d8.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_ehome_createdisc_components_tables_c2b8c3e0749098d8.cdf-ms"

POQ 68 ends.
2015-01-15 18:56:59, Info CSI 00000171 [SR] Verify complete
2015-01-15 18:56:59, Info CSI 00000172 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:56:59, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2015-01-15 18:57:08, Info CSI 00000174 Repair results created:
POQ 69 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\336db81c3831d001e11e00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\5491bf1c3831d001e21e00008c13c807.programdata_microsoft_devicesync_d6b7928aa153816d.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_devicesync_d6b7928aa153816d.cdf-ms"
2: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\74b5c61c3831d001e31e00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
3: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\1b75fd1c3831d001e41e00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
4: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\7bd6ff1c3831d001e51e00008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
5: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\db37021d3831d001e61e00008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
6: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c99041d3831d001e71e00008c13c807.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
7: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\5cbd0b1d3831d001e81e00008c13c807.program_files_common_files_microsoft_shared_ink_hwrcusto
2015-01-15 18:57:08, Info CSI mization_198fbcb0f379ad82.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_hwrcustomization_198fbcb0f379ad82.cdf-ms"
8: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\e66e611d3831d001e91e00008c13c807.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
9: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\8818721d3831d001ea1e00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
10: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\49db761d3831d001eb1e00008c13c807.$$_system32_speech_engines_sr_f5f77fb9283237d8.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_engines_sr_f5f77fb9283237d8.cdf-ms"
11: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\4be6891d3831d001ec1e00008c13c807.$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms"
12: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\4ffcaf1d3831d001ed1e00008c13c807.$$_speech_common_76cd6f1aaba6e83b.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_speech_common_76cd6f1aaba6e83b.cdf-ms"
13: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\934fd11d3831d001ee1e00008c13c807.$$_system32_speech_common_8c297630658eaa3d.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_speech_common_8c297630658eaa3d.cdf-ms"
14: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{118f7939-a041-48d3-ee22-e585dac90889}", Type = REG_SZ (1), Data = {l:58 b:7300720063006f00720065002e0064006c006c002c005300790073007000720065007000470065006e006500720061006c0069007a006
2015-01-15 18:57:08, Info CSI 5000000}
15: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{118f7939-a041-48d3-b4ea-08ccb5259f11}", Type = REG_SZ (1), Data = {l:52 b:7300720063006f00720065002e0064006c006c002c00530079007300700072006500700043006c00650061006e00750070000000}
16: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{631056b6-1cf8-0045-5cc0-12a85b132913}", Type = REG_SZ (1), Data = {l:64 b:730071006d006100700069002e0064006c006c002c00530071006d005300790073007000720065007000470065006e006500720061006c0069007a0065000000}
17: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{631056b6-1cf8-0045-23c7-60544b9fbb46}", Type = REG_SZ (1), Data = {l:64 b:730071006d006100700069002e0064006c006c002c00530071006d0053007900730070007200650070005300700065006300690061006c0069007a0065000000}
18: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{631056b6-1cf8-0045-d01e-70397b096ced}", Type = REG_SZ (1), Data = {l:58 b:730071006d006100700069002e0064006c006c002c00530071006d00530079007300700072006500700043006c00650061006e00750070000000}
19: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{aefc2210-ce4a-147a-410d-e7bf974f5136}", Type = REG_SZ (1), Data = {l:106 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730070006200630064002e0064006c006c002c0053007900730070007200650070005f00470065006e006500720061006c0069007a0065005f004200630064000000}
20: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{aefc2210-ce4a-147a-30fc-1a64408619ba}", Type = REG_SZ (1), Data = {l:106 b:43003a0
2015-01-15 18:57:08, Info CSI 05c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730070006200630064002e0064006c006c002c0053007900730070007200650070005f005300700065006300690061006c0069007a0065005f004200630064000000}
21: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{abaa7989-1eaa-19b9-07bd-00f3276e41cf}", Type = REG_SZ (1), Data = {l:106 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730070006f0070006b002e0064006c006c002c0053007900730070007200650070005f00470065006e006500720061006c0069007a0065005f004f0070006b000000}
22: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{abaa7989-1eaa-19b9-a048-412e48a3b856}", Type = REG_SZ (1), Data = {l:96 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730070006f0070006b002e0064006c006c002c0053007900730070007200650070005f0043006c00650061006e005f004f0070006b000000}
23: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{abaa7989-1eaa-19b9-f6ab-3497d0a40953}", Type = REG_SZ (1), Data = {l:106 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730070006f0070006b002e0064006c006c002c0053007900730070007200650070005f005300700065006300690061006c0069007a0065005f004f0070006b000000}

POQ 69 ends.
2015-01-15 18:57:08, Info CSI 00000175 [SR] Verify complete
2015-01-15 18:57:08, Info CSI 00000176 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:57:08, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2015-01-15 18:57:17, Info CSI 00000178 Repair results created:
POQ 70 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\75b920213831d001531f00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\75b920213831d001541f00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\56a02c213831d001551f00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
3: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\56a02c213831d001561f00008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
4: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\56a02c213831d001571f00008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
5: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\176331213831d001581f00008c13c807.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
6: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\378738213831d001591f00008c13c807.program_files_common_files_microsoft_shared_ink_he-il_8fc96dd2117fd4e1.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_he-il_8fc96dd2117fd4e1.cdf-ms"
7: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\f8493d213831d0015a1f00008c13c807.program_files
2015-01-15 18:57:17, Info CSI _common_files_microsoft_shared_ink_ar-sa_827c11e62573e02c.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_ar-sa_827c11e62573e02c.cdf-ms"
8: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\09a2d5213831d0015b1f00008c13c807.program_files_common_files_microsoft_shared_ink_en-us_8a16130a1a0cde0c.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_en-us_8a16130a1a0cde0c.cdf-ms"
9: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\2ac6dc213831d0015c1f00008c13c807.program_files_common_files_microsoft_shared_ink_el-gr_8a16116c1a0ce035.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_el-gr_8a16116c1a0ce035.cdf-ms"
10: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\6c0eeb213831d0015d1f00008c13c807.program_files_windows_journal_ada99bf7bc9c9733.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_journal_ada99bf7bc9c9733.cdf-ms"
11: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\cc6fed213831d0015e1f00008c13c807.program_files_windows_journal_en-us_ff6188d8bbb083f5.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_journal_en-us_ff6188d8bbb083f5.cdf-ms"
12: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\9c7f77223831d0015f1f00008c13c807.program_files_common_files_microsoft_shared_ink_da-dk_882f8e141ce6a40d.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_da-dk_882f8e141ce6a40d.cdf-ms"
13: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\145a4b233831d001601f00008c13c807.program_files_common_files_microsoft_shared_ink_de-de_882f82201ce6b667.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_in
2015-01-15 18:57:17, Info CSI k_de-de_882f82201ce6b667.cdf-ms"
14: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\d51c50233831d001611f00008c13c807.program_files_common_files_microsoft_shared_ink_et-ee_8a15f79e1a0d07c0.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_et-ee_8a15f79e1a0d07c0.cdf-ms"
15: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\357e52233831d001621f00008c13c807.program_files_common_files_microsoft_shared_ink_fi-fi_8bfc785c1733457b.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fi-fi_8bfc785c1733457b.cdf-ms"
16: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6035c233831d001631f00008c13c807.program_files_common_files_microsoft_shared_ink_fr-fr_8bfc882e17332eb3.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fr-fr_8bfc882e17332eb3.cdf-ms"
17: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\77c660233831d001641f00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
18: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\d72763233831d001651f00008c13c807.$$_inf_termservice_f0fb244350031192.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_inf_termservice_f0fb244350031192.cdf-ms"
19: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\197071233831d001661f00008c13c807.$$_inf_termservice_0409_f96d648f6bc76413.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_inf_termservice_0409_f96d648f6bc76413.cdf-ms"
20: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\3a9478233831d001671f00008c13c807.program_files_common_files_microsoft_shared_ink_hr-hr_8fc97762117fc7e7.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_file
2015-01-15 18:57:17, Info CSI s_microsoft_shared_ink_hr-hr_8fc97762117fc7e7.cdf-ms"
21: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\bb1982233831d001681f00008c13c807.program_files_common_files_microsoft_shared_ink_es-es_8a1612561a0cdf91.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_es-es_8a1612561a0cdf91.cdf-ms"
22: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\1b7b84233831d001691f00008c13c807.program_files_common_files_microsoft_shared_ink_bg-bg_84629670229a1823.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_bg-bg_84629670229a1823.cdf-ms"
23: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\3c9f8b233831d0016a1f00008c13c807.program_files_common_files_microsoft_shared_ink_cs-cz_8649306c1fc0326e.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_cs-cz_8649306c1fc0326e.cdf-ms"

POQ 70 ends.
2015-01-15 18:57:17, Info CSI 00000179 [SR] Verify complete
2015-01-15 18:57:18, Info CSI 0000017a [SR] Verifying 100 (0x00000064) components
2015-01-15 18:57:18, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2015-01-15 18:57:30, Info CSI 0000017c Ignoring duplicate ownership for directory [l:108{54}]"\??\C:\Program Files\Common Files\Microsoft Shared\Ink" in component Microsoft-Windows-TabletPC-Platform-COMRuntime, Version = 6.1.7601.18493, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:57:31, Info CSI 0000017d Repair results created:
POQ 71 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\5087a7293831d001cf1f00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\5087a7293831d001d01f00008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\5087a7293831d001d11f00008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\b0e8a9293831d001d21f00008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\d10cb1293831d001d31f00008c13c807.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
5: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\316eb3293831d001d41f00008c13c807.program_files_common_files_microsoft_shared_ink_zh-tw_b1fdeb1bde31194e.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_zh-tw_b1fdeb1bde31194e.cdf-ms"
6: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\316eb3293831d001d51f00008c13c807.program_files_common_files_microsoft_shared_ink_zh-cn_b1fdda05de3132de.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_zh-cn_b1fdda05de31
2015-01-15 18:57:31, Info CSI 32de.cdf-ms"
7: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\b2f3bc293831d001d61f00008c13c807.program_files_common_files_microsoft_shared_ink_uk-ua_a87d6ae9ec71d9eb.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_uk-ua_a87d6ae9ec71d9eb.cdf-ms"
8: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\840e5a2a3831d001d71f00008c13c807.program_files_common_files_microsoft_shared_ink_nb-no_9b30418c006596fe.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_nb-no_9b30418c006596fe.cdf-ms"
9: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\45d15e2a3831d001d81f00008c13c807.program_files_common_files_microsoft_shared_ink_sl-si_a4b08ac1f2252a40.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_sl-si_a4b08ac1f2252a40.cdf-ms"
10: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\e77a6f2a3831d001d91f00008c13c807.program_files_common_files_microsoft_shared_ink_pt-br_9efd33e9fab22d4b.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_pt-br_9efd33e9fab22d4b.cdf-ms"
11: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\29c37d2a3831d001da1f00008c13c807.program_files_common_files_microsoft_shared_ink_ko-kr_957cde9c08f2acc2.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_ko-kr_957cde9c08f2acc2.cdf-ms"
12: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa48872a3831d001db1f00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
13: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa48872a3831d001dc1f00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3
2015-01-15 18:57:31, Info CSI f581daba4c8c835.cdf-ms"
14: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\6a0b8c2a3831d001dd1f00008c13c807.$$_inf_termservice_f0fb244350031192.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_inf_termservice_f0fb244350031192.cdf-ms"
15: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\ca6c8e2a3831d001de1f00008c13c807.$$_inf_termservice_0000_f96d5ce56bc76fc8.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_inf_termservice_0000_f96d5ce56bc76fc8.cdf-ms"
16: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\6c169f2a3831d001df1f00008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ed9ba82a3831d001e01f00008c13c807.$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms"
18: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\6f21b22a3831d001e11f00008c13c807.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms"
19: Move File: Source = [l:344{172}]"\SystemRoot\WinSxS\Temp\PendingRenames\8f45b92a3831d001e21f00008c13c807.$$_system32_tasks_microsoft_windows_remoteapp_and_desktop_connections_update_c0beaecbfc21a5e1.cdf-ms", Destination = [l:256{128}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_remoteapp_and_desktop_connections_update_c0beaecbfc21a5e1.cdf-ms"
20: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\b069c02a3831d001e31f00008c13c807.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms"
21: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\712cc52a3831d001e41f00008c13c80
2015-01-15 18:57:31, Info CSI 7.$$_schemas_tsworkspace_8eac79c1e59127ee.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_tsworkspace_8eac79c1e59127ee.cdf-ms"
22: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\b9950c2b3831d001e51f00008c13c807.program_files_common_files_microsoft_shared_ink_tr-tr_a6971299ef4b5f1f.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_tr-tr_a6971299ef4b5f1f.cdf-ms"
23: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\7a58112b3831d001e61f00008c13c807.program_files_common_files_microsoft_shared_ink_lv-lv_97635cd20618f02f.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_lv-lv_97635cd20618f02f.cdf-ms"
24: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\9a7c182b3831d001e71f00008c13c807.program_files_common_files_microsoft_shared_ink_lt-lt_9763594e0618f53f.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_lt-lt_9763594e0618f53f.cdf-ms"
25: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\5b3f1d2b3831d001e81f00008c13c807.program_files_common_files_microsoft_shared_ink_th-th_a6970105ef4b786f.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_th-th_a6970105ef4b786f.cdf-ms"
26: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\decf392b3831d001e91f00008c13c807.program_files_common_files_microsoft_shared_ink_it-it_91aff2800ea60f71.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_it-it_91aff2800ea60f71.cdf-ms"
27: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\9f923e2b3831d001ea1f00008c13c807.program_files_common_files_microsoft_shared_ink_nl-nl_9b303a720065a2b3.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\progra
2015-01-15 18:57:31, Info CSI m_files_common_files_microsoft_shared_ink_nl-nl_9b303a720065a2b3.cdf-ms"
28: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\80794a2b3831d001eb1f00008c13c807.program_files_common_files_microsoft_shared_ink_sk-sk_a4b08eb1f225243d.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_sk-sk_a4b08eb1f225243d.cdf-ms"
29: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\c2c1582b3831d001ec1f00008c13c807.program_files_common_files_microsoft_shared_ink_pl-pl_9efd29a5fab23be7.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_pl-pl_9efd29a5fab23be7.cdf-ms"
30: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\22235b2b3831d001ed1f00008c13c807.program_files_common_files_microsoft_shared_ink_hu-hu_8fc97ca8117fc04f.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_hu-hu_8fc97ca8117fc04f.cdf-ms"
31: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\a3a8642b3831d001ee1f00008c13c807.program_files_common_files_microsoft_shared_ink_pt-pt_9efd37b5fab227a7.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_pt-pt_9efd37b5fab227a7.cdf-ms"
32: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\030a672b3831d001ef1f00008c13c807.program_files_common_files_microsoft_shared_ink_sr-latn-cs_c779913ce1dfaa20.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_sr-latn-cs_c779913ce1dfaa20.cdf-ms"
33: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4cc6b2b3831d001f01f00008c13c807.program_files_common_files_microsoft_shared_ink_ru-ru_a2ca28abf4febe53.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_ru-ru_a2ca28abf4febe53.cdf-m
2015-01-15 18:57:31, Info CSI s"
34: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\c4cc6b2b3831d001f11f00008c13c807.program_files_common_files_microsoft_shared_ink_ro-ro_a2ca1e1ff4fecd83.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_ro-ro_a2ca1e1ff4fecd83.cdf-ms"
35: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\e5f0722b3831d001f21f00008c13c807.program_files_common_files_microsoft_shared_ink_sv-se_a4b081c1f22538ce.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_sv-se_a4b081c1f22538ce.cdf-ms"
36: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\66767c2b3831d001f31f00008c13c807.program_files_common_files_microsoft_shared_ink_ja-jp_9396652e0bcc616c.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_ja-jp_9396652e0bcc616c.cdf-ms"
37: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{4dd44807-f540-eb49-2e23-229f6b9bef89}", Type = REG_SZ (1), Data = {l:116 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c00520064007000530079007300500072006500700052006500730074006f00720065000000}
38: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{4dd44807-f540-eb49-86d6-c722da22bf5b}", Type = REG_SZ (1), Data = {l:122 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c005200640070005300790073005000720065007000470065006e006500720061006c0069007a0065000000}
39: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Valu
2015-01-15 18:57:31, Info CSI e = [l:76{38}]"{68ccc898-36ac-a74c-f4c8-f1c87dade9d7}", Type = REG_SZ (1), Data = {l:114 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c004c0053004d0053007900730050007200650070004200610063006b00750070000000}
40: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{68ccc898-36ac-a74c-2848-d06e242bc47b}", Type = REG_SZ (1), Data = {l:116 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c004c0053004d00530079007300500072006500700052006500730074006f00720065000000}

POQ 71 ends.
2015-01-15 18:57:31, Info CSI 0000017e [SR] Verify complete
2015-01-15 18:57:31, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2015-01-15 18:57:31, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2015-01-15 18:57:44, Info CSI 00000181 Repair results created:
POQ 72 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\be32d0323831d001582000008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\7ef5d4323831d001592000008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\3fb8d9323831d0015a2000008c13c807.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\9f19dc323831d0015b2000008c13c807.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
4: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\872121333831d0015c2000008c13c807.$$_shellnew_0394304acf469b24.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_shellnew_0394304acf469b24.cdf-ms"
5: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\872121333831d0015d2000008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
6: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\e78223333831d0015e2000008c13c807.program_files_windows_journal_ada99bf7bc9c9733.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_journal_ada99bf7bc9c9733.cdf-ms"
7: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\a84528333831d0015f2000008c13c807.program_files_windows_journal_templates_b0a4d1151554acfa.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_journal_templates_b0a4d1151554acfa.cdf-ms"
8: Move File: Source
2015-01-15 18:57:44, Info CSI = [l:334{167}]"\SystemRoot\WinSxS\Temp\PendingRenames\a84528333831d001602000008c13c807.programdata_microsoft_windows_start_menu_programs_accessories_tablet_pc_0ed3cc98382d9d9a.cdf-ms", Destination = [l:246{123}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_accessories_tablet_pc_0ed3cc98382d9d9a.cdf-ms"
9: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\08a72a333831d001612000008c13c807.programdata_microsoft_windows_start_menu_programs_tablet_pc_55463303c7fe1328.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_tablet_pc_55463303c7fe1328.cdf-ms"
10: Set File Information: File = [l:156{78}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC", Attributes = 00000080
11: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\4aef38333831d001622000008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
12: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\4aef38333831d001632000008c13c807.$$_inf_tapisrv_20c65cafb424239c.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_inf_tapisrv_20c65cafb424239c.cdf-ms"
13: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\aa503b333831d001642000008c13c807.$$_inf_tapisrv_0000_2e9995ea1b86323e.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_tapisrv_0000_2e9995ea1b86323e.cdf-ms"
14: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\ec9849333831d001652000008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
15: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\ec9849333831d001662000008c13c807.$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1d
2015-01-15 18:57:44, Info CSI d67a5a1ae70e.cdf-ms"
16: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\ec9849333831d001672000008c13c807.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms"
17: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\0dbd50333831d001682000008c13c807.$$_inf_tapisrv_0409_2e999d941b862689.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_tapisrv_0409_2e999d941b862689.cdf-ms"
18: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\b17174333831d001692000008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
19: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\b17174333831d0016a2000008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
20: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\11d376333831d0016b2000008c13c807.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
21: Move File: Source = [l:314{157}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2957b333831d0016c2000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_92b215ec670a7f35.cdf-ms", Destination = [l:226{113}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_92b215ec670a7f35.cdf-ms"
22: Move File: Source = [l:330{165}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2957b333831d0016d2000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_oskmenu_4ada925d6aba5911.cdf-ms", Destination = [l:242{121}]"\SystemRoot\WinSx
2015-01-15 18:57:44, Info CSI S\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskmenu_4ada925d6aba5911.cdf-ms"
23: Move File: Source = [l:330{165}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2957b333831d0016e2000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_numbers_4ea57ed36511f733.cdf-ms", Destination = [l:242{121}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_numbers_4ea57ed36511f733.cdf-ms"
24: Move File: Source = [l:334{167}]"\SystemRoot\WinSxS\Temp\PendingRenames\32f77d333831d0016f2000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_osknumpad_ee37ed195958108b.cdf-ms", Destination = [l:246{123}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknumpad_ee37ed195958108b.cdf-ms"
25: Move File: Source = [l:328{164}]"\SystemRoot\WinSxS\Temp\PendingRenames\32f77d333831d001702000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_keypad_bb29f287c24d4a93.cdf-ms", Destination = [l:240{120}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_keypad_bb29f287c24d4a93.cdf-ms"
26: Move File: Source = [l:330{165}]"\SystemRoot\WinSxS\Temp\PendingRenames\32f77d333831d001712000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_symbols_4eaf815d64e8ecbc.cdf-ms", Destination = [l:242{121}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_symbols_4eaf815d64e8ecbc.cdf-ms"
27: Move File: Source = [l:330{165}]"\SystemRoot\WinSxS\Temp\PendingRenames\925880333831d001722000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_oskpred_4ada71c56aba89ef.cdf-ms", Destination = [l:242{121}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskpred_4ada71c56aba89ef.cdf-ms"
28: Move File: Source = [l:328{164}]"\SystemRoot\WinSxS\Temp\PendingRenames\925880333831d001732000008c13c807.program_files_common_files
2015-01-15 18:57:44, Info CSI _microsoft_shared_ink_fsdefinitions_auxpad_bb15ebb5c2b76782.cdf-ms", Destination = [l:240{120}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_auxpad_bb15ebb5c2b76782.cdf-ms"
29: Move File: Source = [l:324{162}]"\SystemRoot\WinSxS\Temp\PendingRenames\925880333831d001742000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_main_992db4c6307e339e.cdf-ms", Destination = [l:236{118}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_main_992db4c6307e339e.cdf-ms"
30: Move File: Source = [l:322{161}]"\SystemRoot\WinSxS\Temp\PendingRenames\925880333831d001752000008c13c807.program_files_common_files_microsoft_shared_ink_fsdefinitions_web_310c2550dac9ac6b.cdf-ms", Destination = [l:234{117}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_web_310c2550dac9ac6b.cdf-ms"
31: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{b2a23885-23ff-9082-0218-900956130400}", Type = REG_SZ (1), Data = {l:116 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c00520043004d00530079007300500072006500700052006500730074006f00720065000000}

POQ 72 ends.
2015-01-15 18:57:44, Info CSI 00000182 [SR] Verify complete
2015-01-15 18:57:44, Info CSI 00000183 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:57:44, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2015-01-15 18:57:49, Info CSI 00000185 Repair results created:
POQ 73 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c7e15f363831d001da2000008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\274362363831d001db2000008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\082a6e363831d001dc2000008c13c807.$$_servicing_fc2045b9046cc796.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms"

POQ 73 ends.
2015-01-15 18:57:49, Info CSI 00000186 [SR] Verify complete
2015-01-15 18:57:50, Info CSI 00000187 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:57:50, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2015-01-15 18:57:58, Info CSI 00000189 Repair results created:
POQ 74 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\a8ccc53a3831d001412100008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:312{156}]"\SystemRoot\WinSxS\Temp\PendingRenames\092ec83a3831d001422100008c13c807.programdata_microsoft_user_account_pictures_default_pictures_e70ab2484087f163.cdf-ms", Destination = [l:224{112}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_user_account_pictures_default_pictures_e70ab2484087f163.cdf-ms"
2: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\ea14d43a3831d001432100008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
3: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ec9f73a3831d001442100008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
4: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\afedfe3a3831d001452100008c13c807.$$_inf_usbhub_299dea1039e75d30.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\$$_inf_usbhub_299dea1039e75d30.cdf-ms"
5: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\0f4f013b3831d001462100008c13c807.$$_inf_usbhub_0000_1bec33bb3c8ba8f4.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_inf_usbhub_0000_1bec33bb3c8ba8f4.cdf-ms"
6: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\d4272c3b3831d001472100008c13c807.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms"
7: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\95ea303b3831d001482100008c13c807.$$_schemas_availablenetwork_aaf14dcc87fea431.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_availablenetwork_aaf14dcc87fea431.cdf-ms"

2015-01-15 18:57:58, Info CSI 8: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\3db57a3b3831d001492100008c13c807.$$_inf_usbhub_0409_1bec32773c8babd1.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_inf_usbhub_0409_1bec32773c8babd1.cdf-ms"

POQ 74 ends.
2015-01-15 18:57:58, Info CSI 0000018a [SR] Verify complete
2015-01-15 18:57:59, Info CSI 0000018b [SR] Verifying 100 (0x00000064) components
2015-01-15 18:57:59, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:10, Info CSI 0000018d Ignoring duplicate ownership for directory [l:86{43}]"\??\C:\Windows\System32\WinBioPlugIns\en-US" in component Microsoft-Windows-WBioStorageAdapter.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2015-01-15 18:58:10, Info CSI 0000018e Repair results created:
POQ 75 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\48714a413831d001ae2100008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\48714a413831d001af2100008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\6ba064413831d001b02100008c13c807.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms"
3: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\6ba064413831d001b12100008c13c807.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms"
4: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\ade872413831d001b22100008c13c807.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms"
5: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\6eab77413831d001b32100008c13c807.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms"
6: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\ce0c7a413831d001b42100008c13c807.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms"
7: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\2e6e7c413831d
2015-01-15 18:58:10, Info CSI 001b52100008c13c807.$$_schemas_wcn_b437fb7b7751c8a8.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_wcn_b437fb7b7751c8a8.cdf-ms"
8: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\1fa20d423831d001b62100008c13c807.$$_performance_02bd33cc045df684.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_performance_02bd33cc045df684.cdf-ms"
9: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\7f0310423831d001b72100008c13c807.$$_performance_winsat_ac47b36afb2fa68e.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_performance_winsat_ac47b36afb2fa68e.cdf-ms"
10: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\ce8d90423831d001b82100008c13c807.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms"
11: Move File: Source = [l:308{154}]"\SystemRoot\WinSxS\Temp\PendingRenames\ce8d90423831d001b92100008c13c807.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms", Destination = [l:220{110}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms"
12: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\7037a1423831d001ba2100008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
13: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\d098a3423831d001bb2100008c13c807.$$_system32_wcn_06656d8dd047aafe.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wcn_06656d8dd047aafe.cdf-ms"
14: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\915ba8423831d001bc2100008c13c807.$$_system32_wcn_en-us_f42897ed07859b3c.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_system
2015-01-15 18:58:10, Info CSI 32_wcn_en-us_f42897ed07859b3c.cdf-ms"
15: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\d2a3b6423831d001bd2100008c13c807.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms"
16: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\b48ac2423831d001be2100008c13c807.$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms"
17: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\b48ac2423831d001bf2100008c13c807.$$_system32_winbioplugins_en-us_4600b46a9eff5ffa.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_winbioplugins_en-us_4600b46a9eff5ffa.cdf-ms"

POQ 75 ends.
2015-01-15 18:58:10, Info CSI 0000018f [SR] Verify complete
2015-01-15 18:58:10, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:10, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:19, Info CSI 00000192 Repair results created:
POQ 76 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\b6992f473831d001242200008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\775c34473831d001252200008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\f8e13d473831d001262200008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\b8a442473831d001272200008c13c807.$$_system32_winrm_0409_a9926295fab42c40.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_winrm_0409_a9926295fab42c40.cdf-ms"
4: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\5a4e53473831d001282200008c13c807.$$_system32_wbem_06656d9fdf2f8577.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms"
5: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\baaf55473831d001292200008c13c807.$$_system32_wbem_xml_026f0f207227ebbc.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_system32_wbem_xml_026f0f207227ebbc.cdf-ms"
6: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\fcf763473831d0012a2200008c13c807.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms"
7: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\1d1c6b473831d0012b2200008c13c807.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps
2015-01-15 18:58:19, Info CSI \$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms"
8: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\5f6479473831d0012c2200008c13c807.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms"
9: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\7f8880473831d0012d2200008c13c807.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms"
10: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\425698473831d0012e2200008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
11: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\425698473831d0012f2200008c13c807.program_files_windows_mail_e07902f329fe05e9.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms"
12: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\243da4473831d001302200008c13c807.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms"
13: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\e4ffa8473831d001312200008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
14: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\a5c2ad473831d001322200008c13c807.program_files_common_files_system_b13078daf1286f60.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\program_files_co
2015-01-15 18:58:19, Info CSI mmon_files_system_b13078daf1286f60.cdf-ms"
15: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\86a9b9473831d001332200008c13c807.program_files_common_files_system_en-us_48bd774a3f1387ec.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_system_en-us_48bd774a3f1387ec.cdf-ms"
16: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\e815cf473831d001342200008c13c807.$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms"
17: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\e815cf473831d001352200008c13c807.$$_system32_winbioplugins_en-us_4600b46a9eff5ffa.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_winbioplugins_en-us_4600b46a9eff5ffa.cdf-ms"
18: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\4977d1473831d001362200008c13c807.$$_twain_32_209f76caa35c9a77.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_twain_32_209f76caa35c9a77.cdf-ms"
19: Move File: Source = [l:220{110}]"\SystemRoot\WinSxS\Temp\PendingRenames\91e018483831d001372200008c13c807.$$_performance_02bd33cc045df684.cdf-ms", Destination = [l:132{66}]"\SystemRoot\WinSxS\FileMaps\$$_performance_02bd33cc045df684.cdf-ms"
20: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\f1411b483831d001382200008c13c807.$$_performance_winsat_ac47b36afb2fa68e.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_performance_winsat_ac47b36afb2fa68e.cdf-ms"
21: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\f1411b483831d001392200008c13c807.$$_performance_winsat_datastore_34fe222e5de27d61.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_performance_winsat_datastore_34fe222e5de27d61.cdf-ms"
22: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Syspre
2015-01-15 18:58:19, Info CSI p\Generalize", Value = [l:76{38}]"{99325eca-b1ac-79d7-d3d1-771286930ef6}", Type = REG_SZ (1), Data = {l:106 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00770075006100750065006e0067002e0064006c006c002c00470065006e006500720061006c0069007a00650046006f00720049006d006100670069006e0067000000}

POQ 76 ends.
2015-01-15 18:58:19, Info CSI 00000193 [SR] Verify complete
2015-01-15 18:58:19, Info CSI 00000194 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:19, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:25, Info CSI 00000196 Repair results created:
POQ 77 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\1b949b4a3831d0019e2200008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\1b949b4a3831d0019f2200008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\db56a04a3831d001a02200008c13c807.$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms"
3: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\fc7aa74a3831d001a12200008c13c807.$$_microsoft.net_framework_83386eac0379231b.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms"
4: Move File: Source = [l:320{160}]"\SystemRoot\WinSxS\Temp\PendingRenames\bd3dac4a3831d001a22200008c13c807.$$_microsoft.net_framework_v3.0_windows_communication_foundation_e07323de19ff1b52.cdf-ms", Destination = [l:232{116}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_windows_communication_foundation_e07323de19ff1b52.cdf-ms"
5: Move File: Source = [l:332{166}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d00b14a3831d001a32200008c13c807.$$_microsoft.net_framework_v3.0_windows_communication_foundation_en-us_ff3176905af82a92.cdf-ms", Destination = [l:244{122}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_windows_communication_foundation_en-us_ff3176905af82a92.cdf-ms"
6: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d00b14a3831d001a42200008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
7: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\9e24b84a3831d001a52200008c13c807.$$_inf_smsvc
2015-01-15 18:58:25, Info CSI host_3.0.0.0_0409_2d6da1915cb5fdbb.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_inf_smsvchost_3.0.0.0_0409_2d6da1915cb5fdbb.cdf-ms"
8: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\9e24b84a3831d001a62200008c13c807.$$_inf_servicemodeloperation_3.0.0.0_0409_9b92ccb8d51f570e.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\$$_inf_servicemodeloperation_3.0.0.0_0409_9b92ccb8d51f570e.cdf-ms"
9: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\9e24b84a3831d001a72200008c13c807.$$_inf_servicemodelservice_3.0.0.0_0409_2fd4df9e98bb9bb4.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_inf_servicemodelservice_3.0.0.0_0409_2fd4df9e98bb9bb4.cdf-ms"
10: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\ff85ba4a3831d001a82200008c13c807.$$_inf_msdtc_bridge_3.0.0.0_0409_5d6037fd7f35c3ab.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_bridge_3.0.0.0_0409_5d6037fd7f35c3ab.cdf-ms"
11: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\ff85ba4a3831d001a92200008c13c807.$$_inf_servicemodelendpoint_3.0.0.0_0409_1441b5536e0ddf54.cdf-ms", Destination = [l:184{92}]"\SystemRoot\WinSxS\FileMaps\$$_inf_servicemodelendpoint_3.0.0.0_0409_1441b5536e0ddf54.cdf-ms"
12: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\e06cc64a3831d001aa2200008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
13: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\a02fcb4a3831d001ab2200008c13c807.$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms"
14: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\0191cd4a3831d001ac2200008c13c807.$$_system32_winbiodatabase_8ca29eba075c22c3.cdf-ms", Destination = [l:156{78}]"\S
2015-01-15 18:58:25, Info CSI ystemRoot\WinSxS\FileMaps\$$_system32_winbiodatabase_8ca29eba075c22c3.cdf-ms"
15: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\bdbec24b3831d001ad2200008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
16: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\7d81c74b3831d001ae2200008c13c807.program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms"
17: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\dee2c94b3831d001af2200008c13c807.$$_inf_smsvchost_3.0.0.0_0000_2d6d90735cb61780.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_inf_smsvchost_3.0.0.0_0000_2d6d90735cb61780.cdf-ms"
18: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\dee2c94b3831d001b02200008c13c807.$$_inf_servicemodeloperation_3.0.0.0_0000_9b92bb9ad51f70d3.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\$$_inf_servicemodeloperation_3.0.0.0_0000_9b92bb9ad51f70d3.cdf-ms"
19: Move File: Source = [l:270{135}]"\SystemRoot\WinSxS\Temp\PendingRenames\9ea5ce4b3831d001b12200008c13c807.$$_inf_servicemodelservice_3.0.0.0_0000_2fd4d7f498bba769.cdf-ms", Destination = [l:182{91}]"\SystemRoot\WinSxS\FileMaps\$$_inf_servicemodelservice_3.0.0.0_0000_2fd4d7f498bba769.cdf-ms"
20: Move File: Source = [l:256{128}]"\SystemRoot\WinSxS\Temp\PendingRenames\9ea5ce4b3831d001b22200008c13c807.$$_inf_msdtc_bridge_3.0.0.0_0000_5d60388d7f35c25e.cdf-ms", Destination = [l:168{84}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_bridge_3.0.0.0_0000_5d60388d7f35c25e.cdf-ms"
21: Move File: Source = [l:272{136}]"\SystemRoot\WinSxS\Temp\PendingRenames\9ea5ce4b3831d001b32200008c13c807.$$_inf_servicemodelendpoint_3.0.0.0_0000_1441b5e36e0dde07.cdf-ms", Destination = [l:184{92}]"\SystemRoo
2015-01-15 18:58:25, Info CSI t\WinSxS\FileMaps\$$_inf_servicemodelendpoint_3.0.0.0_0000_1441b5e36e0dde07.cdf-ms"
22: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{ce259313-07cf-bcd4-58aa-df121c7314ed}", Type = REG_SZ (1), Data = {l:98 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00720065006100670065006e0074002e0064006c006c002c00570069006e00520045005f00470065006e006500720061006c0069007a0065000000}

POQ 77 ends.
2015-01-15 18:58:25, Info CSI 00000197 [SR] Verify complete
2015-01-15 18:58:25, Info CSI 00000198 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:25, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:31, Info CSI 0000019a Repair results created:
POQ 78 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e27b334f3831d001182300008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\e27b334f3831d001192300008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\43dd354f3831d0011a2300008c13c807.program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms"
3: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\03a03a4f3831d0011b2300008c13c807.program_files_windows_media_player_network_sharing_aed05552f451fd7d.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_media_player_network_sharing_aed05552f451fd7d.cdf-ms"
4: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\47f35b4f3831d0011c2300008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
5: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\a7545e4f3831d0011d2300008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
6: Move File: Source = [l:296{148}]"\SystemRoot\WinSxS\Temp\PendingRenames\08b6604f3831d0011e2300008c13c807.program_files_common_files_microsoft_shared_textconv_dfb016a4185c8725.cdf-ms", Destination = [l:208{104}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_textconv_dfb016a4185c8725.cdf-ms"
7: Move File: So
2015-01-15 18:58:31, Info CSI urce = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\6817634f3831d0011f2300008c13c807.program_files_windows_nt_6101456faac5015c.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_nt_6101456faac5015c.cdf-ms"
8: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\6817634f3831d001202300008c13c807.program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms"

POQ 78 ends.
2015-01-15 18:58:31, Info CSI 0000019b [SR] Verify complete
2015-01-15 18:58:31, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:31, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:39, Info CSI 0000019e Repair results created:
POQ 79 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\980b33533831d001852300008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\f86c35533831d001862300008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\79f23e533831d001872300008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\da5341533831d001882300008c13c807.$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms"
4: Move File: Source = [l:302{151}]"\SystemRoot\WinSxS\Temp\PendingRenames\fb7748533831d001892300008c13c807.$$_system32_windowspowershell_v1.0_modules_bitstransfer_935cce3b0456eb87.cdf-ms", Destination = [l:214{107}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitstransfer_935cce3b0456eb87.cdf-ms"
5: Move File: Source = [l:314{157}]"\SystemRoot\WinSxS\Temp\PendingRenames\fb7748533831d0018a2300008c13c807.$$_system32_windowspowershell_v1.0_modules_bitstransfer_en-us_8f6d5322d8d680dd.cdf-ms", Destination = [l:226{113}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitstransfer_en-us_8f6d5322d8d680dd.cdf-ms"
6: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\5bd94a533831d0018b2300008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
7: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\5bd94a533831d0018c2300008c13c807.$$_inf_windows_workflow_foundation_3.0.0.0
2015-01-15 18:58:39, Info CSI _0000_c87be1b3a75f787b.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\$$_inf_windows_workflow_foundation_3.0.0.0_0000_c87be1b3a75f787b.cdf-ms"
8: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\5bd94a533831d0018d2300008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
9: Move File: Source = [l:310{155}]"\SystemRoot\WinSxS\Temp\PendingRenames\1b9c4f533831d0018e2300008c13c807.program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms", Destination = [l:222{111}]"\SystemRoot\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms"
10: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\9d2159533831d0018f2300008c13c807.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
11: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\9d2159533831d001902300008c13c807.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
12: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\5de45d533831d001912300008c13c807.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
13: Move File: Source = [l:294{147}]"\SystemRoot\WinSxS\Temp\PendingRenames\5de45d533831d001922300008c13c807.program_files_common_files_microsoft_shared_ink_1.0_c96a7f20e8d9af65.cdf-ms", Destination = [l:206{103}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_1.0_c96a7f20e8d9af65.cdf-ms"
14: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\3ecb
2015-01-15 18:58:39, Info CSI 69533831d001932300008c13c807.$$_inf_windows_workflow_foundation_3.0.0.0_0409_c87be95da75f6cc6.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\$$_inf_windows_workflow_foundation_3.0.0.0_0409_c87be95da75f6cc6.cdf-ms"
15: Move File: Source = [l:282{141}]"\SystemRoot\WinSxS\Temp\PendingRenames\41d67c533831d001942300008c13c807.$$_system32_logfiles_windows_portable_devices_dcf2285bde880198.cdf-ms", Destination = [l:194{97}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_windows_portable_devices_dcf2285bde880198.cdf-ms"
16: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\61fa83533831d001952300008c13c807.$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms"
17: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\c25b86533831d001962300008c13c807.$$_microsoft.net_authman_27829e1b3df01691.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_authman_27829e1b3df01691.cdf-ms"
18: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\e58aa0533831d001972300008c13c807.$$_security_fe3ad40cd6e08c7c.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_security_fe3ad40cd6e08c7c.cdf-ms"
19: Move File: Source = [l:268{134}]"\SystemRoot\WinSxS\Temp\PendingRenames\0ac5cd533831d001982300008c13c807.program_files_windows_portable_devices_8ef3f2c72e8bb2ba.cdf-ms", Destination = [l:180{90}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_portable_devices_8ef3f2c72e8bb2ba.cdf-ms"
20: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\0edbf3533831d001992300008c13c807.$$_microsoft.net_framework_83386eac0379231b.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms"
21: Move File: Source = [l:262{131}]"\SystemRoot\WinSxS\Temp\PendingRenames\6f3cf6533831d0019a2300008c13c807.$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-m
2015-01-15 18:58:39, Info CSI s", Destination = [l:174{87}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms"
22: Move File: Source = [l:274{137}]"\SystemRoot\WinSxS\Temp\PendingRenames\cf9df8533831d0019b2300008c13c807.$$_microsoft.net_framework_v3.0_wpf_en-us_22092b638fc9de75.cdf-ms", Destination = [l:186{93}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_en-us_22092b638fc9de75.cdf-ms"
23: Move File: Source = [l:284{142}]"\SystemRoot\WinSxS\Temp\PendingRenames\8f60fd533831d0019c2300008c13c807.$$_microsoft.net_framework_v3.0_wpf_xamlviewer_97ff09273e68a809.cdf-ms", Destination = [l:196{98}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_xamlviewer_97ff09273e68a809.cdf-ms"
24: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\502302543831d0019d2300008c13c807.$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms"
25: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\b08404543831d0019e2300008c13c807.programdata_microsoft_wwansvc_b22df3b43960e1d3.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_wwansvc_b22df3b43960e1d3.cdf-ms"
26: Move File: Source = [l:268{134}]"\SystemRoot\WinSxS\Temp\PendingRenames\11e606543831d0019f2300008c13c807.programdata_microsoft_wwansvc_profiles_d39df26c249b675d.cdf-ms", Destination = [l:180{90}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_wwansvc_profiles_d39df26c249b675d.cdf-ms"
27: Set File Information: File = [l:72{36}]"\??\C:\ProgramData\Microsoft\WwanSvc", Attributes = 00000082
28: Set File Information: File = [l:90{45}]"\??\C:\ProgramData\Microsoft\WwanSvc\Profiles", Attributes = 00000082
29: Move File: Source = [l:346{173}]"\SystemRoot\WinSxS\Temp\PendingRenames\310a0e543831d001a02300008c13c807.programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9__0ce7c057892d5774.cdf-
2015-01-15 18:58:39, Info CSI ms", Destination = [l:258{129}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9__0ce7c057892d5774.cdf-ms"
30: Move File: Source = [l:356{178}]"\SystemRoot\WinSxS\Temp\PendingRenames\926b10543831d001a12300008c13c807.programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9_en-us_66e939cf450318c4.cdf-ms", Destination = [l:268{134}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9_en-us_66e939cf450318c4.cdf-ms"
31: Move File: Source = [l:294{147}]"\SystemRoot\WinSxS\Temp\PendingRenames\b28f17543831d001a22300008c13c807.program_files_common_files_microsoft_shared_ink_1.7_c96a7f2ee8d9af26.cdf-ms", Destination = [l:206{103}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_1.7_c96a7f2ee8d9af26.cdf-ms"

POQ 79 ends.
2015-01-15 18:58:39, Info CSI 0000019f [SR] Verify complete
2015-01-15 18:58:39, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:39, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:46, Info CSI 000001a2 Repair results created:
POQ 80 starts:

POQ 80 ends.
2015-01-15 18:58:46, Info CSI 000001a3 [SR] Verify complete
2015-01-15 18:58:46, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:46, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:48, Info CSI 000001a6 Repair results created:
POQ 81 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e92537593831d0016b2400008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\4a8739593831d0016c2400008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\cb0c43593831d0016d2400008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:260{130}]"\SystemRoot\WinSxS\Temp\PendingRenames\ec304a593831d0016e2400008c13c807.$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms", Destination = [l:172{86}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms"
4: Move File: Source = [l:316{158}]"\SystemRoot\WinSxS\Temp\PendingRenames\acf34e593831d0016f2400008c13c807.$$_system32_windowspowershell_v1.0_modules_troubleshootingpack_aa01ee5573cb1655.cdf-ms", Destination = [l:228{114}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_troubleshootingpack_aa01ee5573cb1655.cdf-ms"
5: Move File: Source = [l:328{164}]"\SystemRoot\WinSxS\Temp\PendingRenames\0c5551593831d001702400008c13c807.$$_system32_windowspowershell_v1.0_modules_troubleshootingpack_en-us_53560fea81cb8acf.cdf-ms", Destination = [l:240{120}]"\SystemRoot\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_troubleshootingpack_en-us_53560fea81cb8acf.cdf-ms"

POQ 81 ends.
2015-01-15 18:58:48, Info CSI 000001a7 [SR] Verify complete
2015-01-15 18:58:48, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:48, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:53, Info CSI 000001aa Repair results created:
POQ 82 starts:

POQ 82 ends.
2015-01-15 18:58:53, Info CSI 000001ab [SR] Verify complete
2015-01-15 18:58:53, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:53, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2015-01-15 18:58:58, Info CSI 000001ae Repair results created:
POQ 83 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\2553935f3831d001392500008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\2553935f3831d0013a2500008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\a6d89c5f3831d0013b2500008c13c807.$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms"
3: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\a6d89c5f3831d0013c2500008c13c807.$$_microsoft.net_framework_83386eac0379231b.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms"
4: Move File: Source = [l:266{133}]"\SystemRoot\WinSxS\Temp\PendingRenames\063a9f5f3831d0013d2500008c13c807.$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms", Destination = [l:178{89}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms"
5: Move File: Source = [l:288{144}]"\SystemRoot\WinSxS\Temp\PendingRenames\669ba15f3831d0013e2500008c13c807.$$_microsoft.net_framework_v2.0.50727_redistlist_2e6ab8b35e9ef953.cdf-ms", Destination = [l:200{100}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_redistlist_2e6ab8b35e9ef953.cdf-ms"

POQ 83 ends.
2015-01-15 18:58:58, Info CSI 000001af [SR] Verify complete
2015-01-15 18:58:59, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:58:59, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2015-01-15 18:59:07, Info CSI 000001b2 Repair results created:
POQ 84 starts:

POQ 84 ends.
2015-01-15 18:59:07, Info CSI 000001b3 [SR] Verify complete
2015-01-15 18:59:07, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:59:07, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2015-01-15 18:59:18, Info CSI 000001b6 Repair results created:
POQ 85 starts:

POQ 85 ends.
2015-01-15 18:59:18, Info CSI 000001b7 [SR] Verify complete
2015-01-15 18:59:19, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:59:19, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2015-01-15 18:59:27, Info CSI 000001ba Repair results created:
POQ 86 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\777778703831d0016b2600008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\d7d87a703831d0016c2600008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\f8fc81703831d0016d2600008c13c807.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:250{125}]"\SystemRoot\WinSxS\Temp\PendingRenames\b8bf86703831d0016e2600008c13c807.$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms", Destination = [l:162{81}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms"

POQ 86 ends.
2015-01-15 18:59:27, Info CSI 000001bb [SR] Verify complete
2015-01-15 18:59:27, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2015-01-15 18:59:27, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2015-01-15 18:59:48, Info CSI 000001be Repair results created:
POQ 87 starts:

POQ 87 ends.
2015-01-15 18:59:48, Info CSI 000001bf [SR] Verify complete
2015-01-15 18:59:48, Info CSI 000001c0 [SR] Verifying 100 (0x00000064) components
2015-01-15 18:59:48, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:05, Info CSI 000001c2 Repair results created:
POQ 88 starts:

POQ 88 ends.
2015-01-15 19:00:05, Info CSI 000001c3 [SR] Verify complete
2015-01-15 19:00:05, Info CSI 000001c4 [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:05, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:13, Info CSI 000001c6 Repair results created:
POQ 89 starts:

POQ 89 ends.
2015-01-15 19:00:13, Info CSI 000001c7 [SR] Verify complete
2015-01-15 19:00:13, Info CSI 000001c8 [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:13, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:17, Info CSI 000001ca Repair results created:
POQ 90 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a6a708e3831d001ff2700008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\8a6a708e3831d001002800008c13c807.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\4a2d758e3831d001012800008c13c807.program_files_windows_defender_3e33901162166ae9.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_defender_3e33901162166ae9.cdf-ms"
3: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\ab8e778e3831d001022800008c13c807.program_files_windows_defender_en-us_a607fb510b9fff95.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_defender_en-us_a607fb510b9fff95.cdf-ms"
4: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{b6a5991f-1ba5-597f-05f0-8c48a330cb4c}", Type = REG_SZ (1), Data = {l:114 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00770069006e00730068006600680063002e0064006c006c002c004d005200540043006f006d0070006f006e0065006e0074005f00470065006e006500720061006c0069007a0065000000}

POQ 90 ends.
2015-01-15 19:00:17, Info CSI 000001cb [SR] Verify complete
2015-01-15 19:00:17, Info CSI 000001cc [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:17, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:21, Info CSI 000001ce Repair results created:
POQ 91 starts:

POQ 91 ends.
2015-01-15 19:00:21, Info CSI 000001cf [SR] Verify complete
2015-01-15 19:00:21, Info CSI 000001d0 [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:21, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:27, Info CSI 000001d2 Repair results created:
POQ 92 starts:

POQ 92 ends.
2015-01-15 19:00:27, Info CSI 000001d3 [SR] Verify complete
2015-01-15 19:00:27, Info CSI 000001d4 [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:27, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:34, Info CSI 000001d6 Repair results created:
POQ 93 starts:

POQ 93 ends.
2015-01-15 19:00:34, Info CSI 000001d7 [SR] Verify complete
2015-01-15 19:00:35, Info CSI 000001d8 [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:35, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:37, Info CSI 000001da Repair results created:
POQ 94 starts:

POQ 94 ends.
2015-01-15 19:00:37, Info CSI 000001db [SR] Verify complete
2015-01-15 19:00:37, Info CSI 000001dc [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:37, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:39, Info CSI 000001de Repair results created:
POQ 95 starts:

POQ 95 ends.
2015-01-15 19:00:39, Info CSI 000001df [SR] Verify complete
2015-01-15 19:00:39, Info CSI 000001e0 [SR] Verifying 100 (0x00000064) components
2015-01-15 19:00:39, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:47, Info CSI 000001e2 Repair results created:
POQ 96 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\194254a03831d0015b2a00008c13c807._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\79a356a03831d0015c2a00008c13c807.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\79a356a03831d0015d2a00008c13c807.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
3: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\d90459a03831d0015e2a00008c13c807.$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms"
4: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\d90459a03831d0015f2a00008c13c807.$$_inf_ugthrsvc_0409_8451c270df70bfac.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0409_8451c270df70bfac.cdf-ms"
5: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\3a665ba03831d001602a00008c13c807.$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms"
6: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\3a665ba03831d001612a00008c13c807.$$_inf_ugatherer_0409_046b6321f9ca254f.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0409_046b6321f9ca254f.cdf-ms"
7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\3a665ba03831d001622a00008c13c807.$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms"
8: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenam
2015-01-15 19:00:47, Info CSI es\3a665ba03831d001632a00008c13c807.$$_inf_wsearchidxpi_0409_2e6e3e8caf9fcb6d.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0409_2e6e3e8caf9fcb6d.cdf-ms"
9: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\20638da03831d001642a00008c13c807.$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms"
10: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\80c48fa03831d001652a00008c13c807.$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms"
11: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\e02592a03831d001662a00008c13c807.$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms"
12: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{79bb210c-8d61-755d-feb3-aa882aa02408}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c006d00730073007200630068002e0064006c006c002c004d00530053007200630068005f0053007900730050007200650070005f0043006c00650061006e00750070000000}

POQ 96 ends.
2015-01-15 19:00:47, Info CSI 000001e3 [SR] Verify complete
2015-01-15 19:00:48, Info CSI 000001e4 [SR] Verifying 16 (0x00000010) components
2015-01-15 19:00:48, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:48, Info CSI 000001e6 Repair results created:
POQ 97 starts:

POQ 97 ends.
2015-01-15 19:00:48, Info CSI 000001e7 [SR] Verify complete
2015-01-15 19:00:48, Info CSI 000001e8 [SR] Repairing 0 components
2015-01-15 19:00:48, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2015-01-15 19:00:48, Info CSI 000001ea Repair results created:
POQ 98 starts:

POQ 98 ends.
2015-01-15 19:00:48, Info CSI 000001eb [SR] Repair complete

Juliet
2015-01-16, 12:51
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.

Below two additional links if the main web link is down.
http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe
http://www.bleepingcomputer.com/download/tdsskiller/dl/4/





Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG

Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

Click the Start Scan button.


If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please copy and paste its contents on your next reply.



A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~

Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/) and run it on the computer.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

spypcsense
2015-01-16, 19:06
Good morning Juliet.
Running the scans now. If this doesn't work what do you think of running all the scans again in safe mode and if that doesn't work loading all the anti malware files on a clean computer, installing the disk from this one and running the scans on it???
Regards
Bruce

Juliet
2015-01-16, 19:29
I want to cover areas for rootkit infections, then, FSS I hope will show us if there are service errors we can fix.
I see no reason why they can't be run in normal mode.


Transferring between computers sometimes can be risky, USB infections do exists.

~~~~~~~

MCShield Anti-Malware USB Tool (http://www.mcshield.net/) is a lightweight scanner designed to prevent infections transmitted via removable drives (usb, external, camera cards). It's real-time protection is only real-time when you plug-in an external. MCShield should not be confused with mcshield.exe which is a process (module/driver) related to McAfee Anti-virus

* MSChield Documentation & Program Features (http://www.mcshield.net/download/Doc/MCShield_Help_EN.pdf)

There is a lengthy discussion in this topic (http://malwaretips.com/threads/mcshield-anti-malware-v3-0.15076/) started by TwinHeadedEagle, a member of the MCShield developing team who sometimes visits our forums.


Download MCShield Anti-Malware USB Tool to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

~~~~~~~~~~~~~~~~~~~~~~~~~`
USB Scanning Tools:

Malwarebytes' Anti-Malware (http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial). For usb flash drives and/or other removable drives, perform a Full scan. The option for a HYPER SCAN (formerly FLASH SCAN) will analyze memory and autorun objects but that option is only available to licensed users in the paid version.
Norman Malware Cleaner (http://www.norman.com/home_and_small_office/trials_downloads/malware_cleaner). For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
Dr.Web CureIt (http://www.freedrweb.com/cureit/). Choose Custom Scan after the Express Scan has finished to add your usb or external drive to the scan.
Microsoft Safety Scanner (http://www.microsoft.com/security/scanner/en-us/default.aspx)
MCShield Anti-Malware Tool (http://www.mcshield.net/downloads.html)
ClamWin Portable Antivirus (http://portableapps.com/apps/utilities/clamwin_portable)
McAfee Avert Stinger Tool (http://vil.nai.com/vil/stinger/)

Removable Media TIP: Hold down the Shift key on your keyboard when inserting the external device.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

spypcsense
2015-01-16, 19:33
09:22:18.0346 0x2144 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
09:22:22.0152 0x2144 ============================================================
09:22:22.0152 0x2144 Current date / time: 2015/01/16 09:22:22.0152
09:22:22.0152 0x2144 SystemInfo:
09:22:22.0152 0x2144
09:22:22.0152 0x2144 OS Version: 6.1.7601 ServicePack: 1.0
09:22:22.0152 0x2144 Product type: Workstation
09:22:22.0152 0x2144 ComputerName: BRUCE-LENOVO
09:22:22.0152 0x2144 UserName: Bruce
09:22:22.0152 0x2144 Windows directory: C:\Windows
09:22:22.0152 0x2144 System windows directory: C:\Windows
09:22:22.0152 0x2144 Processor architecture: Intel x86
09:22:22.0152 0x2144 Number of processors: 4
09:22:22.0152 0x2144 Page size: 0x1000
09:22:22.0152 0x2144 Boot type: Normal boot
09:22:22.0152 0x2144 ============================================================
09:22:23.0494 0x2144 KLMD registered as C:\Windows\system32\drivers\49677162.sys
09:22:24.0055 0x2144 System UUID: {5C5497F2-AB82-E6C6-9B2A-5E273D5EB167}
09:22:24.0820 0x2144 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:22:24.0820 0x2144 ============================================================
09:22:24.0820 0x2144 \Device\Harddisk0\DR0:
09:22:24.0820 0x2144 MBR partitions:
09:22:24.0820 0x2144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
09:22:24.0820 0x2144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x542BE800
09:22:24.0820 0x2144 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54517000, BlocksNum 0x302F000
09:22:24.0820 0x2144 ============================================================
09:22:24.0867 0x2144 C: <-> \Device\Harddisk0\DR0\Partition2
09:22:24.0898 0x2144 Q: <-> \Device\Harddisk0\DR0\Partition3
09:22:24.0898 0x2144 ============================================================
09:22:24.0898 0x2144 Initialize success
09:22:24.0898 0x2144 ============================================================
09:22:37.0159 0x19d8 ============================================================
09:22:37.0159 0x19d8 Scan started
09:22:37.0159 0x19d8 Mode: Manual; SigCheck; TDLFS;
09:22:37.0159 0x19d8 ============================================================
09:22:37.0159 0x19d8 KSN ping started
09:22:40.0342 0x19d8 KSN ping finished: true
09:22:41.0340 0x19d8 ================ Scan system memory ========================
09:22:41.0340 0x19d8 System memory - ok
09:22:41.0340 0x19d8 ================ Scan services =============================
09:22:41.0574 0x19d8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:22:41.0637 0x19d8 1394ohci - detected UnsignedFile.Multi.Generic ( 1 )
09:22:44.0335 0x19d8 Detect skipped due to KSN trusted
09:22:44.0335 0x19d8 1394ohci - ok
09:22:44.0398 0x19d8 [ A3AC25D2C9EEB18384A88DEB392C355D, F7348A1F15A7134ABB06C672C533498998100538E740B67C86B2696E0C77F913 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
09:22:44.0429 0x19d8 5U877 - detected UnsignedFile.Multi.Generic ( 1 )
09:22:47.0409 0x19d8 Detect skipped due to KSN trusted
09:22:47.0409 0x19d8 5U877 - ok
09:22:47.0455 0x19d8 [ BEB5E6A8C17C3C7485563281E0F9E77E, D04ACF4833370AC1BFA5365B7D23DB0F6BD5067102B4AD523D74DBE89EDDABBA ] 61883 C:\Windows\system32\DRIVERS\61883.sys
09:22:47.0502 0x19d8 61883 - detected UnsignedFile.Multi.Generic ( 1 )
09:22:50.0279 0x19d8 Detect skipped due to KSN trusted
09:22:50.0279 0x19d8 61883 - ok
09:22:50.0326 0x19d8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:22:50.0373 0x19d8 ACPI - ok
09:22:50.0388 0x19d8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:22:50.0419 0x19d8 AcpiPmi - detected UnsignedFile.Multi.Generic ( 1 )
09:22:53.0227 0x19d8 Detect skipped due to KSN trusted
09:22:53.0227 0x19d8 AcpiPmi - ok
09:22:53.0368 0x19d8 [ C0F22E875F5B6417BDD70D7A0C015415, BDDD010C331CEFDB9BFC8C15ECC443171EA7F06376E7D54661A74EA108B73FA2 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
09:22:53.0383 0x19d8 AcPrfMgrSvc - ok
09:22:53.0415 0x19d8 [ E714E5A88CD4AC11C9914A9D8879EFEA, 42C76FD40AD837AF4142E180D3AC78DE39D96AB31F8713C7020462FFA81E5A8E ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
09:22:53.0430 0x19d8 AcSvc - ok
09:22:53.0555 0x19d8 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A, F419E159D3E428A3929A1A983142E7B0783D3F104EE9587585418E51011E4B8F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:22:53.0586 0x19d8 AdobeARMservice - ok
09:22:53.0664 0x19d8 [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:22:53.0695 0x19d8 AdobeFlashPlayerUpdateSvc - ok
09:22:53.0758 0x19d8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:22:53.0789 0x19d8 adp94xx - ok
09:22:53.0805 0x19d8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:22:53.0836 0x19d8 adpahci - ok
09:22:53.0851 0x19d8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:22:53.0867 0x19d8 adpu320 - ok
09:22:53.0898 0x19d8 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:22:53.0945 0x19d8 AeLookupSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:22:56.0722 0x19d8 Detect skipped due to KSN trusted
09:22:56.0722 0x19d8 AeLookupSvc - ok
09:22:56.0815 0x19d8 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
09:22:56.0847 0x19d8 AFD - detected UnsignedFile.Multi.Generic ( 1 )
09:22:59.0795 0x19d8 Detect skipped due to KSN trusted
09:22:59.0795 0x19d8 AFD - ok
09:22:59.0842 0x19d8 [ 8D0CF8A08034CD3D273C9FFC759B62A6, 538D35A0D31BF3D68118CCBDC14CBFDA7A0C0241D929D3AD718A5D60B32B8517 ] AFS C:\Windows\system32\drivers\AFS.sys
09:22:59.0873 0x19d8 AFS - detected UnsignedFile.Multi.Generic ( 1 )
09:23:02.0775 0x19d8 Detect skipped due to KSN trusted
09:23:02.0775 0x19d8 AFS - ok
09:23:02.0790 0x19d8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:23:02.0806 0x19d8 agp440 - ok
09:23:02.0837 0x19d8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:23:02.0853 0x19d8 aic78xx - ok
09:23:02.0868 0x19d8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
09:23:02.0900 0x19d8 ALG - detected UnsignedFile.Multi.Generic ( 1 )
09:23:05.0552 0x19d8 Detect skipped due to KSN trusted
09:23:05.0552 0x19d8 ALG - ok
09:23:05.0583 0x19d8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
09:23:05.0614 0x19d8 aliide - ok
09:23:05.0645 0x19d8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:23:05.0661 0x19d8 amdagp - ok
09:23:05.0708 0x19d8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
09:23:05.0723 0x19d8 amdide - ok
09:23:05.0754 0x19d8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:23:05.0786 0x19d8 AmdK8 - detected UnsignedFile.Multi.Generic ( 1 )
09:23:08.0703 0x19d8 Detect skipped due to KSN trusted
09:23:08.0703 0x19d8 AmdK8 - ok
09:23:08.0734 0x19d8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:23:08.0765 0x19d8 AmdPPM - detected UnsignedFile.Multi.Generic ( 1 )
09:23:11.0573 0x19d8 Detect skipped due to KSN trusted
09:23:11.0573 0x19d8 AmdPPM - ok
09:23:11.0604 0x19d8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:23:11.0620 0x19d8 amdsata - ok
09:23:11.0651 0x19d8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:23:11.0667 0x19d8 amdsbs - ok
09:23:11.0698 0x19d8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:23:11.0714 0x19d8 amdxata - ok
09:23:11.0776 0x19d8 [ 99BBEF4A68BF398ED647F4EEB8FF66D4, DCBEDBAE10D188B1CB5E4684FEB70093C684927B6B711F164E676211B9B4F37C ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
09:23:11.0807 0x19d8 AMPPAL - detected UnsignedFile.Multi.Generic ( 1 )
09:23:14.0646 0x19d8 Detect skipped due to KSN trusted
09:23:14.0646 0x19d8 AMPPAL - ok
09:23:14.0709 0x19d8 [ 99BBEF4A68BF398ED647F4EEB8FF66D4, DCBEDBAE10D188B1CB5E4684FEB70093C684927B6B711F164E676211B9B4F37C ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
09:23:14.0740 0x19d8 AMPPALP - detected UnsignedFile.Multi.Generic ( 1 )
09:23:14.0740 0x19d8 Detect skipped due to KSN trusted
09:23:14.0740 0x19d8 AMPPALP - ok
09:23:14.0865 0x19d8 [ EF4022E9C59B20438C1304424D9441F4, 325F76944BD20B792096D00B726308EDA484514B7D21BEC56C046D936CB3683F ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
09:23:14.0927 0x19d8 AMPPALR3 - ok
09:23:14.0974 0x19d8 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
09:23:15.0005 0x19d8 AppID - detected UnsignedFile.Multi.Generic ( 1 )
09:23:17.0688 0x19d8 Detect skipped due to KSN trusted
09:23:17.0688 0x19d8 AppID - ok
09:23:17.0751 0x19d8 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:23:17.0782 0x19d8 AppIDSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:23:20.0668 0x19d8 Detect skipped due to KSN trusted
09:23:20.0668 0x19d8 AppIDSvc - ok
09:23:20.0715 0x19d8 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
09:23:20.0730 0x19d8 Appinfo - detected UnsignedFile.Multi.Generic ( 1 )
09:23:23.0507 0x19d8 Detect skipped due to KSN trusted
09:23:23.0507 0x19d8 Appinfo - ok
09:23:23.0585 0x19d8 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:23:23.0616 0x19d8 AppMgmt - detected UnsignedFile.Multi.Generic ( 1 )
09:23:26.0315 0x19d8 Detect skipped due to KSN trusted
09:23:26.0315 0x19d8 AppMgmt - ok
09:23:26.0378 0x19d8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:23:26.0393 0x19d8 arc - ok
09:23:26.0424 0x19d8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:23:26.0440 0x19d8 arcsas - ok
09:23:26.0580 0x19d8 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:23:26.0612 0x19d8 aspnet_state - ok
09:23:26.0674 0x19d8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:23:26.0690 0x19d8 AsyncMac - detected UnsignedFile.Multi.Generic ( 1 )
09:23:29.0591 0x19d8 Detect skipped due to KSN trusted
09:23:29.0591 0x19d8 AsyncMac - ok
09:23:29.0669 0x19d8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
09:23:29.0685 0x19d8 atapi - ok
09:23:29.0747 0x19d8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:23:29.0778 0x19d8 AudioEndpointBuilder - detected UnsignedFile.Multi.Generic ( 1 )
09:23:32.0462 0x19d8 Detect skipped due to KSN trusted
09:23:32.0462 0x19d8 AudioEndpointBuilder - ok
09:23:32.0508 0x19d8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:23:32.0540 0x19d8 Audiosrv - detected UnsignedFile.Multi.Generic ( 1 )
09:23:32.0540 0x19d8 Detect skipped due to KSN trusted
09:23:32.0540 0x19d8 Audiosrv - ok
09:23:32.0602 0x19d8 [ C44BDD77E06053CF5AFE046F3A47C16B, FB0EF5AEDD5F8760765A3AB890B32867C0A38397B6423D5291BCFF6FC38346D9 ] Avc C:\Windows\system32\DRIVERS\avc.sys
09:23:32.0633 0x19d8 Avc - detected UnsignedFile.Multi.Generic ( 1 )
09:23:35.0332 0x19d8 Detect skipped due to KSN trusted
09:23:35.0332 0x19d8 Avc - ok
09:23:35.0722 0x19d8 [ D4CC608FCAB4EC5D9ED19E004FF783CD, A026B4B0331A100433ADFD60BAD9937B2DF7EE36AC2ACAD9F83A643A437D912F ] AvgApiWrapper C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
09:23:35.0738 0x19d8 AvgApiWrapper - ok
09:23:35.0800 0x19d8 [ 7F9B01CE297EF4D54C5C4D736D22CF96, 7B13DE8346FE8218CA1D3ECFBD610B0292606318BA863D2C0941B6D3F55FB788 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
09:23:35.0816 0x19d8 Avgfwfd - ok
09:23:35.0940 0x19d8 [ C45E6D7B79E504EB6A98B5F75ED746BA, 8E747DFEEB7EB9351462A0A8DEA9D9ED6799EEB600A80BFB202B6965C750423B ] avgfws C:\Program Files\AVG\AVG2014\avgfws.exe
09:23:36.0018 0x19d8 avgfws - ok
09:23:36.0143 0x19d8 [ 5AFCA73A6807B6ABA67E01C3AD1F4E2B, 39F68A2C09F1F1032AFB1817D297F3D7C0FABC119F42CBE319A42970F967276D ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
09:23:36.0268 0x19d8 AVGIDSAgent - ok
09:23:36.0330 0x19d8 [ 8F07F27A2954775823A89C5976BF4F36, 232B10ECFD420B1BCB390FC495670FE092AAE9726185D2B50CBF6A5DD5D5C7A6 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:23:36.0362 0x19d8 AVGIDSDriver - ok
09:23:36.0393 0x19d8 [ C0701A3C53F0A0F5E4900F26365A10A1, 2755AF8C98F4855FD467F0174D6AE7AC3E7050D95008FE521918194593684D51 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:23:36.0408 0x19d8 AVGIDSHX - ok
09:23:36.0455 0x19d8 [ E7FEE532CEF01C97D7682E35D156244F, CF54B4B83E1A060FF52BDEAC4E20492ACFAABC87BC6BE784D6AB4CD64C965B92 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:23:36.0471 0x19d8 AVGIDSShim - ok
09:23:36.0533 0x19d8 [ 83645E273A9EEFB3B554AD0D8A01F33D, 23491C196156BC7BF47FCD4825CCE4DEC6BE0764D7113F2D612473551305860B ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:23:36.0549 0x19d8 Avgldx86 - ok
09:23:36.0596 0x19d8 [ 8D37558421330218C98722DF4AD85E83, 24C33B317BA605DFC9B9CE2868391A815870A61F58A172806533A16F29F92B0A ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
09:23:36.0627 0x19d8 Avglogx - ok
09:23:36.0658 0x19d8 [ BE4C960D8B2B5DE08B87970D89146ABE, 18523356835D296C25FD73DA9F5CC3A5F4542D713ABEB9F8253CC871BBFCC958 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:23:36.0674 0x19d8 Avgmfx86 - ok
09:23:36.0767 0x19d8 [ 93B89FC2A371ECFAAB242050F07D451B, E966826DBF836D98F016724BFA246EB65A2618C75D308FE96C5C44338E5924E5 ] AvgRemote C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
09:23:36.0783 0x19d8 AvgRemote - ok
09:23:36.0830 0x19d8 [ 86FCB8CE3E68C4777B98F7AF06FE8519, 6B7507DA927ECDBA8B2DAA87530DDAEAC5B0983D3CF11D1F6D00D36601FBC60C ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:23:36.0830 0x19d8 Avgrkx86 - ok
09:23:36.0892 0x19d8 [ 674B31FADA5C6A8678B1CCFE1D1F8796, 1EB85DC5A426C19ED2EED5993F2B6A1C81904832FAA746169A42FEA1A969B423 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:23:36.0923 0x19d8 Avgtdix - ok
09:23:36.0986 0x19d8 [ F8459F4970C2CDE22DBA890636DD85AF, 355FE960B57E3121B1BBFFC9CB35A6D35085368F70C2EE7E1633B72C7438D6F4 ] AvgUpgrade C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
09:23:37.0001 0x19d8 AvgUpgrade - ok
09:23:37.0048 0x19d8 [ 4A3D6702F4A101C4DDC7000B59530DD5, D89AB84C2834DD72883A989C7915DCE294A455986301A7529AEB8F7B68762E99 ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
09:23:37.0064 0x19d8 avgwd - ok
09:23:37.0079 0x19d8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:23:37.0126 0x19d8 AxInstSV - detected UnsignedFile.Multi.Generic ( 1 )
09:23:39.0996 0x19d8 Detect skipped due to KSN trusted
09:23:39.0996 0x19d8 AxInstSV - ok
09:23:40.0090 0x19d8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:23:40.0137 0x19d8 b06bdrv - detected UnsignedFile.Multi.Generic ( 1 )
09:23:43.0023 0x19d8 Detect skipped due to KSN trusted
09:23:43.0023 0x19d8 b06bdrv - ok
09:23:43.0101 0x19d8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:23:43.0132 0x19d8 b57nd60x - detected UnsignedFile.Multi.Generic ( 1 )
09:23:46.0080 0x19d8 Detect skipped due to KSN trusted
09:23:46.0080 0x19d8 b57nd60x - ok
09:23:46.0158 0x19d8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
09:23:46.0190 0x19d8 BDESVC - detected UnsignedFile.Multi.Generic ( 1 )
09:23:49.0060 0x19d8 Detect skipped due to KSN trusted
09:23:49.0060 0x19d8 BDESVC - ok
09:23:49.0107 0x19d8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
09:23:49.0138 0x19d8 Beep - detected UnsignedFile.Multi.Generic ( 1 )
09:23:51.0915 0x19d8 Detect skipped due to KSN trusted
09:23:51.0915 0x19d8 Beep - ok
09:23:51.0962 0x19d8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
09:23:52.0008 0x19d8 BFE - detected UnsignedFile.Multi.Generic ( 1 )
09:23:54.0988 0x19d8 Detect skipped due to KSN trusted
09:23:54.0988 0x19d8 BFE - ok
09:23:55.0050 0x19d8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
09:23:55.0097 0x19d8 BITS - detected UnsignedFile.Multi.Generic ( 1 )
09:23:57.0858 0x19d8 Detect skipped due to KSN trusted
09:23:57.0858 0x19d8 BITS - ok
09:23:57.0921 0x19d8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:23:57.0952 0x19d8 blbdrive - detected UnsignedFile.Multi.Generic ( 1 )
09:24:00.0932 0x19d8 Detect skipped due to KSN trusted
09:24:00.0932 0x19d8 blbdrive - ok
09:24:01.0010 0x19d8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:24:01.0041 0x19d8 bowser - detected UnsignedFile.Multi.Generic ( 1 )
09:24:03.0724 0x19d8 Detect skipped due to KSN trusted
09:24:03.0724 0x19d8 bowser - ok
09:24:03.0740 0x19d8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:24:03.0771 0x19d8 BrFiltLo - detected UnsignedFile.Multi.Generic ( 1 )
09:24:06.0594 0x19d8 Detect skipped due to KSN trusted
09:24:06.0594 0x19d8 BrFiltLo - ok
09:24:06.0641 0x19d8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:24:06.0688 0x19d8 BrFiltUp - detected UnsignedFile.Multi.Generic ( 1 )
09:24:09.0434 0x19d8 Detect skipped due to KSN trusted
09:24:09.0434 0x19d8 BrFiltUp - ok
09:24:09.0496 0x19d8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
09:24:09.0527 0x19d8 Browser - detected UnsignedFile.Multi.Generic ( 1 )
09:24:12.0288 0x19d8 Detect skipped due to KSN trusted
09:24:12.0288 0x19d8 Browser - ok
09:24:12.0335 0x19d8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:24:12.0366 0x19d8 Brserid - detected UnsignedFile.Multi.Generic ( 1 )
09:24:15.0362 0x19d8 Detect skipped due to KSN trusted
09:24:15.0362 0x19d8 Brserid - ok
09:24:15.0424 0x19d8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:24:15.0455 0x19d8 BrSerWdm - detected UnsignedFile.Multi.Generic ( 1 )
09:24:18.0138 0x19d8 Detect skipped due to KSN trusted
09:24:18.0138 0x19d8 BrSerWdm - ok
09:24:18.0185 0x19d8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:24:18.0216 0x19d8 BrUsbMdm - detected UnsignedFile.Multi.Generic ( 1 )
09:24:21.0212 0x19d8 Detect skipped due to KSN trusted
09:24:21.0212 0x19d8 BrUsbMdm - ok
09:24:21.0274 0x19d8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:24:21.0305 0x19d8 BrUsbSer - detected UnsignedFile.Multi.Generic ( 1 )
09:24:24.0784 0x19d8 Detect skipped due to KSN trusted
09:24:24.0784 0x19d8 BrUsbSer - ok
09:24:24.0846 0x19d8 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:24:24.0862 0x19d8 BthEnum - detected UnsignedFile.Multi.Generic ( 1 )
09:24:27.0764 0x19d8 Detect skipped due to KSN trusted
09:24:27.0764 0x19d8 BthEnum - ok
09:24:27.0764 0x19d8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:24:27.0795 0x19d8 BTHMODEM - detected UnsignedFile.Multi.Generic ( 1 )
09:24:30.0806 0x19d8 Detect skipped due to KSN trusted
09:24:30.0806 0x19d8 BTHMODEM - ok
09:24:30.0852 0x19d8 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:24:30.0884 0x19d8 BthPan - detected UnsignedFile.Multi.Generic ( 1 )
09:24:33.0458 0x19d8 Detect skipped due to KSN trusted
09:24:33.0458 0x19d8 BthPan - ok
09:24:33.0536 0x19d8 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:24:33.0567 0x19d8 BTHPORT - detected UnsignedFile.Multi.Generic ( 1 )
09:24:36.0141 0x19d8 Detect skipped due to KSN trusted
09:24:36.0141 0x19d8 BTHPORT - ok
09:24:36.0219 0x19d8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
09:24:36.0250 0x19d8 bthserv - detected UnsignedFile.Multi.Generic ( 1 )
09:24:39.0432 0x19d8 Detect skipped due to KSN trusted
09:24:39.0432 0x19d8 bthserv - ok
09:24:39.0448 0x19d8 [ 8893814133AFDD17431E2682EDE2DCE9, 33DBBF8C297B710F2F6215E48DA5291B41F60EF5C8F5E66C6BF234629D361284 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
09:24:39.0464 0x19d8 BTHSSecurityMgr - ok
09:24:39.0495 0x19d8 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:24:39.0526 0x19d8 BTHUSB - detected UnsignedFile.Multi.Generic ( 1 )
09:24:42.0428 0x19d8 Detect skipped due to KSN trusted
09:24:42.0428 0x19d8 BTHUSB - ok
09:24:42.0521 0x19d8 [ F549C3FB145A4928E40BB1518B2034DC, FAD5B228B43FEC582DBDD91903216C1B170AC3C426E1F3420985988559F2AC49 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
09:24:42.0537 0x19d8 btusbflt - ok
09:24:42.0584 0x19d8 [ F8B4F60768328FAA2FFE2727F66809F8, 7281200791AC91AB88D5D338AA6B5401AA2039E2963F94C13B4887E73C3F8EE7 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:24:42.0584 0x19d8 btwaudio - ok
09:24:42.0630 0x19d8 [ FA7446DD38DE84D4988D1F2EBB854589, 5F9C674C6811CC7DA60111B758433800246C967D8C1551391823390D8F4F30A1 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
09:24:42.0646 0x19d8 btwavdt - ok
09:24:42.0724 0x19d8 [ 56CB951571E2C6E69990F40220467359, 7E01690D01626D3FE2C03681434F87CDCA6F756CA8997CBE198AC590435D1F33 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
09:24:42.0755 0x19d8 btwdins - ok
09:24:42.0802 0x19d8 [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:24:42.0802 0x19d8 btwl2cap - ok
09:24:42.0849 0x19d8 [ D5862FBC1CBC0404614FD9D85C8D880E, C05BC43415BD646CA950E177F3D3829C6600024061D19CDFB6507DC46A824144 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:24:42.0849 0x19d8 btwrchid - ok
09:24:42.0880 0x19d8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:24:42.0911 0x19d8 cdfs - detected UnsignedFile.Multi.Generic ( 1 )
09:24:45.0672 0x19d8 Detect skipped due to KSN trusted
09:24:45.0672 0x19d8 cdfs - ok
09:24:45.0750 0x19d8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:24:45.0782 0x19d8 cdrom - detected UnsignedFile.Multi.Generic ( 1 )
09:24:48.0652 0x19d8 Detect skipped due to KSN trusted
09:24:48.0652 0x19d8 cdrom - ok
09:24:48.0683 0x19d8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
09:24:48.0714 0x19d8 CertPropSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:24:52.0848 0x19d8 Detect skipped due to KSN trusted
09:24:52.0848 0x19d8 CertPropSvc - ok
09:24:52.0880 0x19d8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:24:52.0895 0x19d8 circlass - detected UnsignedFile.Multi.Generic ( 1 )
09:24:55.0610 0x19d8 Detect skipped due to KSN trusted
09:24:55.0610 0x19d8 circlass - ok
09:24:55.0688 0x19d8 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
09:24:55.0703 0x19d8 CLFS - ok
09:24:55.0797 0x19d8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:24:55.0813 0x19d8 clr_optimization_v2.0.50727_32 - ok
09:24:55.0844 0x19d8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:24:56.0015 0x19d8 clr_optimization_v4.0.30319_32 - ok
09:24:56.0062 0x19d8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:24:56.0093 0x19d8 CmBatt - detected UnsignedFile.Multi.Generic ( 1 )
09:24:58.0792 0x19d8 Detect skipped due to KSN trusted
09:24:58.0792 0x19d8 CmBatt - ok
09:24:58.0823 0x19d8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:24:58.0839 0x19d8 cmdide - ok
09:24:58.0901 0x19d8 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
09:24:58.0933 0x19d8 CNG - ok
09:24:59.0011 0x19d8 [ 2FE437862D0CAA879B3C01EF353EDDA7, 5A831A79AABC9721DBB1CDEC02629A373B5DD13EE386A42AF9BBEF33C14373E8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
09:24:59.0057 0x19d8 CnxtHdAudService - ok
09:24:59.0073 0x19d8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:24:59.0089 0x19d8 Compbatt - ok
09:24:59.0135 0x19d8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:24:59.0151 0x19d8 CompositeBus - detected UnsignedFile.Multi.Generic ( 1 )
09:25:01.0850 0x19d8 Detect skipped due to KSN trusted
09:25:01.0850 0x19d8 CompositeBus - ok
09:25:01.0865 0x19d8 COMSysApp - ok
09:25:01.0912 0x19d8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:25:01.0928 0x19d8 crcdisk - ok
09:25:01.0975 0x19d8 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:25:02.0006 0x19d8 CryptSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:25:04.0939 0x19d8 Detect skipped due to KSN trusted
09:25:04.0939 0x19d8 CryptSvc - ok
09:25:05.0017 0x19d8 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
09:25:05.0063 0x19d8 CSC - detected UnsignedFile.Multi.Generic ( 1 )
09:25:07.0793 0x19d8 Detect skipped due to KSN trusted
09:25:07.0793 0x19d8 CSC - ok
09:25:07.0840 0x19d8 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
09:25:07.0887 0x19d8 CscService - detected UnsignedFile.Multi.Generic ( 1 )
09:25:10.0555 0x19d8 Detect skipped due to KSN trusted
09:25:10.0555 0x19d8 CscService - ok
09:25:10.0633 0x19d8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
09:25:10.0664 0x19d8 DcomLaunch - detected UnsignedFile.Multi.Generic ( 1 )
09:25:13.0628 0x19d8 Detect skipped due to KSN trusted
09:25:13.0628 0x19d8 DcomLaunch - ok
09:25:13.0690 0x19d8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
09:25:13.0721 0x19d8 defragsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:25:16.0498 0x19d8 Detect skipped due to KSN trusted
09:25:16.0498 0x19d8 defragsvc - ok
09:25:16.0592 0x19d8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:25:16.0623 0x19d8 DfsC - detected UnsignedFile.Multi.Generic ( 1 )
09:25:19.0493 0x19d8 Detect skipped due to KSN trusted
09:25:19.0493 0x19d8 DfsC - ok
09:25:19.0571 0x19d8 [ 560B0DCE52DFED6623B27C9BAFA6F236, BB4156BB1CCA64CCDE065870DAE56CD58BF05CEBF7C3B17C7A821FDF02A8B157 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:25:19.0587 0x19d8 dg_ssudbus - ok
09:25:19.0634 0x19d8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:25:19.0665 0x19d8 Dhcp - detected UnsignedFile.Multi.Generic ( 1 )
09:25:22.0645 0x19d8 Detect skipped due to KSN trusted
09:25:22.0645 0x19d8 Dhcp - ok
09:25:22.0723 0x19d8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
09:25:22.0754 0x19d8 discache - detected UnsignedFile.Multi.Generic ( 1 )
09:25:25.0515 0x19d8 Detect skipped due to KSN trusted
09:25:25.0515 0x19d8 discache - ok
09:25:25.0577 0x19d8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:25:25.0593 0x19d8 Disk - ok
09:25:25.0640 0x19d8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:25:25.0671 0x19d8 Dnscache - detected UnsignedFile.Multi.Generic ( 1 )
09:25:28.0385 0x19d8 Detect skipped due to KSN trusted
09:25:28.0385 0x19d8 Dnscache - ok
09:25:28.0448 0x19d8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
09:25:28.0479 0x19d8 dot3svc - detected UnsignedFile.Multi.Generic ( 1 )
09:25:31.0349 0x19d8 Detect skipped due to KSN trusted
09:25:31.0349 0x19d8 dot3svc - ok
09:25:31.0412 0x19d8 [ E00B3CE273B17AEE1259C105DF5524CA, F4896FC70CF5FDEF86CD3763F7E7220AEEBD16CC5CAE327AEBFC7812D42C67CB ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
09:25:31.0427 0x19d8 DozeHDD - ok
09:25:31.0490 0x19d8 [ 003ACEE8650BFD49E4121289BBF59480, FD0A5A2C2766A792D85311AB8DAC696F5DBECB5A214B8E2B3ED9F90E24133070 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
09:25:31.0505 0x19d8 DozeSvc - ok
09:25:31.0537 0x19d8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
09:25:31.0568 0x19d8 DPS - detected UnsignedFile.Multi.Generic ( 1 )
09:25:34.0516 0x19d8 Detect skipped due to KSN trusted
09:25:34.0516 0x19d8 DPS - ok
09:25:34.0594 0x19d8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:25:34.0610 0x19d8 drmkaud - detected UnsignedFile.Multi.Generic ( 1 )
09:25:37.0543 0x19d8 Detect skipped due to KSN trusted
09:25:37.0543 0x19d8 drmkaud - ok
09:25:37.0636 0x19d8 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:25:37.0667 0x19d8 DXGKrnl - ok
09:25:37.0714 0x19d8 [ E7DD83584042EE5F9B0CF0C8C6B064D5, 42071768937F00FAEEF338EB6BC4C1BC0E762076EA1109FB0CFA54BF4C2D12F6 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
09:25:37.0730 0x19d8 e1kexpress - ok
09:25:37.0777 0x19d8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
09:25:37.0792 0x19d8 EapHost - detected UnsignedFile.Multi.Generic ( 1 )
09:25:40.0569 0x19d8 Detect skipped due to KSN trusted
09:25:40.0569 0x19d8 EapHost - ok
09:25:40.0725 0x19d8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:25:40.0881 0x19d8 ebdrv - detected UnsignedFile.Multi.Generic ( 1 )
09:25:44.0032 0x19d8 Detect skipped due to KSN trusted
09:25:44.0032 0x19d8 ebdrv - ok
09:25:44.0095 0x19d8 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
09:25:44.0126 0x19d8 EFS - detected UnsignedFile.Multi.Generic ( 1 )
09:25:46.0731 0x19d8 Detect skipped due to KSN trusted
09:25:46.0731 0x19d8 EFS - ok
09:25:46.0840 0x19d8 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:25:46.0903 0x19d8 ehRecvr - detected UnsignedFile.Multi.Generic ( 1 )
09:25:49.0477 0x19d8 Detect skipped due to KSN trusted
09:25:49.0477 0x19d8 ehRecvr - ok
09:25:49.0539 0x19d8 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
09:25:49.0570 0x19d8 ehSched - detected UnsignedFile.Multi.Generic ( 1 )
09:25:52.0347 0x19d8 Detect skipped due to KSN trusted
09:25:52.0347 0x19d8 ehSched - ok
09:25:52.0409 0x19d8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:25:52.0441 0x19d8 elxstor - ok
09:25:52.0472 0x19d8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:25:52.0487 0x19d8 ErrDev - detected UnsignedFile.Multi.Generic ( 1 )
09:25:55.0405 0x19d8 Detect skipped due to KSN trusted
09:25:55.0405 0x19d8 ErrDev - ok
09:25:55.0483 0x19d8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
09:25:55.0529 0x19d8 EventSystem - detected UnsignedFile.Multi.Generic ( 1 )
09:25:58.0275 0x19d8 Detect skipped due to KSN trusted
09:25:58.0275 0x19d8 EventSystem - ok
09:25:58.0415 0x19d8 [ B6C691D8CAE275ED9B2782E62626F36A, 81D2BF9715506FFD4A40D524827899A1B9CC7ED1176E4AE7C4D33FFD69E807EF ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:25:58.0462 0x19d8 EvtEng - ok
09:25:58.0478 0x19d8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
09:25:58.0509 0x19d8 exfat - detected UnsignedFile.Multi.Generic ( 1 )
09:26:02.0674 0x19d8 Detect skipped due to KSN trusted
09:26:02.0674 0x19d8 exfat - ok
09:26:02.0783 0x19d8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:26:02.0815 0x19d8 fastfat - detected UnsignedFile.Multi.Generic ( 1 )
09:26:05.0560 0x19d8 Detect skipped due to KSN trusted
09:26:05.0560 0x19d8 fastfat - ok
09:26:05.0638 0x19d8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
09:26:05.0685 0x19d8 Fax - detected UnsignedFile.Multi.Generic ( 1 )
09:26:08.0306 0x19d8 Detect skipped due to KSN trusted
09:26:08.0321 0x19d8 Fax - ok
09:26:08.0384 0x19d8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:26:08.0399 0x19d8 fdc - detected UnsignedFile.Multi.Generic ( 1 )
09:26:11.0176 0x19d8 Detect skipped due to KSN trusted
09:26:11.0176 0x19d8 fdc - ok
09:26:11.0254 0x19d8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
09:26:11.0285 0x19d8 fdPHost - detected UnsignedFile.Multi.Generic ( 1 )
09:26:14.0249 0x19d8 Detect skipped due to KSN trusted
09:26:14.0249 0x19d8 fdPHost - ok
09:26:14.0327 0x19d8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
09:26:14.0374 0x19d8 FDResPub - detected UnsignedFile.Multi.Generic ( 1 )
09:26:17.0120 0x19d8 Detect skipped due to KSN trusted
09:26:17.0120 0x19d8 FDResPub - ok
09:26:17.0151 0x19d8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:26:17.0167 0x19d8 FileInfo - ok
09:26:17.0198 0x19d8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:26:17.0229 0x19d8 Filetrace - detected UnsignedFile.Multi.Generic ( 1 )
09:26:20.0302 0x19d8 Detect skipped due to KSN trusted
09:26:20.0302 0x19d8 Filetrace - ok
09:26:20.0365 0x19d8 [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:26:20.0411 0x19d8 FLEXnet Licensing Service - ok
09:26:20.0427 0x19d8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:26:20.0458 0x19d8 flpydisk - detected UnsignedFile.Multi.Generic ( 1 )
09:26:23.0360 0x19d8 Detect skipped due to KSN trusted
09:26:23.0360 0x19d8 flpydisk - ok
09:26:23.0438 0x19d8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:26:23.0453 0x19d8 FltMgr - ok
09:26:23.0516 0x19d8 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
09:26:23.0563 0x19d8 FontCache - detected UnsignedFile.Multi.Generic ( 1 )
09:26:26.0433 0x19d8 Detect skipped due to KSN trusted
09:26:26.0433 0x19d8 FontCache - ok
09:26:26.0527 0x19d8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:26:26.0527 0x19d8 FontCache3.0.0.0 - ok
09:26:26.0542 0x19d8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:26:26.0558 0x19d8 FsDepends - ok
09:26:26.0589 0x19d8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:26:26.0589 0x19d8 Fs_Rec - ok
09:26:26.0620 0x19d8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:26:26.0636 0x19d8 fvevol - ok
09:26:26.0667 0x19d8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:26:26.0683 0x19d8 gagp30kx - ok
09:26:26.0745 0x19d8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
09:26:26.0792 0x19d8 gpsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:26:29.0491 0x19d8 Detect skipped due to KSN trusted
09:26:29.0491 0x19d8 gpsvc - ok
09:26:29.0569 0x19d8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:26:29.0584 0x19d8 gupdate - ok
09:26:29.0615 0x19d8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:26:29.0631 0x19d8 gupdatem - ok
09:26:29.0647 0x19d8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:26:29.0678 0x19d8 hcw85cir - detected UnsignedFile.Multi.Generic ( 1 )
09:26:32.0486 0x19d8 Detect skipped due to KSN trusted
09:26:32.0486 0x19d8 hcw85cir - ok
09:26:32.0548 0x19d8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:26:32.0579 0x19d8 HdAudAddService - detected UnsignedFile.Multi.Generic ( 1 )
09:26:35.0341 0x19d8 Detect skipped due to KSN trusted
09:26:35.0341 0x19d8 HdAudAddService - ok
09:26:35.0419 0x19d8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:26:35.0450 0x19d8 HDAudBus - detected UnsignedFile.Multi.Generic ( 1 )
09:26:38.0211 0x19d8 Detect skipped due to KSN trusted
09:26:38.0211 0x19d8 HDAudBus - ok
09:26:38.0273 0x19d8 [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
09:26:38.0320 0x19d8 HECI - detected UnsignedFile.Multi.Generic ( 1 )
09:26:41.0191 0x19d8 Detect skipped due to KSN trusted
09:26:41.0191 0x19d8 HECI - ok
09:26:41.0206 0x19d8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:26:41.0222 0x19d8 HidBatt - detected UnsignedFile.Multi.Generic ( 1 )
09:26:43.0952 0x19d8 Detect skipped due to KSN trusted
09:26:43.0952 0x19d8 HidBatt - ok
09:26:44.0045 0x19d8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:26:44.0077 0x19d8 HidBth - detected UnsignedFile.Multi.Generic ( 1 )
09:26:47.0025 0x19d8 Detect skipped due to KSN trusted
09:26:47.0025 0x19d8 HidBth - ok
09:26:47.0041 0x19d8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:26:47.0056 0x19d8 HidIr - detected UnsignedFile.Multi.Generic ( 1 )
09:26:49.0677 0x19d8 Detect skipped due to KSN trusted
09:26:49.0677 0x19d8 HidIr - ok
09:26:49.0724 0x19d8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
09:26:49.0755 0x19d8 hidserv - detected UnsignedFile.Multi.Generic ( 1 )
09:26:52.0548 0x19d8 Detect skipped due to KSN trusted
09:26:52.0548 0x19d8 hidserv - ok
09:26:52.0610 0x19d8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:26:52.0641 0x19d8 HidUsb - detected UnsignedFile.Multi.Generic ( 1 )
09:26:55.0465 0x19d8 Detect skipped due to KSN trusted
09:26:55.0465 0x19d8 HidUsb - ok
09:26:55.0543 0x19d8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
09:26:55.0574 0x19d8 hkmsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:26:58.0132 0x19d8 Detect skipped due to KSN trusted
09:26:58.0132 0x19d8 hkmsvc - ok
09:26:58.0195 0x19d8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:26:58.0242 0x19d8 HomeGroupListener - detected UnsignedFile.Multi.Generic ( 1 )
09:27:00.0800 0x19d8 Detect skipped due to KSN trusted
09:27:00.0800 0x19d8 HomeGroupListener - ok
09:27:00.0831 0x19d8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:27:00.0862 0x19d8 HomeGroupProvider - detected UnsignedFile.Multi.Generic ( 1 )
09:27:03.0608 0x19d8 Detect skipped due to KSN trusted
09:27:03.0608 0x19d8 HomeGroupProvider - ok
09:27:03.0686 0x19d8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:27:03.0702 0x19d8 HpSAMD - ok
09:27:03.0764 0x19d8 [ 210388FD8225B02BD83D77628AAE64A9, EFB755244CDF8344E14528CF46A6D43C1E8266A307603A63023D8955925FE0C3 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
09:27:03.0811 0x19d8 HsfXAudioService - detected UnsignedFile.Multi.Generic ( 1 )
09:27:06.0676 0x19d8 Detect skipped due to KSN trusted
09:27:06.0676 0x19d8 HsfXAudioService - ok
09:27:06.0738 0x19d8 [ C761B4A8391F5E47F7C51A691CE773F4, FDECE4A213F6200B381149DA7C7236E0B26F6AD8BFA09BE678E391FF924BA0DE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:27:06.0785 0x19d8 HSF_DPV - detected UnsignedFile.Multi.Generic ( 1 )
09:27:09.0546 0x19d8 Detect skipped due to KSN trusted
09:27:09.0546 0x19d8 HSF_DPV - ok
09:27:09.0609 0x19d8 [ 50B42EF358A2E5363BE6B77138A22391, 8ACFA56E332338047CEBE8F87AE6614B9222DFDD49C48FA6F3C3C4AED3206B9F ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:27:09.0640 0x19d8 HSXHWAZL - detected UnsignedFile.Multi.Generic ( 1 )
09:27:12.0620 0x19d8 Detect skipped due to KSN trusted
09:27:12.0620 0x19d8 HSXHWAZL - ok
09:27:12.0698 0x19d8 [ 950CC1E6AE3A6CD23E0945CDE089B02C, C242AE9F21FE7FBC269BD11BDD3346936626DA15596561B527EF20CFAEF77055 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
09:27:12.0729 0x19d8 HTCAND32 - detected UnsignedFile.Multi.Generic ( 1 )
09:27:15.0584 0x19d8 Detect skipped due to KSN trusted
09:27:15.0584 0x19d8 HTCAND32 - ok
09:27:15.0677 0x19d8 [ 339ADEFAD60353F960E3CA67CE468C24, AF0953ACBE2CA6466595A31349DBF96452DEF2633FD279E8F2B59A3767B89AFC ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
09:27:15.0708 0x19d8 htcnprot - detected UnsignedFile.Multi.Generic ( 1 )
09:27:18.0462 0x19d8 Detect skipped due to KSN trusted
09:27:18.0462 0x19d8 htcnprot - ok
09:27:18.0618 0x19d8 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:27:18.0665 0x19d8 HTTP - detected UnsignedFile.Multi.Generic ( 1 )
09:27:21.0426 0x19d8 Detect skipped due to KSN trusted
09:27:21.0426 0x19d8 HTTP - ok
09:27:21.0457 0x19d8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:27:21.0473 0x19d8 hwpolicy - ok
09:27:21.0504 0x19d8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:27:21.0535 0x19d8 i8042prt - detected UnsignedFile.Multi.Generic ( 1 )
09:27:24.0265 0x19d8 Detect skipped due to KSN trusted
09:27:24.0265 0x19d8 i8042prt - ok
09:27:24.0312 0x19d8 [ EDF5ECC965FAAA533D35E02F47B9132E, 09CF93344C399A5F3C3984557EE09A70072727579D3EFEE5D442940D679CF35A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:27:24.0343 0x19d8 iaStor - ok
09:27:24.0452 0x19d8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:27:24.0468 0x19d8 iaStorV - ok
09:27:24.0562 0x19d8 [ 9A5506E974C8929E4FE578C9C11D298F, 98791D25306113D48DF9B7152D3AE5B5C9D968590A80A38BC8192AE61D96051B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:27:24.0577 0x19d8 IBMPMDRV - ok
09:27:24.0593 0x19d8 [ 0F851A9546AE0394E1D0FF975F414B21, 486550DBEA6C89A48A7AF751C6E33EE8250219B0F70795478C9F94286FD8A1CD ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
09:27:24.0593 0x19d8 IBMPMSVC - ok
09:27:24.0764 0x19d8 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:27:24.0842 0x19d8 idsvc - ok
09:27:24.0874 0x19d8 IEEtwCollectorService - ok
09:27:26.0231 0x19d8 [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:27:26.0418 0x19d8 igfx - detected UnsignedFile.Multi.Generic ( 1 )
09:27:29.0054 0x19d8 Detect skipped due to KSN trusted
09:27:29.0054 0x19d8 igfx - ok
09:27:29.0086 0x19d8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:27:29.0086 0x19d8 iirsp - ok
09:27:29.0288 0x19d8 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
09:27:29.0335 0x19d8 IKEEXT - detected UnsignedFile.Multi.Generic ( 1 )
09:27:32.0081 0x19d8 Detect skipped due to KSN trusted
09:27:32.0081 0x19d8 IKEEXT - ok
09:27:32.0221 0x19d8 [ 2DB41BA61D5E44D0667CF126D35DCF34, AFD9EE3167C8BA0B547DBA8D559401F49EC4ACEBFF2BFE7598A0BC61491C45F8 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:27:32.0252 0x19d8 Impcd - detected UnsignedFile.Multi.Generic ( 1 )
09:27:35.0154 0x19d8 Detect skipped due to KSN trusted
09:27:35.0154 0x19d8 Impcd - ok
09:27:35.0185 0x19d8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
09:27:35.0201 0x19d8 intelide - ok
09:27:35.0248 0x19d8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:27:35.0263 0x19d8 intelppm - detected UnsignedFile.Multi.Generic ( 1 )
09:27:38.0009 0x19d8 Detect skipped due to KSN trusted
09:27:38.0009 0x19d8 intelppm - ok
09:27:38.0102 0x19d8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:27:38.0149 0x19d8 IPBusEnum - detected UnsignedFile.Multi.Generic ( 1 )
09:27:40.0864 0x19d8 Detect skipped due to KSN trusted
09:27:40.0864 0x19d8 IPBusEnum - ok
09:27:40.0895 0x19d8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:27:40.0926 0x19d8 IpFilterDriver - detected UnsignedFile.Multi.Generic ( 1 )
09:27:45.0185 0x19d8 Detect skipped due to KSN trusted
09:27:45.0185 0x19d8 IpFilterDriver - ok
09:27:45.0294 0x19d8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:27:45.0341 0x19d8 iphlpsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:27:48.0258 0x19d8 Detect skipped due to KSN trusted
09:27:48.0258 0x19d8 iphlpsvc - ok
09:27:48.0289 0x19d8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:27:48.0320 0x19d8 IPMIDRV - detected UnsignedFile.Multi.Generic ( 1 )
09:27:51.0128 0x19d8 Detect skipped due to KSN trusted
09:27:51.0128 0x19d8 IPMIDRV - ok
09:27:51.0144 0x19d8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:27:51.0175 0x19d8 IPNAT - detected UnsignedFile.Multi.Generic ( 1 )
09:27:53.0890 0x19d8 Detect skipped due to KSN trusted
09:27:53.0890 0x19d8 IPNAT - ok
09:27:53.0905 0x19d8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:27:53.0936 0x19d8 IRENUM - detected UnsignedFile.Multi.Generic ( 1 )
09:27:56.0557 0x19d8 Detect skipped due to KSN trusted
09:27:56.0557 0x19d8 IRENUM - ok
09:27:56.0604 0x19d8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:27:56.0604 0x19d8 isapnp - ok
09:27:56.0682 0x19d8 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:27:56.0698 0x19d8 iScsiPrt - ok
09:27:56.0760 0x19d8 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:27:56.0776 0x19d8 IviRegMgr - ok
09:27:56.0807 0x19d8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:27:56.0822 0x19d8 kbdclass - ok
09:27:56.0916 0x19d8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:27:56.0947 0x19d8 kbdhid - detected UnsignedFile.Multi.Generic ( 1 )
09:27:59.0740 0x19d8 Detect skipped due to KSN trusted
09:27:59.0740 0x19d8 kbdhid - ok
09:27:59.0755 0x19d8 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
09:27:59.0786 0x19d8 KeyIso - detected UnsignedFile.Multi.Generic ( 1 )
09:27:59.0786 0x19d8 Detect skipped due to KSN trusted
09:27:59.0786 0x19d8 KeyIso - ok
09:27:59.0833 0x19d8 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:27:59.0849 0x19d8 KSecDD - ok
09:27:59.0880 0x19d8 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:27:59.0896 0x19d8 KSecPkg - ok
09:28:00.0020 0x19d8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:28:00.0067 0x19d8 KtmRm - detected UnsignedFile.Multi.Generic ( 1 )
09:28:02.0797 0x19d8 Detect skipped due to KSN trusted
09:28:02.0797 0x19d8 KtmRm - ok
09:28:02.0891 0x19d8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:28:02.0938 0x19d8 LanmanServer - detected UnsignedFile.Multi.Generic ( 1 )
09:28:05.0668 0x19d8 Detect skipped due to KSN trusted
09:28:05.0668 0x19d8 LanmanServer - ok
09:28:05.0683 0x19d8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:28:05.0714 0x19d8 LanmanWorkstation - detected UnsignedFile.Multi.Generic ( 1 )
09:28:08.0444 0x19d8 Detect skipped due to KSN trusted
09:28:08.0444 0x19d8 LanmanWorkstation - ok
09:28:08.0585 0x19d8 [ CAB9C6C37FD0F9612B269349116504B6, ACA134CC1531791F1EB424BF64F5F46C4FD91439DB5E7D23140A0104E4FD522C ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
09:28:08.0585 0x19d8 LENOVO.CAMMUTE - ok
09:28:08.0710 0x19d8 [ 340288B3B2EDC8AFD5FF127DF85142A7, 595103B5CCDC83D8E4617D2C3E8ED91C88A78ACF11BC9478E9244C510DD50A80 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
09:28:08.0725 0x19d8 LENOVO.MICMUTE - ok
09:28:08.0788 0x19d8 [ 9AAC267A225F3CAEBB9E633F7EB16E4B, BFBB9772646D62ACD9208041621E4CDE92982ED96F243C8F61334F7FC368B387 ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
09:28:08.0803 0x19d8 lenovo.smi - ok
09:28:08.0819 0x19d8 [ 04B5F7F44CCB2FAB615C67ED0E6C8323, CB0C7DD1F968FA7DC8F9AC99435FF9FB6E39CB058C978E977606F5C8CD275B90 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
09:28:08.0834 0x19d8 LENOVO.TPKNRSVC - ok
09:28:08.0866 0x19d8 [ 158B67696EC8602CE71F9AA4F14AA96F, D1453B52D6DFB7209F20FF052187C2FC24F1778A520015B8A4CD05E35593B26A ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
09:28:08.0881 0x19d8 Lenovo.VIRTSCRLSVC - ok
09:28:08.0944 0x19d8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:28:08.0990 0x19d8 lltdio - detected UnsignedFile.Multi.Generic ( 1 )
09:28:11.0549 0x19d8 Detect skipped due to KSN trusted
09:28:11.0549 0x19d8 lltdio - ok
09:28:11.0596 0x19d8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:28:11.0642 0x19d8 lltdsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:28:14.0263 0x19d8 Detect skipped due to KSN trusted
09:28:14.0263 0x19d8 lltdsvc - ok
09:28:14.0310 0x19d8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:28:14.0341 0x19d8 lmhosts - detected UnsignedFile.Multi.Generic ( 1 )
09:28:17.0134 0x19d8 Detect skipped due to KSN trusted
09:28:17.0134 0x19d8 lmhosts - ok
09:28:17.0227 0x19d8 [ 1C05C59D588A94867671FD07B7062CAF, 84DE146D86D84DBBC3150FD383F845DF1B1D9A087A25AC47E14563B31A1E2034 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:28:17.0258 0x19d8 LMS - ok
09:28:17.0336 0x19d8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:28:17.0352 0x19d8 LSI_FC - ok
09:28:17.0383 0x19d8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:28:17.0383 0x19d8 LSI_SAS - ok
09:28:17.0414 0x19d8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:28:17.0430 0x19d8 LSI_SAS2 - ok
09:28:17.0461 0x19d8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:28:17.0477 0x19d8 LSI_SCSI - ok
09:28:17.0633 0x19d8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
09:28:17.0664 0x19d8 luafv - detected UnsignedFile.Multi.Generic ( 1 )
09:28:20.0612 0x19d8 Detect skipped due to KSN trusted
09:28:20.0612 0x19d8 luafv - ok
09:28:20.0737 0x19d8 [ A3F4391DFDF2F9E9FE4EAD193265A5AD, A60A1A345622F4758181FB0B6EE784B0B718105FEE7B0F6FEDE5AD59FE448EE1 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:28:20.0753 0x19d8 MBAMProtector - ok
09:28:21.0283 0x19d8 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
09:28:21.0361 0x19d8 MBAMScheduler - ok
09:28:21.0658 0x19d8 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
09:28:21.0720 0x19d8 MBAMService - ok
09:28:21.0782 0x19d8 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:28:21.0814 0x19d8 MBAMSwissArmy - ok
09:28:21.0907 0x19d8 [ 312CD3307F600E7CD340B79B3DCB3A01, 861A6DFC53C69743129DAAFE73DECDE8D842475503E8D713E7CE5D22AC8D1370 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:28:21.0923 0x19d8 MBAMWebAccessControl - ok
09:28:21.0954 0x19d8 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:28:21.0985 0x19d8 Mcx2Svc - detected UnsignedFile.Multi.Generic ( 1 )

spypcsense
2015-01-16, 19:51
Didn't mention in last post: TDSS found 197 threats and quarantined 87. Ran it again before I ran FSS and it came up clean.
As for the USB protection, before I contacted you I had attached my drive internally with SATA connectors and ran AVG, Spybot and Malwarebyes on it. Spybot found 23 objects but did not present a fix list. Guess I better load all these scanning tools in the other computer and get busy.

I am using AVG Firewall not Windows.

Farbar Service Scanner Version: 21-07-2014
Ran by Bruce (administrator) on 16-01-2015 at 09:42:54
Running from "C:\Users\Bruce\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2014-07-09 08:05] - [2014-05-29 22:36] - 0338944 ____A (Microsoft Corporation) D0B388DA1D111A34366E04EB4A5DD156

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-17 08:52] - [2013-07-08 20:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Juliet
2015-01-16, 20:16
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
When the first scan completed it said it could cure the infections found?

usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here
Man, I need to see this log, let's see if you can locate the first run.

spypcsense
2015-01-16, 21:56
Oops! Sorry, thought that was the first report. Here it is. Choices were skip and Quarantine so I chose quarantine. That's where they are. Saw a remote access file was quarantined. Good.
Part1
08:59:36.0143 0x0758 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
09:01:36.0684 0x0758 ============================================================
09:01:36.0684 0x0758 Current date / time: 2015/01/16 09:01:36.0684
09:01:36.0684 0x0758 SystemInfo:
09:01:36.0684 0x0758
09:01:36.0684 0x0758 OS Version: 6.1.7601 ServicePack: 1.0
09:01:36.0684 0x0758 Product type: Workstation
09:01:36.0684 0x0758 ComputerName: BRUCE-LENOVO
09:01:36.0684 0x0758 UserName: Bruce
09:01:36.0684 0x0758 Windows directory: C:\Windows
09:01:36.0684 0x0758 System windows directory: C:\Windows
09:01:36.0684 0x0758 Processor architecture: Intel x86
09:01:36.0684 0x0758 Number of processors: 4
09:01:36.0684 0x0758 Page size: 0x1000
09:01:36.0684 0x0758 Boot type: Normal boot
09:01:36.0684 0x0758 ============================================================
09:01:37.0058 0x0758 KLMD registered as C:\Windows\system32\drivers\58755457.sys
09:01:37.0760 0x0758 System UUID: {5C5497F2-AB82-E6C6-9B2A-5E273D5EB167}
09:01:38.0618 0x0758 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:01:38.0618 0x0758 ============================================================
09:01:38.0618 0x0758 \Device\Harddisk0\DR0:
09:01:38.0618 0x0758 MBR partitions:
09:01:38.0618 0x0758 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
09:01:38.0618 0x0758 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x542BE800
09:01:38.0618 0x0758 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54517000, BlocksNum 0x302F000
09:01:38.0618 0x0758 ============================================================
09:01:38.0650 0x0758 C: <-> \Device\Harddisk0\DR0\Partition2
09:01:38.0681 0x0758 Q: <-> \Device\Harddisk0\DR0\Partition3
09:01:38.0712 0x0758 ============================================================
09:01:38.0712 0x0758 Initialize success
09:01:38.0712 0x0758 ============================================================
09:02:32.0080 0x11f0 ============================================================
09:02:32.0080 0x11f0 Scan started
09:02:32.0080 0x11f0 Mode: Manual; SigCheck; TDLFS;
09:02:32.0080 0x11f0 ============================================================
09:02:32.0080 0x11f0 KSN ping started
09:02:34.0732 0x11f0 KSN ping finished: true
09:02:35.0964 0x11f0 ================ Scan system memory ========================
09:02:35.0964 0x11f0 System memory - ok
09:02:35.0964 0x11f0 ================ Scan services =============================
09:02:36.0136 0x11f0 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:02:36.0198 0x11f0 1394ohci - detected UnsignedFile.Multi.Generic ( 1 )
09:02:39.0131 0x11f0 Detect skipped due to KSN trusted
09:02:39.0131 0x11f0 1394ohci - ok
09:02:39.0224 0x11f0 [ A3AC25D2C9EEB18384A88DEB392C355D, F7348A1F15A7134ABB06C672C533498998100538E740B67C86B2696E0C77F913 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
09:02:39.0256 0x11f0 5U877 - detected UnsignedFile.Multi.Generic ( 1 )
09:02:42.0001 0x11f0 Detect skipped due to KSN trusted
09:02:42.0001 0x11f0 5U877 - ok
09:02:42.0064 0x11f0 [ BEB5E6A8C17C3C7485563281E0F9E77E, D04ACF4833370AC1BFA5365B7D23DB0F6BD5067102B4AD523D74DBE89EDDABBA ] 61883 C:\Windows\system32\DRIVERS\61883.sys
09:02:42.0079 0x11f0 61883 - detected UnsignedFile.Multi.Generic ( 1 )
09:02:45.0074 0x11f0 Detect skipped due to KSN trusted
09:02:45.0074 0x11f0 61883 - ok
09:02:45.0152 0x11f0 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:02:45.0199 0x11f0 ACPI - ok
09:02:45.0215 0x11f0 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:02:45.0230 0x11f0 AcpiPmi - detected UnsignedFile.Multi.Generic ( 1 )
09:02:48.0132 0x11f0 Detect skipped due to KSN trusted
09:02:48.0132 0x11f0 AcpiPmi - ok
09:02:48.0241 0x11f0 [ C0F22E875F5B6417BDD70D7A0C015415, BDDD010C331CEFDB9BFC8C15ECC443171EA7F06376E7D54661A74EA108B73FA2 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
09:02:48.0257 0x11f0 AcPrfMgrSvc - ok
09:02:48.0272 0x11f0 [ E714E5A88CD4AC11C9914A9D8879EFEA, 42C76FD40AD837AF4142E180D3AC78DE39D96AB31F8713C7020462FFA81E5A8E ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
09:02:48.0288 0x11f0 AcSvc - ok
09:02:48.0397 0x11f0 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A, F419E159D3E428A3929A1A983142E7B0783D3F104EE9587585418E51011E4B8F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:02:48.0413 0x11f0 AdobeARMservice - ok
09:02:48.0475 0x11f0 [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:02:48.0491 0x11f0 AdobeFlashPlayerUpdateSvc - ok
09:02:48.0506 0x11f0 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:02:48.0538 0x11f0 adp94xx - ok
09:02:48.0553 0x11f0 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:02:48.0569 0x11f0 adpahci - ok
09:02:48.0600 0x11f0 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:02:48.0616 0x11f0 adpu320 - ok
09:02:48.0631 0x11f0 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:02:48.0647 0x11f0 AeLookupSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:02:51.0221 0x11f0 Detect skipped due to KSN trusted
09:02:51.0221 0x11f0 AeLookupSvc - ok
09:02:51.0361 0x11f0 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
09:02:51.0392 0x11f0 AFD - detected UnsignedFile.Multi.Generic ( 1 )
09:02:54.0138 0x11f0 Detect skipped due to KSN trusted
09:02:54.0138 0x11f0 AFD - ok
09:02:54.0216 0x11f0 [ 8D0CF8A08034CD3D273C9FFC759B62A6, 538D35A0D31BF3D68118CCBDC14CBFDA7A0C0241D929D3AD718A5D60B32B8517 ] AFS C:\Windows\system32\drivers\AFS.sys
09:02:54.0247 0x11f0 AFS - detected UnsignedFile.Multi.Generic ( 1 )
09:02:57.0149 0x11f0 Detect skipped due to KSN trusted
09:02:57.0149 0x11f0 AFS - ok
09:02:57.0211 0x11f0 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:02:57.0227 0x11f0 agp440 - ok
09:02:57.0227 0x11f0 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:02:57.0242 0x11f0 aic78xx - ok
09:02:57.0258 0x11f0 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
09:02:57.0274 0x11f0 ALG - detected UnsignedFile.Multi.Generic ( 1 )
09:03:00.0019 0x11f0 Detect skipped due to KSN trusted
09:03:00.0019 0x11f0 ALG - ok
09:03:00.0050 0x11f0 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
09:03:00.0066 0x11f0 aliide - ok
09:03:00.0082 0x11f0 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:03:00.0097 0x11f0 amdagp - ok
09:03:00.0144 0x11f0 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
09:03:00.0160 0x11f0 amdide - ok
09:03:00.0160 0x11f0 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:03:00.0191 0x11f0 AmdK8 - detected UnsignedFile.Multi.Generic ( 1 )
09:03:03.0124 0x11f0 Detect skipped due to KSN trusted
09:03:03.0124 0x11f0 AmdK8 - ok
09:03:03.0124 0x11f0 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:03:03.0155 0x11f0 AmdPPM - detected UnsignedFile.Multi.Generic ( 1 )
09:03:05.0963 0x11f0 Detect skipped due to KSN trusted
09:03:05.0963 0x11f0 AmdPPM - ok
09:03:05.0978 0x11f0 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:03:05.0994 0x11f0 amdsata - ok
09:03:06.0010 0x11f0 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:03:06.0041 0x11f0 amdsbs - ok
09:03:06.0056 0x11f0 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:03:06.0072 0x11f0 amdxata - ok
09:03:06.0119 0x11f0 [ 99BBEF4A68BF398ED647F4EEB8FF66D4, DCBEDBAE10D188B1CB5E4684FEB70093C684927B6B711F164E676211B9B4F37C ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
09:03:06.0166 0x11f0 AMPPAL - detected UnsignedFile.Multi.Generic ( 1 )
09:03:08.0927 0x11f0 Detect skipped due to KSN trusted
09:03:08.0927 0x11f0 AMPPAL - ok
09:03:08.0974 0x11f0 [ 99BBEF4A68BF398ED647F4EEB8FF66D4, DCBEDBAE10D188B1CB5E4684FEB70093C684927B6B711F164E676211B9B4F37C ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
09:03:09.0020 0x11f0 AMPPALP - detected UnsignedFile.Multi.Generic ( 1 )
09:03:09.0020 0x11f0 Detect skipped due to KSN trusted
09:03:09.0020 0x11f0 AMPPALP - ok
09:03:09.0176 0x11f0 [ EF4022E9C59B20438C1304424D9441F4, 325F76944BD20B792096D00B726308EDA484514B7D21BEC56C046D936CB3683F ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
09:03:09.0270 0x11f0 AMPPALR3 - ok
09:03:09.0301 0x11f0 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
09:03:09.0332 0x11f0 AppID - detected UnsignedFile.Multi.Generic ( 1 )
09:03:12.0094 0x11f0 Detect skipped due to KSN trusted
09:03:12.0094 0x11f0 AppID - ok
09:03:12.0140 0x11f0 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:03:12.0172 0x11f0 AppIDSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:03:14.0792 0x11f0 Detect skipped due to KSN trusted
09:03:14.0792 0x11f0 AppIDSvc - ok
09:03:14.0824 0x11f0 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
09:03:14.0855 0x11f0 Appinfo - detected UnsignedFile.Multi.Generic ( 1 )
09:03:17.0756 0x11f0 Detect skipped due to KSN trusted
09:03:17.0756 0x11f0 Appinfo - ok
09:03:17.0819 0x11f0 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:03:17.0850 0x11f0 AppMgmt - detected UnsignedFile.Multi.Generic ( 1 )
09:03:20.0705 0x11f0 Detect skipped due to KSN trusted
09:03:20.0705 0x11f0 AppMgmt - ok
09:03:20.0767 0x11f0 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:03:20.0783 0x11f0 arc - ok
09:03:20.0799 0x11f0 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:03:20.0799 0x11f0 arcsas - ok
09:03:20.0939 0x11f0 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:03:20.0986 0x11f0 aspnet_state - ok
09:03:21.0033 0x11f0 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:03:21.0064 0x11f0 AsyncMac - detected UnsignedFile.Multi.Generic ( 1 )
09:03:24.0012 0x11f0 Detect skipped due to KSN trusted
09:03:24.0012 0x11f0 AsyncMac - ok
09:03:24.0090 0x11f0 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
09:03:24.0090 0x11f0 atapi - ok
09:03:24.0121 0x11f0 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:03:24.0168 0x11f0 AudioEndpointBuilder - detected UnsignedFile.Multi.Generic ( 1 )
09:03:27.0148 0x11f0 Detect skipped due to KSN trusted
09:03:27.0148 0x11f0 AudioEndpointBuilder - ok
09:03:27.0226 0x11f0 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:03:27.0257 0x11f0 Audiosrv - detected UnsignedFile.Multi.Generic ( 1 )
09:03:27.0257 0x11f0 Detect skipped due to KSN trusted
09:03:27.0257 0x11f0 Audiosrv - ok
09:03:27.0319 0x11f0 [ C44BDD77E06053CF5AFE046F3A47C16B, FB0EF5AEDD5F8760765A3AB890B32867C0A38397B6423D5291BCFF6FC38346D9 ] Avc C:\Windows\system32\DRIVERS\avc.sys
09:03:27.0335 0x11f0 Avc - detected UnsignedFile.Multi.Generic ( 1 )
09:03:30.0018 0x11f0 Detect skipped due to KSN trusted
09:03:30.0018 0x11f0 Avc - ok
09:03:30.0143 0x11f0 [ D4CC608FCAB4EC5D9ED19E004FF783CD, A026B4B0331A100433ADFD60BAD9937B2DF7EE36AC2ACAD9F83A643A437D912F ] AvgApiWrapper C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
09:03:30.0174 0x11f0 AvgApiWrapper - ok
09:03:30.0221 0x11f0 [ 7F9B01CE297EF4D54C5C4D736D22CF96, 7B13DE8346FE8218CA1D3ECFBD610B0292606318BA863D2C0941B6D3F55FB788 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
09:03:30.0237 0x11f0 Avgfwfd - ok
09:03:30.0361 0x11f0 [ C45E6D7B79E504EB6A98B5F75ED746BA, 8E747DFEEB7EB9351462A0A8DEA9D9ED6799EEB600A80BFB202B6965C750423B ] avgfws C:\Program Files\AVG\AVG2014\avgfws.exe
09:03:30.0424 0x11f0 avgfws - ok
09:03:30.0564 0x11f0 [ 5AFCA73A6807B6ABA67E01C3AD1F4E2B, 39F68A2C09F1F1032AFB1817D297F3D7C0FABC119F42CBE319A42970F967276D ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
09:03:30.0658 0x11f0 AVGIDSAgent - ok
09:03:30.0720 0x11f0 [ 8F07F27A2954775823A89C5976BF4F36, 232B10ECFD420B1BCB390FC495670FE092AAE9726185D2B50CBF6A5DD5D5C7A6 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:03:30.0736 0x11f0 AVGIDSDriver - ok
09:03:30.0798 0x11f0 [ C0701A3C53F0A0F5E4900F26365A10A1, 2755AF8C98F4855FD467F0174D6AE7AC3E7050D95008FE521918194593684D51 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:03:30.0814 0x11f0 AVGIDSHX - ok
09:03:30.0845 0x11f0 [ E7FEE532CEF01C97D7682E35D156244F, CF54B4B83E1A060FF52BDEAC4E20492ACFAABC87BC6BE784D6AB4CD64C965B92 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:03:30.0861 0x11f0 AVGIDSShim - ok
09:03:30.0923 0x11f0 [ 83645E273A9EEFB3B554AD0D8A01F33D, 23491C196156BC7BF47FCD4825CCE4DEC6BE0764D7113F2D612473551305860B ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:03:30.0939 0x11f0 Avgldx86 - ok
09:03:30.0985 0x11f0 [ 8D37558421330218C98722DF4AD85E83, 24C33B317BA605DFC9B9CE2868391A815870A61F58A172806533A16F29F92B0A ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
09:03:31.0001 0x11f0 Avglogx - ok
09:03:31.0048 0x11f0 [ BE4C960D8B2B5DE08B87970D89146ABE, 18523356835D296C25FD73DA9F5CC3A5F4542D713ABEB9F8253CC871BBFCC958 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:03:31.0063 0x11f0 Avgmfx86 - ok
09:03:31.0141 0x11f0 [ 93B89FC2A371ECFAAB242050F07D451B, E966826DBF836D98F016724BFA246EB65A2618C75D308FE96C5C44338E5924E5 ] AvgRemote C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
09:03:31.0157 0x11f0 AvgRemote - ok
09:03:31.0204 0x11f0 [ 86FCB8CE3E68C4777B98F7AF06FE8519, 6B7507DA927ECDBA8B2DAA87530DDAEAC5B0983D3CF11D1F6D00D36601FBC60C ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:03:31.0219 0x11f0 Avgrkx86 - ok
09:03:31.0251 0x11f0 [ 674B31FADA5C6A8678B1CCFE1D1F8796, 1EB85DC5A426C19ED2EED5993F2B6A1C81904832FAA746169A42FEA1A969B423 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:03:31.0266 0x11f0 Avgtdix - ok
09:03:31.0282 0x11f0 [ F8459F4970C2CDE22DBA890636DD85AF, 355FE960B57E3121B1BBFFC9CB35A6D35085368F70C2EE7E1633B72C7438D6F4 ] AvgUpgrade C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
09:03:31.0297 0x11f0 AvgUpgrade - ok
09:03:31.0344 0x11f0 [ 4A3D6702F4A101C4DDC7000B59530DD5, D89AB84C2834DD72883A989C7915DCE294A455986301A7529AEB8F7B68762E99 ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
09:03:31.0360 0x11f0 avgwd - ok
09:03:31.0391 0x11f0 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:03:31.0422 0x11f0 AxInstSV - detected UnsignedFile.Multi.Generic ( 1 )
09:03:34.0121 0x11f0 Detect skipped due to KSN trusted
09:03:34.0121 0x11f0 AxInstSV - ok
09:03:34.0183 0x11f0 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:03:34.0230 0x11f0 b06bdrv - detected UnsignedFile.Multi.Generic ( 1 )
09:03:37.0194 0x11f0 Detect skipped due to KSN trusted
09:03:37.0194 0x11f0 b06bdrv - ok
09:03:37.0257 0x11f0 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:03:37.0288 0x11f0 b57nd60x - detected UnsignedFile.Multi.Generic ( 1 )
09:03:39.0955 0x11f0 Detect skipped due to KSN trusted
09:03:39.0955 0x11f0 b57nd60x - ok
09:03:40.0018 0x11f0 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
09:03:40.0049 0x11f0 BDESVC - detected UnsignedFile.Multi.Generic ( 1 )
09:03:42.0826 0x11f0 Detect skipped due to KSN trusted
09:03:42.0826 0x11f0 BDESVC - ok
09:03:42.0888 0x11f0 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
09:03:42.0919 0x11f0 Beep - detected UnsignedFile.Multi.Generic ( 1 )
09:03:45.0681 0x11f0 Detect skipped due to KSN trusted
09:03:45.0681 0x11f0 Beep - ok
09:03:45.0774 0x11f0 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
09:03:45.0805 0x11f0 BFE - detected UnsignedFile.Multi.Generic ( 1 )
09:03:50.0298 0x11f0 Detect skipped due to KSN trusted
09:03:50.0298 0x11f0 BFE - ok
09:03:50.0392 0x11f0 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
09:03:50.0439 0x11f0 BITS - detected UnsignedFile.Multi.Generic ( 1 )
09:03:53.0434 0x11f0 Detect skipped due to KSN trusted
09:03:53.0434 0x11f0 BITS - ok
09:03:53.0512 0x11f0 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:03:53.0527 0x11f0 blbdrive - detected UnsignedFile.Multi.Generic ( 1 )
09:03:56.0538 0x11f0 Detect skipped due to KSN trusted
09:03:56.0538 0x11f0 blbdrive - ok
09:03:56.0632 0x11f0 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:03:56.0663 0x11f0 bowser - detected UnsignedFile.Multi.Generic ( 1 )
09:03:59.0409 0x11f0 Detect skipped due to KSN trusted
09:03:59.0409 0x11f0 bowser - ok
09:03:59.0471 0x11f0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:03:59.0487 0x11f0 BrFiltLo - detected UnsignedFile.Multi.Generic ( 1 )
09:04:02.0310 0x11f0 Detect skipped due to KSN trusted
09:04:02.0310 0x11f0 BrFiltLo - ok
09:04:02.0357 0x11f0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:04:02.0388 0x11f0 BrFiltUp - detected UnsignedFile.Multi.Generic ( 1 )
09:04:05.0196 0x11f0 Detect skipped due to KSN trusted
09:04:05.0196 0x11f0 BrFiltUp - ok
09:04:05.0259 0x11f0 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
09:04:05.0274 0x11f0 Browser - detected UnsignedFile.Multi.Generic ( 1 )
09:04:08.0004 0x11f0 Detect skipped due to KSN trusted
09:04:08.0004 0x11f0 Browser - ok
09:04:08.0020 0x11f0 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:04:08.0067 0x11f0 Brserid - detected UnsignedFile.Multi.Generic ( 1 )
09:04:10.0765 0x11f0 Detect skipped due to KSN trusted
09:04:10.0765 0x11f0 Brserid - ok
09:04:10.0797 0x11f0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:04:10.0828 0x11f0 BrSerWdm - detected UnsignedFile.Multi.Generic ( 1 )
09:04:13.0698 0x11f0 Detect skipped due to KSN trusted
09:04:13.0698 0x11f0 BrSerWdm - ok
09:04:13.0761 0x11f0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:04:13.0792 0x11f0 BrUsbMdm - detected UnsignedFile.Multi.Generic ( 1 )
09:04:16.0506 0x11f0 Detect skipped due to KSN trusted
09:04:16.0506 0x11f0 BrUsbMdm - ok
09:04:16.0522 0x11f0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:04:16.0537 0x11f0 BrUsbSer - detected UnsignedFile.Multi.Generic ( 1 )
09:04:19.0486 0x11f0 Detect skipped due to KSN trusted
09:04:19.0486 0x11f0 BrUsbSer - ok
09:04:19.0564 0x11f0 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:04:19.0595 0x11f0 BthEnum - detected UnsignedFile.Multi.Generic ( 1 )
09:04:22.0465 0x11f0 Detect skipped due to KSN trusted
09:04:22.0465 0x11f0 BthEnum - ok
09:04:22.0481 0x11f0 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:04:22.0512 0x11f0 BTHMODEM - detected UnsignedFile.Multi.Generic ( 1 )
09:04:25.0211 0x11f0 Detect skipped due to KSN trusted
09:04:25.0211 0x11f0 BTHMODEM - ok
09:04:25.0289 0x11f0 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:04:25.0305 0x11f0 BthPan - detected UnsignedFile.Multi.Generic ( 1 )
09:04:28.0284 0x11f0 Detect skipped due to KSN trusted
09:04:28.0284 0x11f0 BthPan - ok
09:04:28.0362 0x11f0 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:04:28.0409 0x11f0 BTHPORT - detected UnsignedFile.Multi.Generic ( 1 )
09:04:31.0155 0x11f0 Detect skipped due to KSN trusted
09:04:31.0155 0x11f0 BTHPORT - ok
09:04:31.0217 0x11f0 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
09:04:31.0248 0x11f0 bthserv - detected UnsignedFile.Multi.Generic ( 1 )
09:04:33.0916 0x11f0 Detect skipped due to KSN trusted
09:04:33.0916 0x11f0 bthserv - ok
09:04:33.0963 0x11f0 [ 8893814133AFDD17431E2682EDE2DCE9, 33DBBF8C297B710F2F6215E48DA5291B41F60EF5C8F5E66C6BF234629D361284 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
09:04:33.0978 0x11f0 BTHSSecurityMgr - ok
09:04:34.0009 0x11f0 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:04:34.0041 0x11f0 BTHUSB - detected UnsignedFile.Multi.Generic ( 1 )
09:04:36.0989 0x11f0 Detect skipped due to KSN trusted
09:04:36.0989 0x11f0 BTHUSB - ok
09:04:37.0083 0x11f0 [ F549C3FB145A4928E40BB1518B2034DC, FAD5B228B43FEC582DBDD91903216C1B170AC3C426E1F3420985988559F2AC49 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
09:04:37.0098 0x11f0 btusbflt - ok
09:04:37.0145 0x11f0 [ F8B4F60768328FAA2FFE2727F66809F8, 7281200791AC91AB88D5D338AA6B5401AA2039E2963F94C13B4887E73C3F8EE7 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:04:37.0161 0x11f0 btwaudio - ok
09:04:37.0207 0x11f0 [ FA7446DD38DE84D4988D1F2EBB854589, 5F9C674C6811CC7DA60111B758433800246C967D8C1551391823390D8F4F30A1 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
09:04:37.0223 0x11f0 btwavdt - ok
09:04:37.0317 0x11f0 [ 56CB951571E2C6E69990F40220467359, 7E01690D01626D3FE2C03681434F87CDCA6F756CA8997CBE198AC590435D1F33 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
09:04:37.0348 0x11f0 btwdins - ok
09:04:37.0395 0x11f0 [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:04:37.0410 0x11f0 btwl2cap - ok
09:04:37.0457 0x11f0 [ D5862FBC1CBC0404614FD9D85C8D880E, C05BC43415BD646CA950E177F3D3829C6600024061D19CDFB6507DC46A824144 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:04:37.0457 0x11f0 btwrchid - ok
09:04:37.0488 0x11f0 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:04:37.0504 0x11f0 cdfs - detected UnsignedFile.Multi.Generic ( 1 )
09:04:40.0265 0x11f0 Detect skipped due to KSN trusted
09:04:40.0265 0x11f0 cdfs - ok
09:04:40.0359 0x11f0 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:04:40.0405 0x11f0 cdrom - detected UnsignedFile.Multi.Generic ( 1 )
09:04:43.0323 0x11f0 Detect skipped due to KSN trusted
09:04:43.0323 0x11f0 cdrom - ok
09:04:43.0385 0x11f0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
09:04:43.0416 0x11f0 CertPropSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:04:46.0411 0x11f0 Detect skipped due to KSN trusted
09:04:46.0411 0x11f0 CertPropSvc - ok
09:04:46.0458 0x11f0 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:04:46.0489 0x11f0 circlass - detected UnsignedFile.Multi.Generic ( 1 )
09:04:49.0173 0x11f0 Detect skipped due to KSN trusted
09:04:49.0173 0x11f0 circlass - ok
09:04:49.0266 0x11f0 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
09:04:49.0282 0x11f0 CLFS - ok
09:04:49.0375 0x11f0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:04:49.0391 0x11f0 clr_optimization_v2.0.50727_32 - ok
09:04:49.0453 0x11f0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:04:49.0563 0x11f0 clr_optimization_v4.0.30319_32 - ok
09:04:49.0625 0x11f0 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:04:49.0641 0x11f0 CmBatt - detected UnsignedFile.Multi.Generic ( 1 )
09:04:52.0651 0x11f0 Detect skipped due to KSN trusted
09:04:52.0651 0x11f0 CmBatt - ok
09:04:52.0729 0x11f0 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:04:52.0745 0x11f0 cmdide - ok
09:04:52.0807 0x11f0 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
09:04:52.0854 0x11f0 CNG - ok
09:04:52.0901 0x11f0 [ 2FE437862D0CAA879B3C01EF353EDDA7, 5A831A79AABC9721DBB1CDEC02629A373B5DD13EE386A42AF9BBEF33C14373E8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
09:04:52.0948 0x11f0 CnxtHdAudService - ok
09:04:52.0963 0x11f0 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:04:52.0979 0x11f0 Compbatt - ok
09:04:53.0026 0x11f0 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:04:53.0041 0x11f0 CompositeBus - detected UnsignedFile.Multi.Generic ( 1 )
09:04:55.0927 0x11f0 Detect skipped due to KSN trusted
09:04:55.0927 0x11f0 CompositeBus - ok
09:04:55.0943 0x11f0 COMSysApp - ok
09:04:55.0959 0x11f0 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:04:55.0974 0x11f0 crcdisk - ok
09:04:56.0037 0x11f0 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:04:56.0068 0x11f0 CryptSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:04:58.0704 0x11f0 Detect skipped due to KSN trusted
09:04:58.0704 0x11f0 CryptSvc - ok
09:04:58.0798 0x11f0 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
09:04:58.0845 0x11f0 CSC - detected UnsignedFile.Multi.Generic ( 1 )
09:05:01.0668 0x11f0 Detect skipped due to KSN trusted
09:05:01.0668 0x11f0 CSC - ok
09:05:01.0746 0x11f0 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
09:05:01.0777 0x11f0 CscService - detected UnsignedFile.Multi.Generic ( 1 )
09:05:04.0539 0x11f0 Detect skipped due to KSN trusted
09:05:04.0539 0x11f0 CscService - ok
09:05:04.0601 0x11f0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
09:05:04.0648 0x11f0 DcomLaunch - detected UnsignedFile.Multi.Generic ( 1 )
09:05:07.0409 0x11f0 Detect skipped due to KSN trusted
09:05:07.0409 0x11f0 DcomLaunch - ok
09:05:07.0471 0x11f0 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
09:05:07.0503 0x11f0 defragsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:05:10.0373 0x11f0 Detect skipped due to KSN trusted
09:05:10.0373 0x11f0 defragsvc - ok
09:05:10.0467 0x11f0 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:05:10.0482 0x11f0 DfsC - detected UnsignedFile.Multi.Generic ( 1 )
09:05:13.0072 0x11f0 Detect skipped due to KSN trusted
09:05:13.0072 0x11f0 DfsC - ok
09:05:13.0166 0x11f0 [ 560B0DCE52DFED6623B27C9BAFA6F236, BB4156BB1CCA64CCDE065870DAE56CD58BF05CEBF7C3B17C7A821FDF02A8B157 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:05:13.0166 0x11f0 dg_ssudbus - ok
09:05:13.0197 0x11f0 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:05:13.0244 0x11f0 Dhcp - detected UnsignedFile.Multi.Generic ( 1 )
09:05:15.0802 0x11f0 Detect skipped due to KSN trusted
09:05:15.0802 0x11f0 Dhcp - ok
09:05:15.0818 0x11f0 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
09:05:15.0849 0x11f0 discache - detected UnsignedFile.Multi.Generic ( 1 )
09:05:18.0672 0x11f0 Detect skipped due to KSN trusted
09:05:18.0672 0x11f0 discache - ok
09:05:18.0719 0x11f0 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:05:18.0735 0x11f0 Disk - ok
09:05:18.0750 0x11f0 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:05:18.0782 0x11f0 Dnscache - detected UnsignedFile.Multi.Generic ( 1 )
09:05:21.0839 0x11f0 Detect skipped due to KSN trusted
09:05:21.0839 0x11f0 Dnscache - ok
09:05:21.0870 0x11f0 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
09:05:21.0917 0x11f0 dot3svc - detected UnsignedFile.Multi.Generic ( 1 )
09:05:24.0912 0x11f0 Detect skipped due to KSN trusted
09:05:24.0912 0x11f0 dot3svc - ok
09:05:24.0975 0x11f0 [ E00B3CE273B17AEE1259C105DF5524CA, F4896FC70CF5FDEF86CD3763F7E7220AEEBD16CC5CAE327AEBFC7812D42C67CB ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
09:05:24.0990 0x11f0 DozeHDD - ok
09:05:25.0006 0x11f0 [ 003ACEE8650BFD49E4121289BBF59480, FD0A5A2C2766A792D85311AB8DAC696F5DBECB5A214B8E2B3ED9F90E24133070 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
09:05:25.0022 0x11f0 DozeSvc - ok
09:05:25.0053 0x11f0 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
09:05:25.0068 0x11f0 DPS - detected UnsignedFile.Multi.Generic ( 1 )
09:05:27.0783 0x11f0 Detect skipped due to KSN trusted
09:05:27.0783 0x11f0 DPS - ok
09:05:27.0861 0x11f0 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:05:27.0908 0x11f0 drmkaud - detected UnsignedFile.Multi.Generic ( 1 )
09:05:30.0622 0x11f0 Detect skipped due to KSN trusted
09:05:30.0622 0x11f0 drmkaud - ok
09:05:30.0684 0x11f0 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:05:30.0731 0x11f0 DXGKrnl - ok
09:05:30.0794 0x11f0 [ E7DD83584042EE5F9B0CF0C8C6B064D5, 42071768937F00FAEEF338EB6BC4C1BC0E762076EA1109FB0CFA54BF4C2D12F6 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
09:05:30.0825 0x11f0 e1kexpress - ok
09:05:30.0872 0x11f0 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
09:05:30.0903 0x11f0 EapHost - detected UnsignedFile.Multi.Generic ( 1 )
09:05:33.0820 0x11f0 Detect skipped due to KSN trusted
09:05:33.0820 0x11f0 EapHost - ok
09:05:33.0960 0x11f0 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:05:34.0132 0x11f0 ebdrv - detected UnsignedFile.Multi.Generic ( 1 )
09:05:36.0893 0x11f0 Detect skipped due to KSN trusted
09:05:36.0893 0x11f0 ebdrv - ok
09:05:36.0971 0x11f0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
09:05:36.0987 0x11f0 EFS - detected UnsignedFile.Multi.Generic ( 1 )
09:05:39.0764 0x11f0 Detect skipped due to KSN trusted
09:05:39.0764 0x11f0 EFS - ok
09:05:39.0857 0x11f0 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:05:39.0920 0x11f0 ehRecvr - detected UnsignedFile.Multi.Generic ( 1 )
09:05:42.0665 0x11f0 Detect skipped due to KSN trusted
09:05:42.0665 0x11f0 ehRecvr - ok
09:05:42.0728 0x11f0 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
09:05:42.0759 0x11f0 ehSched - detected UnsignedFile.Multi.Generic ( 1 )
09:05:45.0598 0x11f0 Detect skipped due to KSN trusted
09:05:45.0598 0x11f0 ehSched - ok
09:05:45.0770 0x11f0 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:05:45.0801 0x11f0 elxstor - ok
09:05:45.0816 0x11f0 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:05:45.0832 0x11f0 ErrDev - detected UnsignedFile.Multi.Generic ( 1 )
09:05:48.0671 0x11f0 Detect skipped due to KSN trusted
09:05:48.0671 0x11f0 ErrDev - ok
09:05:48.0765 0x11f0 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
09:05:48.0796 0x11f0 EventSystem - detected UnsignedFile.Multi.Generic ( 1 )
09:05:51.0542 0x11f0 Detect skipped due to KSN trusted
09:05:51.0542 0x11f0 EventSystem - ok
09:05:51.0682 0x11f0 [ B6C691D8CAE275ED9B2782E62626F36A, 81D2BF9715506FFD4A40D524827899A1B9CC7ED1176E4AE7C4D33FFD69E807EF ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:05:51.0729 0x11f0 EvtEng - ok
09:05:51.0791 0x11f0 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
09:05:51.0822 0x11f0 exfat - detected UnsignedFile.Multi.Generic ( 1 )
09:05:54.0818 0x11f0 Detect skipped due to KSN trusted
09:05:54.0818 0x11f0 exfat - ok
09:05:54.0896 0x11f0 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:05:54.0927 0x11f0 fastfat - detected UnsignedFile.Multi.Generic ( 1 )
09:05:57.0688 0x11f0 Detect skipped due to KSN trusted
09:05:57.0688 0x11f0 fastfat - ok
09:05:57.0766 0x11f0 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
09:05:57.0813 0x11f0 Fax - detected UnsignedFile.Multi.Generic ( 1 )
09:06:00.0746 0x11f0 Detect skipped due to KSN trusted
09:06:00.0746 0x11f0 Fax - ok
09:06:00.0808 0x11f0 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:06:00.0839 0x11f0 fdc - detected UnsignedFile.Multi.Generic ( 1 )
09:06:03.0616 0x11f0 Detect skipped due to KSN trusted
09:06:03.0616 0x11f0 fdc - ok
09:06:03.0678 0x11f0 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
09:06:03.0694 0x11f0 fdPHost - detected UnsignedFile.Multi.Generic ( 1 )
09:06:06.0705 0x11f0 Detect skipped due to KSN trusted
09:06:06.0705 0x11f0 fdPHost - ok
09:06:06.0736 0x11f0 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
09:06:06.0767 0x11f0 FDResPub - detected UnsignedFile.Multi.Generic ( 1 )
09:06:09.0653 0x11f0 Detect skipped due to KSN trusted
09:06:09.0653 0x11f0 FDResPub - ok
09:06:09.0731 0x11f0 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:06:09.0747 0x11f0 FileInfo - ok
09:06:09.0762 0x11f0 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:06:09.0778 0x11f0 Filetrace - detected UnsignedFile.Multi.Generic ( 1 )
09:06:12.0524 0x11f0 Detect skipped due to KSN trusted
09:06:12.0524 0x11f0 Filetrace - ok
09:06:12.0633 0x11f0 [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:06:12.0664 0x11f0 FLEXnet Licensing Service - ok
09:06:12.0680 0x11f0 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:06:12.0711 0x11f0 flpydisk - detected UnsignedFile.Multi.Generic ( 1 )
09:06:17.0032 0x11f0 Detect skipped due to KSN trusted
09:06:17.0032 0x11f0 flpydisk - ok
09:06:17.0094 0x11f0 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:06:17.0110 0x11f0 FltMgr - ok
09:06:17.0188 0x11f0 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
09:06:17.0235 0x11f0 FontCache - detected UnsignedFile.Multi.Generic ( 1 )
09:06:19.0996 0x11f0 Detect skipped due to KSN trusted
09:06:19.0996 0x11f0 FontCache - ok
09:06:20.0058 0x11f0 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:06:20.0058 0x11f0 FontCache3.0.0.0 - ok
09:06:20.0074 0x11f0 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:06:20.0105 0x11f0 FsDepends - ok
09:06:20.0152 0x11f0 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:06:20.0168 0x11f0 Fs_Rec - ok
09:06:20.0183 0x11f0 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:06:20.0199 0x11f0 fvevol - ok
09:06:20.0230 0x11f0 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:06:20.0246 0x11f0 gagp30kx - ok
09:06:20.0292 0x11f0 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
09:06:20.0339 0x11f0 gpsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:06:23.0272 0x11f0 Detect skipped due to KSN trusted
09:06:23.0272 0x11f0 gpsvc - ok
09:06:23.0397 0x11f0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:06:23.0412 0x11f0 gupdate - ok
09:06:23.0444 0x11f0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:06:23.0444 0x11f0 gupdatem - ok
09:06:23.0459 0x11f0 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:06:23.0490 0x11f0 hcw85cir - detected UnsignedFile.Multi.Generic ( 1 )
09:06:26.0423 0x11f0 Detect skipped due to KSN trusted
09:06:26.0423 0x11f0 hcw85cir - ok
09:06:26.0501 0x11f0 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:06:26.0532 0x11f0 HdAudAddService - detected UnsignedFile.Multi.Generic ( 1 )
09:06:29.0356 0x11f0 Detect skipped due to KSN trusted
09:06:29.0356 0x11f0 HdAudAddService - ok
09:06:29.0418 0x11f0 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:06:29.0450 0x11f0 HDAudBus - detected UnsignedFile.Multi.Generic ( 1 )
09:06:32.0180 0x11f0 Detect skipped due to KSN trusted
09:06:32.0180 0x11f0 HDAudBus - ok
09:06:32.0258 0x11f0 [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
09:06:32.0289 0x11f0 HECI - detected UnsignedFile.Multi.Generic ( 1 )
09:06:35.0908 0x11f0 Detect skipped due to KSN trusted
09:06:35.0908 0x11f0 HECI - ok
09:06:35.0970 0x11f0 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:06:36.0002 0x11f0 HidBatt - detected UnsignedFile.Multi.Generic ( 1 )
09:06:38.0825 0x11f0 Detect skipped due to KSN trusted
09:06:38.0825 0x11f0 HidBatt - ok
09:06:38.0872 0x11f0 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:06:38.0934 0x11f0 HidBth - detected UnsignedFile.Multi.Generic ( 1 )
09:06:41.0602 0x11f0 Detect skipped due to KSN trusted
09:06:41.0602 0x11f0 HidBth - ok
09:06:41.0664 0x11f0 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:06:41.0696 0x11f0 HidIr - detected UnsignedFile.Multi.Generic ( 1 )
09:06:44.0472 0x11f0 Detect skipped due to KSN trusted
09:06:44.0472 0x11f0 HidIr - ok
09:06:44.0535 0x11f0 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
09:06:44.0582 0x11f0 hidserv - detected UnsignedFile.Multi.Generic ( 1 )
09:06:47.0343 0x11f0 Detect skipped due to KSN trusted
09:06:47.0343 0x11f0 hidserv - ok
09:06:47.0390 0x11f0 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:06:47.0405 0x11f0 HidUsb - detected UnsignedFile.Multi.Generic ( 1 )
09:06:50.0213 0x11f0 Detect skipped due to KSN trusted
09:06:50.0213 0x11f0 HidUsb - ok
09:06:50.0276 0x11f0 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
09:06:50.0307 0x11f0 hkmsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:06:53.0084 0x11f0 Detect skipped due to KSN trusted
09:06:53.0084 0x11f0 hkmsvc - ok
09:06:53.0146 0x11f0 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:06:53.0177 0x11f0 HomeGroupListener - detected UnsignedFile.Multi.Generic ( 1 )
09:06:56.0142 0x11f0 Detect skipped due to KSN trusted
09:06:56.0142 0x11f0 HomeGroupListener - ok
09:06:56.0173 0x11f0 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:06:56.0205 0x11f0 HomeGroupProvider - detected UnsignedFile.Multi.Generic ( 1 )
09:06:58.0857 0x11f0 Detect skipped due to KSN trusted
09:06:58.0857 0x11f0 HomeGroupProvider - ok
09:06:58.0919 0x11f0 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:06:58.0935 0x11f0 HpSAMD - ok
09:06:58.0997 0x11f0 [ 210388FD8225B02BD83D77628AAE64A9, EFB755244CDF8344E14528CF46A6D43C1E8266A307603A63023D8955925FE0C3 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
09:06:59.0059 0x11f0 HsfXAudioService - detected UnsignedFile.Multi.Generic ( 1 )
09:07:01.0992 0x11f0 Detect skipped due to KSN trusted
09:07:01.0992 0x11f0 HsfXAudioService - ok
09:07:02.0070 0x11f0 [ C761B4A8391F5E47F7C51A691CE773F4, FDECE4A213F6200B381149DA7C7236E0B26F6AD8BFA09BE678E391FF924BA0DE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:07:02.0117 0x11f0 HSF_DPV - detected UnsignedFile.Multi.Generic ( 1 )
09:07:04.0878 0x11f0 Detect skipped due to KSN trusted
09:07:04.0878 0x11f0 HSF_DPV - ok
09:07:04.0941 0x11f0 [ 50B42EF358A2E5363BE6B77138A22391, 8ACFA56E332338047CEBE8F87AE6614B9222DFDD49C48FA6F3C3C4AED3206B9F ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:07:04.0987 0x11f0 HSXHWAZL - detected UnsignedFile.Multi.Generic ( 1 )
09:07:07.0718 0x11f0 Detect skipped due to KSN trusted
09:07:07.0718 0x11f0 HSXHWAZL - ok
09:07:07.0796 0x11f0 [ 950CC1E6AE3A6CD23E0945CDE089B02C, C242AE9F21FE7FBC269BD11BDD3346936626DA15596561B527EF20CFAEF77055 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
09:07:07.0811 0x11f0 HTCAND32 - detected UnsignedFile.Multi.Generic ( 1 )
09:07:10.0588 0x11f0 Detect skipped due to KSN trusted
09:07:10.0588 0x11f0 HTCAND32 - ok
09:07:10.0666 0x11f0 [ 339ADEFAD60353F960E3CA67CE468C24, AF0953ACBE2CA6466595A31349DBF96452DEF2633FD279E8F2B59A3767B89AFC ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
09:07:10.0697 0x11f0 htcnprot - detected UnsignedFile.Multi.Generic ( 1 )
09:07:13.0552 0x11f0 Detect skipped due to KSN trusted
09:07:13.0552 0x11f0 htcnprot - ok
09:07:13.0646 0x11f0 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:07:13.0724 0x11f0 HTTP - detected UnsignedFile.Multi.Generic ( 1 )
09:07:16.0422 0x11f0 Detect skipped due to KSN trusted
09:07:16.0422 0x11f0 HTTP - ok
09:07:16.0485 0x11f0 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:07:16.0500 0x11f0 hwpolicy - ok
09:07:16.0547 0x11f0 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:07:16.0578 0x11f0 i8042prt - detected UnsignedFile.Multi.Generic ( 1 )
09:07:19.0496 0x11f0 Detect skipped due to KSN trusted
09:07:19.0496 0x11f0 i8042prt - ok
09:07:19.0589 0x11f0 [ EDF5ECC965FAAA533D35E02F47B9132E, 09CF93344C399A5F3C3984557EE09A70072727579D3EFEE5D442940D679CF35A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:07:19.0605 0x11f0 iaStor - ok
09:07:19.0667 0x11f0 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:07:19.0698 0x11f0 iaStorV - ok
09:07:19.0745 0x11f0 [ 9A5506E974C8929E4FE578C9C11D298F, 98791D25306113D48DF9B7152D3AE5B5C9D968590A80A38BC8192AE61D96051B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:07:19.0761 0x11f0 IBMPMDRV - ok
09:07:19.0776 0x11f0 [ 0F851A9546AE0394E1D0FF975F414B21, 486550DBEA6C89A48A7AF751C6E33EE8250219B0F70795478C9F94286FD8A1CD ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
09:07:19.0776 0x11f0 IBMPMSVC - ok
09:07:19.0870 0x11f0 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:07:19.0917 0x11f0 idsvc - ok
09:07:19.0948 0x11f0 IEEtwCollectorService - ok
09:07:20.0135 0x11f0 [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:07:20.0354 0x11f0 igfx - detected UnsignedFile.Multi.Generic ( 1 )
09:07:23.0052 0x11f0 Detect skipped due to KSN trusted
09:07:23.0052 0x11f0 igfx - ok
09:07:23.0115 0x11f0 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:07:23.0130 0x11f0 iirsp - ok
09:07:23.0162 0x11f0 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
09:07:23.0224 0x11f0 IKEEXT - detected UnsignedFile.Multi.Generic ( 1 )
09:07:26.0250 0x11f0 Detect skipped due to KSN trusted
09:07:26.0250 0x11f0 IKEEXT - ok
09:07:26.0328 0x11f0 [ 2DB41BA61D5E44D0667CF126D35DCF34, AFD9EE3167C8BA0B547DBA8D559401F49EC4ACEBFF2BFE7598A0BC61491C45F8 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:07:26.0360 0x11f0 Impcd - detected UnsignedFile.Multi.Generic ( 1 )
09:07:29.0230 0x11f0 Detect skipped due to KSN trusted
09:07:29.0230 0x11f0 Impcd - ok
09:07:29.0277 0x11f0 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
09:07:29.0292 0x11f0 intelide - ok
09:07:29.0292 0x11f0 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:07:29.0324 0x11f0 intelppm - detected UnsignedFile.Multi.Generic ( 1 )
09:07:32.0085 0x11f0 Detect skipped due to KSN trusted
09:07:32.0085 0x11f0 intelppm - ok
09:07:32.0147 0x11f0 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:07:32.0178 0x11f0 IPBusEnum - detected UnsignedFile.Multi.Generic ( 1 )
09:07:35.0064 0x11f0 Detect skipped due to KSN trusted
09:07:35.0064 0x11f0 IPBusEnum - ok
09:07:35.0127 0x11f0 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:07:35.0158 0x11f0 IpFilterDriver - detected UnsignedFile.Multi.Generic ( 1 )
09:07:42.0084 0x11f0 Detect skipped due to KSN trusted
09:07:42.0084 0x11f0 IpFilterDriver - ok
09:07:42.0178 0x11f0 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:07:42.0225 0x11f0 iphlpsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:07:45.0002 0x11f0 Detect skipped due to KSN trusted
09:07:45.0002 0x11f0 iphlpsvc - ok
09:07:45.0033 0x11f0 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:07:45.0064 0x11f0 IPMIDRV - detected UnsignedFile.Multi.Generic ( 1 )
09:07:48.0059 0x11f0 Detect skipped due to KSN trusted
09:07:48.0059 0x11f0 IPMIDRV - ok
09:07:48.0075 0x11f0 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:07:48.0106 0x11f0 IPNAT - detected UnsignedFile.Multi.Generic ( 1 )
09:07:51.0647 0x11f0 Detect skipped due to KSN trusted
09:07:51.0647 0x11f0 IPNAT - ok
09:07:51.0710 0x11f0 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:07:51.0725 0x11f0 IRENUM - detected UnsignedFile.Multi.Generic ( 1 )
09:07:56.0156 0x11f0 Detect skipped due to KSN trusted
09:07:56.0156 0x11f0 IRENUM - ok
09:07:56.0171 0x11f0 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:07:56.0171 0x11f0 isapnp - ok
09:07:56.0218 0x11f0 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:07:56.0234 0x11f0 iScsiPrt - ok
09:07:56.0265 0x11f0 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:07:56.0265 0x11f0 IviRegMgr - ok
09:07:56.0280 0x11f0 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:07:56.0296 0x11f0 kbdclass - ok
09:07:56.0343 0x11f0 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:07:56.0374 0x11f0 kbdhid - detected UnsignedFile.Multi.Generic ( 1 )
09:08:02.0708 0x11f0 Detect skipped due to KSN trusted
09:08:02.0708 0x11f0 kbdhid - ok
09:08:02.0739 0x11f0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
09:08:02.0754 0x11f0 KeyIso - detected UnsignedFile.Multi.Generic ( 1 )
09:08:02.0754 0x11f0 Detect skipped due to KSN trusted
09:08:02.0754 0x11f0 KeyIso - ok
09:08:02.0817 0x11f0 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:08:02.0832 0x11f0 KSecDD - ok
09:08:02.0848 0x11f0 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:08:02.0864 0x11f0 KSecPkg - ok
09:08:02.0895 0x11f0 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:08:02.0942 0x11f0 KtmRm - detected UnsignedFile.Multi.Generic ( 1 )
09:08:05.0890 0x11f0 Detect skipped due to KSN trusted
09:08:05.0890 0x11f0 KtmRm - ok
09:08:05.0968 0x11f0 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:08:06.0015 0x11f0 LanmanServer - detected UnsignedFile.Multi.Generic ( 1 )
09:08:08.0963 0x11f0 Detect skipped due to KSN trusted
09:08:08.0963 0x11f0 LanmanServer - ok
09:08:08.0981 0x11f0 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:08:09.0009 0x11f0 LanmanWorkstation - detected UnsignedFile.Multi.Generic ( 1 )
09:08:12.0042 0x11f0 Detect skipped due to KSN trusted
09:08:12.0042 0x11f0 LanmanWorkstation - ok
09:08:12.0142 0x11f0 [ CAB9C6C37FD0F9612B269349116504B6, ACA134CC1531791F1EB424BF64F5F46C4FD91439DB5E7D23140A0104E4FD522C ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
09:08:12.0152 0x11f0 LENOVO.CAMMUTE - ok
09:08:12.0172 0x11f0 [ 340288B3B2EDC8AFD5FF127DF85142A7, 595103B5CCDC83D8E4617D2C3E8ED91C88A78ACF11BC9478E9244C510DD50A80 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
09:08:12.0192 0x11f0 LENOVO.MICMUTE - ok
09:08:12.0222 0x11f0 [ 9AAC267A225F3CAEBB9E633F7EB16E4B, BFBB9772646D62ACD9208041621E4CDE92982ED96F243C8F61334F7FC368B387 ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
09:08:12.0232 0x11f0 lenovo.smi - ok
09:08:12.0242 0x11f0 [ 04B5F7F44CCB2FAB615C67ED0E6C8323, CB0C7DD1F968FA7DC8F9AC99435FF9FB6E39CB058C978E977606F5C8CD275B90 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
09:08:12.0252 0x11f0 LENOVO.TPKNRSVC - ok
09:08:12.0262 0x11f0 [ 158B67696EC8602CE71F9AA4F14AA96F, D1453B52D6DFB7209F20FF052187C2FC24F1778A520015B8A4CD05E35593B26A ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
09:08:12.0272 0x11f0 Lenovo.VIRTSCRLSVC - ok
09:08:12.0302 0x11f0 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:08:12.0332 0x11f0 lltdio - detected UnsignedFile.Multi.Generic ( 1 )
09:08:15.0231 0x11f0 Detect skipped due to KSN trusted
09:08:15.0231 0x11f0 lltdio - ok
09:08:15.0247 0x11f0 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:08:15.0294 0x11f0 lltdsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:08:17.0961 0x11f0 Detect skipped due to KSN trusted
09:08:17.0961 0x11f0 lltdsvc - ok
09:08:18.0024 0x11f0 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:08:18.0055 0x11f0 lmhosts - detected UnsignedFile.Multi.Generic ( 1 )
09:08:21.0034 0x11f0 Detect skipped due to KSN trusted
09:08:21.0034 0x11f0 lmhosts - ok
09:08:21.0112 0x11f0 [ 1C05C59D588A94867671FD07B7062CAF, 84DE146D86D84DBBC3150FD383F845DF1B1D9A087A25AC47E14563B31A1E2034 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:08:21.0144 0x11f0 LMS - ok
09:08:21.0159 0x11f0 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:08:21.0175 0x11f0 LSI_FC - ok
09:08:21.0190 0x11f0 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:08:21.0206 0x11f0 LSI_SAS - ok
09:08:21.0206 0x11f0 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:08:21.0222 0x11f0 LSI_SAS2 - ok
09:08:21.0237 0x11f0 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:08:21.0253 0x11f0 LSI_SCSI - ok
09:08:21.0315 0x11f0 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
09:08:21.0331 0x11f0 luafv - detected UnsignedFile.Multi.Generic ( 1 )
09:08:24.0108 0x11f0 Detect skipped due to KSN trusted
09:08:24.0108 0x11f0 luafv - ok
09:08:24.0186 0x11f0 [ A3F4391DFDF2F9E9FE4EAD193265A5AD, A60A1A345622F4758181FB0B6EE784B0B718105FEE7B0F6FEDE5AD59FE448EE1 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:08:24.0201 0x11f0 MBAMProtector - ok
09:08:24.0310 0x11f0 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
09:08:24.0388 0x11f0 MBAMScheduler - ok
09:08:24.0466 0x11f0 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
09:08:24.0513 0x11f0 MBAMService - ok
09:08:24.0576 0x11f0 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:08:24.0591 0x11f0 MBAMSwissArmy - ok
09:08:24.0607 0x11f0 [ 312CD3307F600E7CD340B79B3DCB3A01, 861A6DFC53C69743129DAAFE73DECDE8D842475503E8D713E7CE5D22AC8D1370 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:08:24.0622 0x11f0 MBAMWebAccessControl - ok
09:08:24.0669 0x11f0 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:08:24.0700 0x11f0 Mcx2Svc - detected UnsignedFile.Multi.Generic ( 1 )
09:08:27.0696 0x11f0 Detect skipped due to KSN trusted
09:08:27.0696 0x11f0 Mcx2Svc - ok
09:08:27.0758 0x11f0 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:08:27.0789 0x11f0 mdmxsdk - detected UnsignedFile.Multi.Generic ( 1 )
09:08:30.0457 0x11f0 Detect skipped due to KSN trusted
09:08:30.0457 0x11f0 mdmxsdk - ok
09:08:30.0519 0x11f0 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:08:30.0535 0x11f0 megasas - ok
09:08:30.0582 0x11f0 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:08:30.0613 0x11f0 MegaSR - ok
09:08:30.0675 0x11f0 Microsoft SharePoint Workspace Audit Service - ok
09:08:30.0706 0x11f0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
09:08:30.0738 0x11f0 MMCSS - detected UnsignedFile.Multi.Generic ( 1 )
09:08:33.0530 0x11f0 Detect skipped due to KSN trusted
09:08:33.0530 0x11f0 MMCSS - ok
09:08:33.0608 0x11f0 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
09:08:33.0639 0x11f0 Modem - detected UnsignedFile.Multi.Generic ( 1 )
09:08:42.0640 0x11f0 Detect skipped due to KSN trusted
09:08:42.0640 0x11f0 Modem - ok
09:08:42.0734 0x11f0 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:08:42.0750 0x11f0 monitor - detected UnsignedFile.Multi.Generic ( 1 )
09:08:45.0511 0x11f0 Detect skipped due to KSN trusted
09:08:45.0511 0x11f0 monitor - ok
09:08:45.0604 0x11f0 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:08:45.0620 0x11f0 mouclass - ok
09:08:45.0636 0x11f0 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:08:45.0667 0x11f0 mouhid - detected UnsignedFile.Multi.Generic ( 1 )
09:08:48.0475 0x11f0 Detect skipped due to KSN trusted
09:08:48.0475 0x11f0 mouhid - ok
09:08:48.0553 0x11f0 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:08:48.0568 0x11f0 mountmgr - ok
09:08:48.0646 0x11f0 [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:08:48.0662 0x11f0 MozillaMaintenance - ok
09:08:48.0662 0x11f0 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
09:08:48.0678 0x11f0 mpio - ok
09:08:48.0740 0x11f0 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:08:48.0756 0x11f0 mpsdrv - detected UnsignedFile.Multi.Generic ( 1 )
09:08:51.0564 0x11f0 Detect skipped due to KSN trusted
09:08:51.0564 0x11f0 mpsdrv - ok
09:08:51.0642 0x11f0 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:08:51.0688 0x11f0 MpsSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:08:54.0496 0x11f0 Detect skipped due to KSN trusted
09:08:54.0496 0x11f0 MpsSvc - ok
09:08:54.0528 0x11f0 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:08:54.0574 0x11f0 MRxDAV - detected UnsignedFile.Multi.Generic ( 1 )
09:08:57.0289 0x11f0 Detect skipped due to KSN trusted
09:08:57.0289 0x11f0 MRxDAV - ok
09:08:57.0351 0x11f0 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:08:57.0382 0x11f0 mrxsmb - detected UnsignedFile.Multi.Generic ( 1 )
09:09:01.0688 0x11f0 Detect skipped due to KSN trusted
09:09:01.0688 0x11f0 mrxsmb - ok
09:09:01.0751 0x11f0 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:09:01.0782 0x11f0 mrxsmb10 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:04.0559 0x11f0 Detect skipped due to KSN trusted
09:09:04.0559 0x11f0 mrxsmb10 - ok
09:09:04.0574 0x11f0 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:09:04.0605 0x11f0 mrxsmb20 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:07.0320 0x11f0 Detect skipped due to KSN trusted
09:09:07.0320 0x11f0 mrxsmb20 - ok
09:09:07.0382 0x11f0 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
09:09:07.0398 0x11f0 msahci - ok
09:09:07.0413 0x11f0 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:09:07.0429 0x11f0 msdsm - ok
09:09:07.0460 0x11f0 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
09:09:07.0476 0x11f0 MSDTC - detected UnsignedFile.Multi.Generic ( 1 )
09:09:10.0190 0x11f0 Detect skipped due to KSN trusted
09:09:10.0190 0x11f0 MSDTC - ok
09:09:10.0299 0x11f0 [ 114B67C324D64C8195FD3BF93B4DF02A, EF9349BD28578D3BE57946125AA909DFF902D8CB0BFCD9902F690C70F78E3EEB ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
09:09:10.0346 0x11f0 MSDV - detected UnsignedFile.Multi.Generic ( 1 )
09:09:13.0263 0x11f0 Detect skipped due to KSN trusted
09:09:13.0263 0x11f0 MSDV - ok
09:09:13.0310 0x11f0 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:09:13.0341 0x11f0 Msfs - detected UnsignedFile.Multi.Generic ( 1 )
09:09:15.0993 0x11f0 Detect skipped due to KSN trusted
09:09:15.0993 0x11f0 Msfs - ok
09:09:16.0040 0x11f0 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:09:16.0071 0x11f0 mshidkmdf - detected UnsignedFile.Multi.Generic ( 1 )
09:09:21.0344 0x11f0 Detect skipped due to KSN trusted
09:09:21.0344 0x11f0 mshidkmdf - ok
09:09:21.0422 0x11f0 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:09:21.0438 0x11f0 msisadrv - ok
09:09:21.0469 0x11f0 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:09:21.0500 0x11f0 MSiSCSI - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0406 0x11f0 Object is SCO, delete is not allowed
09:09:31.0406 0x11f0 MSiSCSI ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0406 0x11f0 Force sending object to P2P due to detect: MSiSCSI
09:09:31.0406 0x11f0 Object send P2P result: false
09:09:31.0406 0x11f0 msiserver - ok
09:09:31.0422 0x11f0 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:09:31.0437 0x11f0 MSKSSRV - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0437 0x11f0 Object is SCO, delete is not allowed
09:09:31.0437 0x11f0 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0437 0x11f0 Force sending object to P2P due to detect: MSKSSRV
09:09:31.0437 0x11f0 Object send P2P result: false
09:09:31.0484 0x11f0 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:09:31.0515 0x11f0 MSPCLOCK - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0515 0x11f0 Object is SCO, delete is not allowed
09:09:31.0515 0x11f0 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0531 0x11f0 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:09:31.0562 0x11f0 MSPQM - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0562 0x11f0 Object is SCO, delete is not allowed
09:09:31.0562 0x11f0 MSPQM ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0578 0x11f0 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:09:31.0593 0x11f0 MsRPC - ok
09:09:31.0609 0x11f0 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:09:31.0609 0x11f0 mssmbios - ok
09:09:31.0625 0x11f0 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:09:31.0656 0x11f0 MSTEE - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0656 0x11f0 Object is SCO, delete is not allowed
09:09:31.0656 0x11f0 MSTEE ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0656 0x11f0 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:09:31.0687 0x11f0 MTConfig - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0687 0x11f0 MTConfig ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0687 0x11f0 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
09:09:31.0703 0x11f0 Mup - ok
09:09:31.0734 0x11f0 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
09:09:31.0765 0x11f0 napagent - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0765 0x11f0 Object is SCO, delete is not allowed
09:09:31.0765 0x11f0 napagent ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0812 0x11f0 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:09:31.0843 0x11f0 NativeWifiP - detected UnsignedFile.Multi.Generic ( 1 )
09:09:31.0843 0x11f0 Object is SCO, delete is not allowed
09:09:31.0843 0x11f0 NativeWifiP ( UnsignedFile.Multi.Generic ) - warning
09:09:31.0921 0x11f0 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:09:31.0952 0x11f0 NDIS - ok
09:09:32.0015 0x11f0 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:09:32.0030 0x11f0 NdisCap - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0030 0x11f0 NdisCap ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0093 0x11f0 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:09:32.0124 0x11f0 NdisTapi - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0124 0x11f0 Object is SCO, delete is not allowed
09:09:32.0124 0x11f0 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0155 0x11f0 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:09:32.0186 0x11f0 Ndisuio - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0186 0x11f0 Object is SCO, delete is not allowed
09:09:32.0186 0x11f0 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0202 0x11f0 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:09:32.0233 0x11f0 NdisWan - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0233 0x11f0 Object is SCO, delete is not allowed
09:09:32.0233 0x11f0 NdisWan ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0280 0x11f0 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:09:32.0311 0x11f0 NDProxy - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0311 0x11f0 Object is SCO, delete is not allowed
09:09:32.0311 0x11f0 NDProxy ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0358 0x11f0 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:09:32.0389 0x11f0 NetBIOS - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0389 0x11f0 Object is SCO, delete is not allowed
09:09:32.0389 0x11f0 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0405 0x11f0 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:09:32.0436 0x11f0 NetBT - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0436 0x11f0 Object is SCO, delete is not allowed
09:09:32.0436 0x11f0 NetBT ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0451 0x11f0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
09:09:32.0483 0x11f0 Netlogon - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0483 0x11f0 Detect skipped due to KSN trusted
09:09:32.0483 0x11f0 Netlogon - ok
09:09:32.0514 0x11f0 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
09:09:32.0545 0x11f0 Netman - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0545 0x11f0 Netman ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0607 0x11f0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:09:32.0639 0x11f0 NetMsmqActivator - ok
09:09:32.0670 0x11f0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:09:32.0701 0x11f0 NetPipeActivator - ok
09:09:32.0732 0x11f0 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
09:09:32.0810 0x11f0 netprofm - detected UnsignedFile.Multi.Generic ( 1 )
09:09:32.0810 0x11f0 Object is SCO, delete is not allowed
09:09:32.0810 0x11f0 netprofm ( UnsignedFile.Multi.Generic ) - warning
09:09:32.0841 0x11f0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:09:32.0857 0x11f0 NetTcpActivator - ok
09:09:32.0873 0x11f0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:09:32.0888 0x11f0 NetTcpPortSharing - ok
09:09:33.0138 0x11f0 [ 3577B851E59DA59E6D65419A057C9914, 1B1F0B3BDF697E1A226B5346F55570DC13365FFD615C0158CD3287C4DD0B9CB2 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
09:09:33.0465 0x11f0 NETw5s32 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:33.0465 0x11f0 NETw5s32 ( UnsignedFile.Multi.Generic ) - warning
09:09:33.0590 0x11f0 [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
09:09:33.0809 0x11f0 netw5v32 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:33.0809 0x11f0 netw5v32 ( UnsignedFile.Multi.Generic ) - warning
09:09:34.0121 0x11f0 [ 5C979C481981E04919ECBB3B88D54B34, B7FF0BF75A5BCDA33F62BA85BA3391A02704B19609AD676FDF90E541687FC501 ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
09:09:34.0479 0x11f0 NETwNs32 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:34.0479 0x11f0 NETwNs32 ( UnsignedFile.Multi.Generic ) - warning
09:09:34.0511 0x11f0 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:09:34.0526 0x11f0 nfrd960 - ok
09:09:34.0573 0x11f0 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:09:34.0620 0x11f0 NlaSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:34.0620 0x11f0 Object is SCO, delete is not allowed
09:09:34.0620 0x11f0 NlaSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:34.0682 0x11f0 [ 25401B0C9576C8456B3E0BBD74FF0771, BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA ] NPF C:\Windows\system32\drivers\npf.sys
09:09:34.0698 0x11f0 NPF - ok
09:09:34.0713 0x11f0 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:09:34.0729 0x11f0 Npfs - detected UnsignedFile.Multi.Generic ( 1 )
09:09:34.0745 0x11f0 Object is SCO, delete is not allowed
09:09:34.0745 0x11f0 Npfs ( UnsignedFile.Multi.Generic ) - warning
09:09:34.0745 0x11f0 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
09:09:34.0776 0x11f0 nsi - detected UnsignedFile.Multi.Generic ( 1 )
09:09:34.0776 0x11f0 Object is SCO, delete is not allowed
09:09:34.0776 0x11f0 nsi ( UnsignedFile.Multi.Generic ) - warning
09:09:34.0823 0x11f0 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:09:34.0854 0x11f0 nsiproxy - detected UnsignedFile.Multi.Generic ( 1 )
09:09:34.0854 0x11f0 Object is SCO, delete is not allowed
09:09:34.0854 0x11f0 nsiproxy ( UnsignedFile.Multi.Generic ) - warning
09:09:34.0963 0x11f0 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:09:35.0010 0x11f0 Ntfs - ok
09:09:35.0025 0x11f0 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
09:09:35.0057 0x11f0 Null - detected UnsignedFile.Multi.Generic ( 1 )
09:09:35.0057 0x11f0 Object is SCO, delete is not allowed
09:09:35.0057 0x11f0 Null ( UnsignedFile.Multi.Generic ) - warning
09:09:35.0119 0x11f0 [ FBEC0FD36ED61EFEE1E3063281EAB984, AE4BC81897FDDE6EBEE7A9A3C9252A8E454B80831A853F9D1DCC0C2F8FA7DAAC ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
09:09:35.0150 0x11f0 NVHDA - ok
09:09:35.0431 0x11f0 [ 0F2AA7E719ABF64A1504997EDF5EDCD6, 9787B279E8BB4D27DC60E855C271441BBBA9766921DA02EAAD1D36A966D08C0C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:09:35.0727 0x11f0 nvlddmkm - ok
09:09:35.0774 0x11f0 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:09:35.0790 0x11f0 nvraid - ok
09:09:35.0790 0x11f0 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:09:35.0805 0x11f0 nvstor - ok
09:09:35.0883 0x11f0 [ F8901C8D170BF16DBA6F396025D9AB15, FFDA9977F13EF5DF2C76DF3CFD4695D5C5C05871E73173E8C5D4E0E2A904C534 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:09:35.0915 0x11f0 nvsvc - ok
09:09:35.0930 0x11f0 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:09:35.0946 0x11f0 nv_agp - ok
09:09:35.0977 0x11f0 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:09:35.0993 0x11f0 ohci1394 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:35.0993 0x11f0 Object is SCO, delete is not allowed
09:09:35.0993 0x11f0 ohci1394 ( UnsignedFile.Multi.Generic ) - warning
09:09:36.0071 0x11f0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:09:36.0071 0x11f0 ose - ok
09:09:36.0227 0x11f0 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:09:36.0383 0x11f0 osppsvc - ok
09:09:36.0414 0x11f0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:09:36.0445 0x11f0 p2pimsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:36.0445 0x11f0 p2pimsvc ( UnsignedFile.Multi.Generic ) - warning
09:09:36.0461 0x11f0 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
09:09:36.0492 0x11f0 p2psvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:36.0492 0x11f0 Object is SCO, delete is not allowed
09:09:36.0492 0x11f0 p2psvc ( UnsignedFile.Multi.Generic ) - warning
09:09:36.0507 0x11f0 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:09:36.0539 0x11f0 Parport - detected UnsignedFile.Multi.Generic ( 1 )
09:09:36.0539 0x11f0 Object is SCO, delete is not allowed
09:09:36.0539 0x11f0 Parport ( UnsignedFile.Multi.Generic ) - warning
09:09:36.0585 0x11f0 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:09:36.0601 0x11f0 partmgr - ok
09:09:36.0617 0x11f0 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:09:36.0632 0x11f0 Parvdm - detected UnsignedFile.Multi.Generic ( 1 )
09:09:36.0632 0x11f0 Parvdm ( UnsignedFile.Multi.Generic ) - warning
09:09:36.0726 0x11f0 [ 39B9DCD7040654C2E57D7396736C718E, 70A637A955A2611E5ADA31FDD4B1D7EEECFBC22504A770DA71B502E160AEDAFD ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
09:09:36.0757 0x11f0 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
09:09:36.0757 0x11f0 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
09:09:36.0773 0x11f0 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:09:36.0804 0x11f0 PcaSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:36.0804 0x11f0 Object is SCO, delete is not allowed
09:09:36.0804 0x11f0 PcaSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:36.0819 0x11f0 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
09:09:36.0835 0x11f0 pci - ok
09:09:36.0882 0x11f0 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
09:09:36.0882 0x11f0 pciide - ok
09:09:36.0913 0x11f0 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:09:36.0929 0x11f0 pcmcia - ok
09:09:36.0944 0x11f0 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
09:09:36.0960 0x11f0 pcw - ok
09:09:36.0991 0x11f0 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:09:37.0053 0x11f0 PEAUTH - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0053 0x11f0 Object is SCO, delete is not allowed
09:09:37.0053 0x11f0 PEAUTH ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0131 0x11f0 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:09:37.0225 0x11f0 PeerDistSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0225 0x11f0 PeerDistSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0350 0x11f0 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
09:09:37.0428 0x11f0 pla - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0428 0x11f0 Object is SCO, delete is not allowed
09:09:37.0428 0x11f0 pla ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0506 0x11f0 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:09:37.0537 0x11f0 PlugPlay - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0537 0x11f0 Object is SCO, delete is not allowed
09:09:37.0537 0x11f0 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0537 0x11f0 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:09:37.0568 0x11f0 PNRPAutoReg - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0568 0x11f0 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0599 0x11f0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:09:37.0631 0x11f0 PNRPsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0631 0x11f0 PNRPsvc ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0631 0x11f0 Force sending object to P2P due to detect: PNRPsvc
09:09:37.0631 0x11f0 Object send P2P result: false
09:09:37.0662 0x11f0 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:09:37.0709 0x11f0 PolicyAgent - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0709 0x11f0 Object is SCO, delete is not allowed
09:09:37.0709 0x11f0 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0709 0x11f0 Force sending object to P2P due to detect: PolicyAgent
09:09:37.0709 0x11f0 Object send P2P result: false
09:09:37.0740 0x11f0 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
09:09:37.0771 0x11f0 Power - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0771 0x11f0 Power ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0849 0x11f0 [ 6C9FE6569F190BC77ECD334F0E650F74, 2DD001AD59D7769ACDCA6C7BE37CDEFBAD558679A3465681D61F93BE034CC930 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
09:09:37.0849 0x11f0 Power Manager DBC Service - ok
09:09:37.0865 0x11f0 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:09:37.0896 0x11f0 PptpMiniport - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0896 0x11f0 Object is SCO, delete is not allowed
09:09:37.0896 0x11f0 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0911 0x11f0 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:09:37.0943 0x11f0 Processor - detected UnsignedFile.Multi.Generic ( 1 )
09:09:37.0943 0x11f0 Object is SCO, delete is not allowed
09:09:37.0943 0x11f0 Processor ( UnsignedFile.Multi.Generic ) - warning
09:09:37.0974 0x11f0 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:09:38.0021 0x11f0 ProfSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0021 0x11f0 Object is SCO, delete is not allowed
09:09:38.0021 0x11f0 ProfSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0052 0x11f0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:09:38.0067 0x11f0 ProtectedStorage - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0067 0x11f0 Detect skipped due to KSN trusted
09:09:38.0067 0x11f0 ProtectedStorage - ok
09:09:38.0099 0x11f0 [ 72DE205CD4006DC45B1401859C506679, E5F7A616D2ECE172ECB13F7492D34B853E92F0F5AD5A727A0683DC5C32985D3A ] psadd C:\Windows\system32\DRIVERS\psadd.sys
09:09:38.0099 0x11f0 psadd - ok
09:09:38.0161 0x11f0 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:09:38.0192 0x11f0 Psched - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0192 0x11f0 Object is SCO, delete is not allowed
09:09:38.0192 0x11f0 Psched ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0255 0x11f0 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:09:38.0270 0x11f0 PxHelp20 - ok
09:09:38.0333 0x11f0 [ 681177830D9C62C43F664F313D116821, 1F5D0064C74371BE7890E4B292ABACFE5BA2B9FB5E205B97D34F36F832E92C1D ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:09:38.0364 0x11f0 QBCFMonitorService - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0364 0x11f0 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0442 0x11f0 [ 2241EAF40E472C471CB80CF6B97CCA11, A19F76D73A8FF69DF6A008B6B079989376FAC3E4B743054AC257A758904C9A97 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:09:38.0473 0x11f0 QBFCService - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0473 0x11f0 QBFCService ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0551 0x11f0 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:09:38.0613 0x11f0 ql2300 - ok
09:09:38.0629 0x11f0 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:09:38.0645 0x11f0 ql40xx - ok
09:09:38.0676 0x11f0 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
09:09:38.0707 0x11f0 QWAVE - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0707 0x11f0 Object is SCO, delete is not allowed
09:09:38.0707 0x11f0 QWAVE ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0707 0x11f0 Force sending object to P2P due to detect: QWAVE
09:09:38.0707 0x11f0 Object send P2P result: false
09:09:38.0723 0x11f0 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:09:38.0754 0x11f0 QWAVEdrv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0754 0x11f0 Object is SCO, delete is not allowed
09:09:38.0754 0x11f0 QWAVEdrv ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0754 0x11f0 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:09:38.0785 0x11f0 RasAcd - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0785 0x11f0 Object is SCO, delete is not allowed
09:09:38.0785 0x11f0 RasAcd ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0785 0x11f0 Force sending object to P2P due to detect: RasAcd
09:09:38.0785 0x11f0 Object send P2P result: false
09:09:38.0832 0x11f0 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:09:38.0863 0x11f0 RasAgileVpn - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0863 0x11f0 RasAgileVpn ( UnsignedFile.Multi.Generic ) - warning
09:09:38.0879 0x11f0 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
09:09:38.0910 0x11f0 RasAuto - detected UnsignedFile.Multi.Generic ( 1 )
09:09:38.0910 0x11f0 Object is SCO, delete is not allowed
09:09:38.0910 0x11f0 RasAuto ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0144 0x11f0 [ 52B9FA60C8B60932AABFAE73CF3BA61C, 01A364D22603B852E9FB659CCBBB637A27DA78D01EE9F4288A78310EF56C8D2C ] raserver C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
09:09:39.0206 0x11f0 raserver - ok
09:09:39.0237 0x11f0 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:09:39.0269 0x11f0 Rasl2tp - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0269 0x11f0 Object is SCO, delete is not allowed
09:09:39.0269 0x11f0 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0269 0x11f0 Force sending object to P2P due to detect: Rasl2tp
09:09:39.0269 0x11f0 Object send P2P result: false
09:09:39.0300 0x11f0 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
09:09:39.0331 0x11f0 RasMan - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0331 0x11f0 Object is SCO, delete is not allowed
09:09:39.0331 0x11f0 RasMan ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0331 0x11f0 Force sending object to P2P due to detect: RasMan
09:09:39.0331 0x11f0 Object send P2P result: false
09:09:39.0362 0x11f0 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:09:39.0393 0x11f0 RasPppoe - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0393 0x11f0 Object is SCO, delete is not allowed
09:09:39.0393 0x11f0 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0393 0x11f0 Force sending object to P2P due to detect: RasPppoe
09:09:39.0409 0x11f0 Object send P2P result: false
09:09:39.0440 0x11f0 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:09:39.0471 0x11f0 RasSstp - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0471 0x11f0 Object is SCO, delete is not allowed
09:09:39.0471 0x11f0 RasSstp ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0471 0x11f0 Force sending object to P2P due to detect: RasSstp
09:09:39.0471 0x11f0 Object send P2P result: false
09:09:39.0518 0x11f0 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:09:39.0549 0x11f0 rdbss - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0549 0x11f0 Object is SCO, delete is not allowed
09:09:39.0549 0x11f0 rdbss ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0549 0x11f0 Force sending object to P2P due to detect: rdbss
09:09:39.0565 0x11f0 Object send P2P result: false
09:09:39.0565 0x11f0 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:09:39.0596 0x11f0 rdpbus - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0596 0x11f0 rdpbus ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0612 0x11f0 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:09:39.0643 0x11f0 RDPCDD - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0643 0x11f0 Object is SCO, delete is not allowed
09:09:39.0643 0x11f0 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0690 0x11f0 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:09:39.0737 0x11f0 RDPDR - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0737 0x11f0 Object is SCO, delete is not allowed
09:09:39.0737 0x11f0 RDPDR ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0737 0x11f0 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:09:39.0783 0x11f0 RDPENCDD - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0783 0x11f0 Object is SCO, delete is not allowed
09:09:39.0783 0x11f0 RDPENCDD ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0783 0x11f0 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:09:39.0815 0x11f0 RDPREFMP - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0815 0x11f0 RDPREFMP ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0846 0x11f0 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:09:39.0893 0x11f0 RdpVideoMiniport - detected UnsignedFile.Multi.Generic ( 1 )
09:09:39.0893 0x11f0 RdpVideoMiniport ( UnsignedFile.Multi.Generic ) - warning
09:09:39.0971 0x11f0 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:09:40.0002 0x11f0 RDPWD - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0002 0x11f0 Object is SCO, delete is not allowed
09:09:40.0002 0x11f0 RDPWD ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0049 0x11f0 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:09:40.0080 0x11f0 rdyboost - ok
09:09:40.0127 0x11f0 [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi C:\Windows\system32\drivers\regi.sys
09:09:40.0142 0x11f0 regi - ok
09:09:40.0236 0x11f0 [ 6C47AC711F5FB55C5387A85D50AB4703, E53A999F22FD139EA9209AF6E0B8FDBE6BBD64A040B4742585A75F932AFEEF0E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:09:40.0267 0x11f0 RegSrvc - ok
09:09:40.0283 0x11f0 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:09:40.0314 0x11f0 RemoteAccess - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0314 0x11f0 Object is SCO, delete is not allowed
09:09:40.0314 0x11f0 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0329 0x11f0 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:09:40.0376 0x11f0 RemoteRegistry - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0376 0x11f0 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0423 0x11f0 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:09:40.0454 0x11f0 RFCOMM - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0454 0x11f0 RFCOMM ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0548 0x11f0 [ E891F07815AF88075705EF6A248711F6, E21FEAD2A2E5A036B87A1C38F5190B507B76A59486FF9FD70890D2EF9BD03612 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
09:09:40.0563 0x11f0 rimspci - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0563 0x11f0 rimspci ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0610 0x11f0 [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
09:09:40.0626 0x11f0 rpcapd - ok
09:09:40.0641 0x11f0 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:09:40.0673 0x11f0 RpcEptMapper - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0673 0x11f0 RpcEptMapper ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0688 0x11f0 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
09:09:40.0719 0x11f0 RpcLocator - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0719 0x11f0 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0751 0x11f0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
09:09:40.0782 0x11f0 RpcSs - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0782 0x11f0 Detect skipped due to KSN trusted
09:09:40.0782 0x11f0 RpcSs - ok
09:09:40.0797 0x11f0 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:09:40.0829 0x11f0 rspndr - detected UnsignedFile.Multi.Generic ( 1 )
09:09:40.0829 0x11f0 Object is SCO, delete is not allowed
09:09:40.0829 0x11f0 rspndr ( UnsignedFile.Multi.Generic ) - warning
09:09:40.0922 0x11f0 [ 45F606823EAA469582318C722C76A29D, 1016FBE111638AE369F7C5FF6CA33178FD6CB06D361F3B488DE6C4D85A22253A ] RUBotSrv C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
09:09:40.0953 0x11f0 RUBotSrv - ok
09:09:41.0000 0x11f0 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:09:41.0031 0x11f0 s3cap - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0031 0x11f0 s3cap ( UnsignedFile.Multi.Generic ) - warning
09:09:41.0031 0x11f0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
09:09:41.0063 0x11f0 SamSs - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0063 0x11f0 Detect skipped due to KSN trusted
09:09:41.0063 0x11f0 SamSs - ok
09:09:41.0078 0x11f0 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:09:41.0094 0x11f0 sbp2port - ok
09:09:41.0141 0x11f0 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:09:41.0172 0x11f0 SCardSvr - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0172 0x11f0 Object is SCO, delete is not allowed
09:09:41.0172 0x11f0 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
09:09:41.0172 0x11f0 Force sending object to P2P due to detect: SCardSvr
09:09:41.0172 0x11f0 Object send P2P result: false
09:09:41.0187 0x11f0 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:09:41.0219 0x11f0 scfilter - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0219 0x11f0 scfilter ( UnsignedFile.Multi.Generic ) - warning
09:09:41.0250 0x11f0 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
09:09:41.0297 0x11f0 Schedule - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0297 0x11f0 Schedule ( UnsignedFile.Multi.Generic ) - warning
09:09:41.0328 0x11f0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:09:41.0343 0x11f0 SCPolicySvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0343 0x11f0 Detect skipped due to KSN trusted
09:09:41.0343 0x11f0 SCPolicySvc - ok
09:09:41.0359 0x11f0 [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:09:41.0390 0x11f0 sdbus - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0390 0x11f0 sdbus ( UnsignedFile.Multi.Generic ) - warning
09:09:41.0406 0x11f0 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:09:41.0437 0x11f0 SDRSVC - detected UnsignedFile.Multi.Generic ( 1 )
09:09:41.0437 0x11f0 Object is SCO, delete is not allowed
09:09:41.0437 0x11f0 SDRSVC ( UnsignedFile.Multi.Generic ) - warning
09:09:41.0640 0x11f0 [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:09:41.0796 0x11f0 SDScannerService - ok
09:09:41.0889 0x11f0 [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:09:41.0952 0x11f0 SDUpdateService - ok
09:09:42.0014 0x11f0 [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:09:42.0030 0x11f0 SDWSCService - ok
09:09:42.0045 0x11f0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:09:42.0077 0x11f0 secdrv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0077 0x11f0 secdrv ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0077 0x11f0 Force sending object to P2P due to detect: secdrv
09:09:42.0077 0x11f0 Object send P2P result: false
09:09:42.0092 0x11f0 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
09:09:42.0123 0x11f0 seclogon - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0123 0x11f0 Object is SCO, delete is not allowed
09:09:42.0123 0x11f0 seclogon ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0123 0x11f0 Force sending object to P2P due to detect: seclogon
09:09:42.0123 0x11f0 Object send P2P result: false
09:09:42.0170 0x11f0 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
09:09:42.0201 0x11f0 SENS - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0201 0x11f0 Object is SCO, delete is not allowed
09:09:42.0201 0x11f0 SENS ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0233 0x11f0 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:09:42.0264 0x11f0 SensrSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0264 0x11f0 SensrSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0264 0x11f0 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:09:42.0295 0x11f0 Serenum - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0295 0x11f0 Object is SCO, delete is not allowed
09:09:42.0295 0x11f0 Serenum ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0326 0x11f0 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:09:42.0357 0x11f0 Serial - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0357 0x11f0 Object is SCO, delete is not allowed
09:09:42.0357 0x11f0 Serial ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0373 0x11f0 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:09:42.0404 0x11f0 sermouse - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0404 0x11f0 Object is SCO, delete is not allowed
09:09:42.0404 0x11f0 sermouse ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0435 0x11f0 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
09:09:42.0467 0x11f0 SessionEnv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0467 0x11f0 Object is SCO, delete is not allowed
09:09:42.0467 0x11f0 SessionEnv ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0482 0x11f0 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:09:42.0513 0x11f0 sffdisk - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0513 0x11f0 Object is SCO, delete is not allowed
09:09:42.0513 0x11f0 sffdisk ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0513 0x11f0 Force sending object to P2P due to detect: sffdisk
09:09:42.0513 0x11f0 Object send P2P result: false
09:09:42.0529 0x11f0 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:09:42.0545 0x11f0 sffp_mmc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0560 0x11f0 Object is SCO, delete is not allowed
09:09:42.0560 0x11f0 sffp_mmc ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0560 0x11f0 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:09:42.0591 0x11f0 sffp_sd - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0591 0x11f0 Object is SCO, delete is not allowed
09:09:42.0591 0x11f0 sffp_sd ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0591 0x11f0 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:09:42.0623 0x11f0 sfloppy - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0623 0x11f0 Object is SCO, delete is not allowed
09:09:42.0623 0x11f0 sfloppy ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0638 0x11f0 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:09:42.0669 0x11f0 SharedAccess - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0669 0x11f0 Object is SCO, delete is not allowed
09:09:42.0669 0x11f0 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0732 0x11f0 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:09:42.0763 0x11f0 ShellHWDetection - detected UnsignedFile.Multi.Generic ( 1 )
09:09:42.0763 0x11f0 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
09:09:42.0841 0x11f0 [ 486A1BD22DD66D0A8542EBB0CD792BDB, E59329EFF47EB4B8CB0D5D122A781A6DEDCB164A82C059B41703E75B46F2CACF ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
09:09:42.0857 0x11f0 Shockprf - ok
09:09:42.0872 0x11f0 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:09:42.0872 0x11f0 sisagp - ok
09:09:42.0888 0x11f0 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:09:42.0903 0x11f0 SiSRaid2 - ok
09:09:42.0903 0x11f0 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:09:42.0919 0x11f0 SiSRaid4 - ok
09:09:43.0013 0x11f0 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:09:43.0028 0x11f0 SkypeUpdate - ok
09:09:43.0044 0x11f0 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:09:43.0075 0x11f0 Smb - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0075 0x11f0 Object is SCO, delete is not allowed
09:09:43.0075 0x11f0 Smb ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0122 0x11f0 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:09:43.0153 0x11f0 SNMPTRAP - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0153 0x11f0 Object is SCO, delete is not allowed
09:09:43.0153 0x11f0 SNMPTRAP ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0169 0x11f0 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
09:09:43.0184 0x11f0 spldr - ok
09:09:43.0231 0x11f0 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
09:09:43.0278 0x11f0 Spooler - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0278 0x11f0 Spooler ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0387 0x11f0 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
09:09:43.0512 0x11f0 sppsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0512 0x11f0 sppsvc ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0512 0x11f0 Force sending object to P2P due to detect: sppsvc
09:09:43.0527 0x11f0 Object send P2P result: false
09:09:43.0543 0x11f0 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:09:43.0574 0x11f0 sppuinotify - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0574 0x11f0 sppuinotify ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0605 0x11f0 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:09:43.0652 0x11f0 srv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0652 0x11f0 Object is SCO, delete is not allowed
09:09:43.0652 0x11f0 srv ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0668 0x11f0 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:09:43.0715 0x11f0 srv2 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0715 0x11f0 Object is SCO, delete is not allowed
09:09:43.0715 0x11f0 srv2 ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0715 0x11f0 Force sending object to P2P due to detect: srv2
09:09:43.0715 0x11f0 Object send P2P result: false
09:09:43.0761 0x11f0 [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:09:43.0793 0x11f0 SrvHsfHDA - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0793 0x11f0 SrvHsfHDA ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0793 0x11f0 Force sending object to P2P due to detect: SrvHsfHDA
09:09:43.0808 0x11f0 Object send P2P result: false
09:09:43.0839 0x11f0 [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:09:43.0917 0x11f0 SrvHsfV92 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:43.0917 0x11f0 SrvHsfV92 ( UnsignedFile.Multi.Generic ) - warning
09:09:43.0964 0x11f0 [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:09:44.0042 0x11f0 SrvHsfWinac - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0042 0x11f0 SrvHsfWinac ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0058 0x11f0 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:09:44.0089 0x11f0 srvnet - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0089 0x11f0 Object is SCO, delete is not allowed
09:09:44.0089 0x11f0 srvnet ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0089 0x11f0 Force sending object to P2P due to detect: srvnet
09:09:44.0089 0x11f0 Object send P2P result: false
09:09:44.0105 0x11f0 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:09:44.0136 0x11f0 SSDPSRV - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0136 0x11f0 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0151 0x11f0 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:09:44.0183 0x11f0 SstpSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0183 0x11f0 Object is SCO, delete is not allowed
09:09:44.0183 0x11f0 SstpSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0245 0x11f0 [ 585FDB94DB04AC1C56298D1FD1F1389E, 5CEBAAF3B649E580B3EF2B9B38426D6EE13B244BE1274BA0C0A468EC4CFB680C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:09:44.0276 0x11f0 ssudmdm - ok
09:09:44.0323 0x11f0 [ 6E1A473DD2A4714EAF7D11E2315DF794, 4460546191072C7DF8B2E5A00577BA8E4FF5A1B2EA399DDF65EBE1AE4A5A5C84 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
09:09:44.0354 0x11f0 Steam Client Service - ok
09:09:44.0385 0x11f0 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:09:44.0401 0x11f0 stexstor - ok
09:09:44.0463 0x11f0 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
09:09:44.0526 0x11f0 StiSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0526 0x11f0 Object is SCO, delete is not allowed
09:09:44.0526 0x11f0 StiSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0526 0x11f0 Force sending object to P2P due to detect: StiSvc
09:09:44.0526 0x11f0 Object send P2P result: false
09:09:44.0541 0x11f0 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:09:44.0573 0x11f0 storflt - ok
09:09:44.0604 0x11f0 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
09:09:44.0635 0x11f0 StorSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0635 0x11f0 StorSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0651 0x11f0 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:09:44.0666 0x11f0 storvsc - ok
09:09:44.0760 0x11f0 [ 6EA2F517373771CAC5188E82617C9C0B, 8ADCCF88C0BA60994060AEDA97873EBDEACBCC728FD379F117DCB6A095E59CB9 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
09:09:44.0791 0x11f0 SUService - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0791 0x11f0 SUService ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0791 0x11f0 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
09:09:44.0807 0x11f0 swenum - ok
09:09:44.0900 0x11f0 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:09:44.0947 0x11f0 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
09:09:44.0947 0x11f0 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
09:09:44.0947 0x11f0 Force sending object to P2P due to detect: SwitchBoard
09:09:44.0947 0x11f0 Object send P2P result: false
09:09:44.0978 0x11f0 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
09:09:45.0009 0x11f0 swprv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0009 0x11f0 Object is SCO, delete is not allowed
09:09:45.0009 0x11f0 swprv ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0072 0x11f0 [ FFFA898575A8A16665429AFAE3D55302, 4241268D45E86D797250A996C014F7F4F701DF023A64669217C1EBE2555836BE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:09:45.0087 0x11f0 SynTP - ok
09:09:45.0134 0x11f0 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
09:09:45.0212 0x11f0 SysMain - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0212 0x11f0 Object is SCO, delete is not allowed
09:09:45.0212 0x11f0 SysMain ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0275 0x11f0 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
09:09:45.0306 0x11f0 TabletInputService - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0306 0x11f0 Object is SCO, delete is not allowed
09:09:45.0306 0x11f0 TabletInputService ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0306 0x11f0 Force sending object to P2P due to detect: TabletInputService
09:09:45.0306 0x11f0 Object send P2P result: false
09:09:45.0321 0x11f0 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
09:09:45.0353 0x11f0 TapiSrv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0353 0x11f0 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0384 0x11f0 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
09:09:45.0415 0x11f0 TBS - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0415 0x11f0 Object is SCO, delete is not allowed
09:09:45.0415 0x11f0 TBS ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0415 0x11f0 Force sending object to P2P due to detect: TBS
09:09:45.0415 0x11f0 Object send P2P result: false
09:09:45.0493 0x11f0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:09:45.0555 0x11f0 Tcpip - ok
09:09:45.0633 0x11f0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:09:45.0680 0x11f0 TCPIP6 - ok
09:09:45.0727 0x11f0 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:09:45.0743 0x11f0 tcpipreg - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0743 0x11f0 Object is SCO, delete is not allowed
09:09:45.0743 0x11f0 tcpipreg ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0774 0x11f0 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:09:45.0805 0x11f0 TDPIPE - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0805 0x11f0 Object is SCO, delete is not allowed
09:09:45.0805 0x11f0 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0852 0x11f0 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:09:45.0883 0x11f0 TDTCP - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0883 0x11f0 Object is SCO, delete is not allowed
09:09:45.0883 0x11f0 TDTCP ( UnsignedFile.Multi.Generic ) - warning
09:09:45.0945 0x11f0 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:09:45.0977 0x11f0 tdx - detected UnsignedFile.Multi.Generic ( 1 )
09:09:45.0977 0x11f0 Object is SCO, delete is not allowed
09:09:45.0977 0x11f0 tdx ( UnsignedFile.Multi.Generic ) - warning
09:09:46.0008 0x11f0 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:09:46.0023 0x11f0 TermDD - ok
09:09:46.0086 0x11f0 [ E05E31F7BF577228E27CFFCA5B54ABBD, BF053DE7FA6DF33E15D0DD421F34962D92575ED163E4A605FE6B8DA9CEA5CF55 ] TermService C:\Windows\System32\termsrv.dll
09:09:46.0148 0x11f0 TermService - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0148 0x11f0 Object is SCO, delete is not allowed
09:09:46.0148 0x11f0 TermService ( UnsignedFile.Multi.Generic ) - warning
09:09:46.0164 0x11f0 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
09:09:46.0179 0x11f0 Themes - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0195 0x11f0 Themes ( UnsignedFile.Multi.Generic ) - warning
09:09:46.0195 0x11f0 Force sending object to P2P due to detect: Themes
09:09:46.0195 0x11f0 Object send P2P result: false
09:09:46.0289 0x11f0 [ 82C4830AB23A7AB125F38DA9A46B6A6D, 6A1DAA4E5E366142EA3E26DBAB005E88D9C0FB207331F1E11E6F2B06B4CECFF6 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:09:46.0335 0x11f0 ThinkVantage Registry Monitor Service - ok
09:09:46.0351 0x11f0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
09:09:46.0382 0x11f0 THREADORDER - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0382 0x11f0 Detect skipped due to KSN trusted
09:09:46.0382 0x11f0 THREADORDER - ok
09:09:46.0398 0x11f0 [ 20A439D6475D6FE1909159C0143D0466, 98C3627D084F75E751ABA25145FEE2C824B6978B49B763FC6B58EEDCA3CF4EB7 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
09:09:46.0413 0x11f0 TPDIGIMN - ok
09:09:46.0429 0x11f0 [ 3775E4AA5F72264DBAB7A578DD913ECF, 9050B068C2E45311CFAAC49CC504E17C7E05759646B3231A647FED536B3D0D1F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
09:09:46.0445 0x11f0 TPHDEXLGSVC - ok
09:09:46.0538 0x11f0 [ 9CD364ECB3A10B24C7CAC8FF89993A67, 5801E40BAF7F0F7AC7D3EC1CD785D4745B8FEFF9038CDD7EAC44B13744F4F72C ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
09:09:46.0554 0x11f0 TPHKLOAD - ok
09:09:46.0601 0x11f0 [ C04BB65441913AB621C58A8BD3169B23, 2EC3DD6A154CA9751F560960F5CD9659C8EFF7DF57505A165AFBB0EF45137082 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
09:09:46.0616 0x11f0 TPHKSVC - ok
09:09:46.0647 0x11f0 [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM C:\Windows\system32\drivers\tpm.sys
09:09:46.0663 0x11f0 TPM - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0663 0x11f0 TPM ( UnsignedFile.Multi.Generic ) - warning
09:09:46.0679 0x11f0 [ 6412DA2B8D079D821B99B3A99943284E, DE6B2E31C8AEE9FC0AE2D22C4145E3BF11715279A1725020BBB4C585586E18B2 ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
09:09:46.0694 0x11f0 TPPWRIF - ok
09:09:46.0694 0x11f0 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
09:09:46.0725 0x11f0 TrkWks - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0725 0x11f0 Object is SCO, delete is not allowed
09:09:46.0725 0x11f0 TrkWks ( UnsignedFile.Multi.Generic ) - warning
09:09:46.0757 0x11f0 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:09:46.0788 0x11f0 TrustedInstaller - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0788 0x11f0 Object is SCO, delete is not allowed
09:09:46.0788 0x11f0 TrustedInstaller ( UnsignedFile.Multi.Generic ) - warning
09:09:46.0835 0x11f0 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:09:46.0866 0x11f0 tssecsrv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0866 0x11f0 Object is SCO, delete is not allowed
09:09:46.0866 0x11f0 tssecsrv ( UnsignedFile.Multi.Generic ) - warning
09:09:46.0944 0x11f0 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:09:46.0959 0x11f0 TsUsbFlt - detected UnsignedFile.Multi.Generic ( 1 )
09:09:46.0959 0x11f0 TsUsbFlt ( UnsignedFile.Multi.Generic ) - warning
09:09:47.0131 0x11f0 [ F88A177FA51674CE8EAF43DA56DF5D36, D565C86BAAE8431D139C7FF79F9F365FE2361FCA302B9AB7E33169D08483F28B ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
09:09:47.0256 0x11f0 TuneUp.UtilitiesSvc - ok
09:09:47.0334 0x11f0 [ E5049C43601473B5A909058596111229, 96CFE481F767C66FA2877594384086C1BE8B2BADBF12DBF4CB72CF73898D0876 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
09:09:47.0349 0x11f0 TuneUpUtilitiesDrv - ok
09:09:47.0412 0x11f0 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:09:47.0443 0x11f0 tunnel - detected UnsignedFile.Multi.Generic ( 1 )
09:09:47.0443 0x11f0 Object is SCO, delete is not allowed
09:09:47.0443 0x11f0 tunnel ( UnsignedFile.Multi.Generic ) - warning
09:09:47.0490 0x11f0 [ C0847EDCCCEF8D4F5354E82EC9E90159, 1A16A1734A6E7652F78186D1B3B60E08D8CB27560C023E9348ED2BE30722679E ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
09:09:47.0490 0x11f0 TurboB - ok
09:09:47.0568 0x11f0 [ 8629F69817902D9D0F00EB3247AABA51, 43AD174B1029BAF62C5BBB3AA022EB02EFC0BBE3F76571C22BF96C35D895D9E6 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:09:47.0583 0x11f0 TurboBoost - ok
09:09:47.0708 0x11f0 [ B56DA1AA776C15043D10F82B32AA000D, F9AC51F63994343D454168FACE284411A5F63CF98A253171C62FB8B1A06E1529 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
09:09:47.0755 0x11f0 TVT Backup Service - detected UnsignedFile.Multi.Generic ( 1 )
09:09:47.0755 0x11f0 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
09:09:47.0755 0x11f0 Force sending object to P2P due to detect: TVT Backup Service
09:09:47.0755 0x11f0 Object send P2P result: false
09:09:47.0786 0x11f0 [ 3078906E991F29305E8066911153717E, 697779A867D8BDE2A1ACDC04F73D799595067E0CD82D1535F149025AD1F6B741 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
09:09:47.0786 0x11f0 TVTI2C - ok
09:09:47.0817 0x11f0 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:09:47.0833 0x11f0 uagp35 - ok
09:09:47.0849 0x11f0 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:09:47.0880 0x11f0 udfs - detected UnsignedFile.Multi.Generic ( 1 )
09:09:47.0880 0x11f0 Object is SCO, delete is not allowed
09:09:47.0880 0x11f0 udfs ( UnsignedFile.Multi.Generic ) - warning
09:09:47.0911 0x11f0 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:09:47.0958 0x11f0 UI0Detect - detected UnsignedFile.Multi.Generic ( 1 )
09:09:47.0958 0x11f0 Object is SCO, delete is not allowed
09:09:47.0958 0x11f0 UI0Detect ( UnsignedFile.Multi.Generic ) - warning
09:09:47.0973 0x11f0 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:09:47.0989 0x11f0 uliagpkx - ok
09:09:48.0020 0x11f0 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:09:48.0051 0x11f0 umbus - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0051 0x11f0 Object is SCO, delete is not allowed
09:09:48.0051 0x11f0 umbus ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0067 0x11f0 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:09:48.0098 0x11f0 UmPass - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0098 0x11f0 Object is SCO, delete is not allowed
09:09:48.0098 0x11f0 UmPass ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0145 0x11f0 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
09:09:48.0192 0x11f0 UmRdpService - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0192 0x11f0 Object is SCO, delete is not allowed
09:09:48.0192 0x11f0 UmRdpService ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0301 0x11f0 [ CCC28FA0DFDFDB161624F1C63296418C, 65E0C7D63BF398F697A54F076078CABB028C05C280C3309B22E4C40E8B556E66 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:09:48.0379 0x11f0 UNS - ok
09:09:48.0395 0x11f0 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
09:09:48.0441 0x11f0 upnphost - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0441 0x11f0 upnphost ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0441 0x11f0 Force sending object to P2P due to detect: upnphost
09:09:48.0441 0x11f0 Object send P2P result: false
09:09:48.0504 0x11f0 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:09:48.0551 0x11f0 usbaudio - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0551 0x11f0 usbaudio ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0551 0x11f0 Force sending object to P2P due to detect: usbaudio
09:09:48.0551 0x11f0 Object send P2P result: false
09:09:48.0582 0x11f0 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:09:48.0613 0x11f0 usbccgp - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0613 0x11f0 Object is SCO, delete is not allowed
09:09:48.0613 0x11f0 usbccgp ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0660 0x11f0 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:09:48.0691 0x11f0 usbcir - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0691 0x11f0 Object is SCO, delete is not allowed
09:09:48.0691 0x11f0 usbcir ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0738 0x11f0 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:09:48.0753 0x11f0 usbehci - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0753 0x11f0 Object is SCO, delete is not allowed
09:09:48.0753 0x11f0 usbehci ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0785 0x11f0 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:09:48.0816 0x11f0 usbhub - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0816 0x11f0 Object is SCO, delete is not allowed
09:09:48.0816 0x11f0 usbhub ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0816 0x11f0 Force sending object to P2P due to detect: usbhub
09:09:48.0816 0x11f0 Object send P2P result: false
09:09:48.0863 0x11f0 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:09:48.0894 0x11f0 usbohci - detected UnsignedFile.Multi.Generic ( 1 )
09:09:48.0894 0x11f0 Object is SCO, delete is not allowed
09:09:48.0894 0x11f0 usbohci ( UnsignedFile.Multi.Generic ) - warning
09:09:48.0894 0x11f0 Force sending object to P2P due to detect: usbohci
09:09:48.0894 0x11f0 Object send P2P result: false
09:09:48.0956 0x11f0 [ 41B758CFF0A3C10A69E088F440677399, E3E22275410AA7489A6FBE49DAD7C30751F27D537DCAFEBA7BF22D8ECE91471B ] USBPNPA C:\Windows\system32\drivers\CM108.sys
09:09:49.0050 0x11f0 USBPNPA - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0050 0x11f0 USBPNPA ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0065 0x11f0 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:09:49.0097 0x11f0 usbprint - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0097 0x11f0 Object is SCO, delete is not allowed
09:09:49.0097 0x11f0 usbprint ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0097 0x11f0 Force sending object to P2P due to detect: usbprint
09:09:49.0097 0x11f0 Object send P2P result: false
09:09:49.0159 0x11f0 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
09:09:49.0175 0x11f0 usbscan - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0175 0x11f0 usbscan ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0175 0x11f0 Force sending object to P2P due to detect: usbscan
09:09:49.0175 0x11f0 Object send P2P result: false
09:09:49.0221 0x11f0 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:09:49.0253 0x11f0 USBSTOR - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0253 0x11f0 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0299 0x11f0 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:09:49.0331 0x11f0 usbuhci - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0331 0x11f0 Object is SCO, delete is not allowed
09:09:49.0331 0x11f0 usbuhci ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0393 0x11f0 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:09:49.0440 0x11f0 usbvideo - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0440 0x11f0 usbvideo ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0440 0x11f0 Force sending object to P2P due to detect: usbvideo
09:09:49.0440 0x11f0 Object send P2P result: false
09:09:49.0455 0x11f0 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
09:09:49.0487 0x11f0 UxSms - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0487 0x11f0 Object is SCO, delete is not allowed
09:09:49.0487 0x11f0 UxSms ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0487 0x11f0 Force sending object to P2P due to detect: UxSms
09:09:49.0502 0x11f0 Object send P2P result: false
09:09:49.0580 0x11f0 [ 78AD1693A685FA570C36E65B6708E16F, 111CC856C630C2C8A7AF456688201227A2DC97D3BF7A038F160A8BB1803E5515 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
09:09:49.0580 0x11f0 UxTuneUp - ok
09:09:49.0596 0x11f0 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
09:09:49.0627 0x11f0 VaultSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0627 0x11f0 Detect skipped due to KSN trusted
09:09:49.0627 0x11f0 VaultSvc - ok
09:09:49.0643 0x11f0 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:09:49.0643 0x11f0 vdrvroot - ok
09:09:49.0674 0x11f0 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
09:09:49.0736 0x11f0 vds - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0736 0x11f0 Object is SCO, delete is not allowed
09:09:49.0736 0x11f0 vds ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0752 0x11f0 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:09:49.0783 0x11f0 vga - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0783 0x11f0 Object is SCO, delete is not allowed
09:09:49.0783 0x11f0 vga ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0830 0x11f0 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:09:49.0845 0x11f0 VgaSave - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0845 0x11f0 Object is SCO, delete is not allowed
09:09:49.0845 0x11f0 VgaSave ( UnsignedFile.Multi.Generic ) - warning
09:09:49.0877 0x11f0 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:09:49.0892 0x11f0 vhdmp - ok
09:09:49.0892 0x11f0 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:09:49.0923 0x11f0 viaagp - ok
09:09:49.0923 0x11f0 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:09:49.0955 0x11f0 ViaC7 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:49.0955 0x11f0 Object is SCO, delete is not allowed
09:09:49.0955 0x11f0 ViaC7 ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0001 0x11f0 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
09:09:50.0017 0x11f0 viaide - ok
09:09:50.0033 0x11f0 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:09:50.0095 0x11f0 vmbus - ok
09:09:50.0111 0x11f0 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:09:50.0142 0x11f0 VMBusHID - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0142 0x11f0 VMBusHID ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0173 0x11f0 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:09:50.0189 0x11f0 volmgr - ok
09:09:50.0189 0x11f0 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:09:50.0220 0x11f0 volmgrx - ok
09:09:50.0235 0x11f0 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:09:50.0251 0x11f0 volsnap - ok
09:09:50.0282 0x11f0 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:09:50.0313 0x11f0 vsmraid - ok
09:09:50.0345 0x11f0 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
09:09:50.0423 0x11f0 VSS - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0423 0x11f0 Object is SCO, delete is not allowed
09:09:50.0423 0x11f0 VSS ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0438 0x11f0 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:09:50.0469 0x11f0 vwifibus - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0469 0x11f0 vwifibus ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0516 0x11f0 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:09:50.0532 0x11f0 vwififlt - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0532 0x11f0 vwififlt ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0547 0x11f0 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:09:50.0579 0x11f0 vwifimp - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0579 0x11f0 vwifimp ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0610 0x11f0 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
09:09:50.0657 0x11f0 W32Time - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0657 0x11f0 Object is SCO, delete is not allowed
09:09:50.0657 0x11f0 W32Time ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0657 0x11f0 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:09:50.0688 0x11f0 WacomPen - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0688 0x11f0 Object is SCO, delete is not allowed
09:09:50.0688 0x11f0 WacomPen ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0703 0x11f0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:09:50.0735 0x11f0 WANARP - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0735 0x11f0 Object is SCO, delete is not allowed
09:09:50.0735 0x11f0 WANARP ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0735 0x11f0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:09:50.0766 0x11f0 Wanarpv6 - detected UnsignedFile.Multi.Generic ( 1 )
09:09:50.0766 0x11f0 Object is SCO, delete is not allowed
09:09:50.0766 0x11f0 Wanarpv6 ( UnsignedFile.Multi.Generic ) - warning
09:09:50.0766 0x11f0 Force sending object to P2P due to detect: Wanarpv6
09:09:50.0766 0x11f0 Object send P2P result: false
09:09:50.0828 0x11f0 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:09:50.0891 0x11f0 WatAdminSvc - ok
09:09:50.0922 0x11f0 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
09:09:51.0031 0x11f0 wbengine - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0031 0x11f0 Object is SCO, delete is not allowed
09:09:51.0031 0x11f0 wbengine ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0031 0x11f0 Force sending object to P2P due to detect: wbengine
09:09:51.0031 0x11f0 Object send P2P result: false
09:09:51.0078 0x11f0 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:09:51.0109 0x11f0 WbioSrvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0109 0x11f0 WbioSrvc ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0140 0x11f0 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:09:51.0171 0x11f0 wcncsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0171 0x11f0 Object is SCO, delete is not allowed
09:09:51.0171 0x11f0 wcncsvc ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0171 0x11f0 Force sending object to P2P due to detect: wcncsvc
09:09:51.0171 0x11f0 Object send P2P result: false
09:09:51.0187 0x11f0 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:09:51.0218 0x11f0 WcsPlugInService - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0218 0x11f0 Object is SCO, delete is not allowed
09:09:51.0218 0x11f0 WcsPlugInService ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0218 0x11f0 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:09:51.0234 0x11f0 Wd - ok
09:09:51.0296 0x11f0 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:09:51.0327 0x11f0 Wdf01000 - ok
09:09:51.0343 0x11f0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:09:51.0359 0x11f0 WdiServiceHost - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0359 0x11f0 Object is SCO, delete is not allowed
09:09:51.0359 0x11f0 WdiServiceHost ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0374 0x11f0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:09:51.0390 0x11f0 WdiSystemHost - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0390 0x11f0 Object is SCO, delete is not allowed
09:09:51.0390 0x11f0 WdiSystemHost ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0421 0x11f0 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
09:09:51.0452 0x11f0 WebClient - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0452 0x11f0 Object is SCO, delete is not allowed
09:09:51.0452 0x11f0 WebClient ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0468 0x11f0 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:09:51.0515 0x11f0 Wecsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0515 0x11f0 Object is SCO, delete is not allowed
09:09:51.0515 0x11f0 Wecsvc ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0515 0x11f0 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:09:51.0546 0x11f0 wercplsupport - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0546 0x11f0 Object is SCO, delete is not allowed
09:09:51.0546 0x11f0 wercplsupport ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0546 0x11f0 Force sending object to P2P due to detect: wercplsupport
09:09:51.0546 0x11f0 Object send P2P result: false
09:09:51.0608 0x11f0 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
09:09:51.0639 0x11f0 WerSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0639 0x11f0 Object is SCO, delete is not allowed
09:09:51.0639 0x11f0 WerSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0702 0x11f0 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:09:51.0717 0x11f0 WfpLwf - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0717 0x11f0 WfpLwf ( UnsignedFile.Multi.Generic ) - warning
09:09:51.0717 0x11f0 Force sending object to P2P due to detect: WfpLwf
09:09:51.0717 0x11f0 Object send P2P result: false
09:09:51.0780 0x11f0 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:09:51.0795 0x11f0 WIMMount - ok
09:09:51.0873 0x11f0 [ 253A9C2DF9A2A7B3B23146014959F2CD, DC9AEF4F5085C52930EE7523FB8FF209D1EF6A8333FAAB043269C18AD029112A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:09:51.0951 0x11f0 winachsf - detected UnsignedFile.Multi.Generic ( 1 )
09:09:51.0951 0x11f0 winachsf ( UnsignedFile.Multi.Generic ) - warning
09:09:52.0045 0x11f0 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:09:52.0107 0x11f0 WinDefend - detected UnsignedFile.Multi.Generic ( 1 )
09:09:52.0107 0x11f0 Object is SCO, delete is not allowed
09:09:52.0107 0x11f0 WinDefend ( UnsignedFile.Multi.Generic ) - warning
09:09:52.0154 0x11f0 WinHttpAutoProxySvc - ok
09:09:52.0217 0x11f0 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:09:52.0248 0x11f0 Winmgmt - detected UnsignedFile.Multi.Generic ( 1 )
09:09:52.0248 0x11f0 Object is SCO, delete is not allowed
09:09:52.0248 0x11f0 Winmgmt ( UnsignedFile.Multi.Generic ) - warning
09:09:52.0341 0x11f0 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
09:09:52.0451 0x11f0 WinRM - detected UnsignedFile.Multi.Generic ( 1 )
09:09:52.0451 0x11f0 Object is SCO, delete is not allowed
09:09:52.0451 0x11f0 WinRM ( UnsignedFile.Multi.Generic ) - warning
09:09:52.0451 0x11f0 Force sending object to P2P due to detect: WinRM
09:09:52.0466 0x11f0 Object send P2P result: false
09:09:52.0513 0x11f0 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:09:52.0529 0x11f0 WinUsb - detected UnsignedFile.Multi.Generic ( 1 )
09:09:52.0529 0x11f0 WinUsb ( UnsignedFile.Multi.Generic ) - warning
09:09:52.0591 0x11f0 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:09:52.0638 0x11f0 Wlansvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:52.0638 0x11f0 Object is SCO, delete is not allowed
09:09:52.0638 0x11f0 Wlansvc ( UnsignedFile.Multi.Generic ) - warning
09:09:52.0794 0x11f0 [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:09:52.0841 0x11f0 wlidsvc - ok
09:09:52.0903 0x11f0 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:09:52.0919 0x11f0 WmiAcpi - detected UnsignedFile.Multi.Generic ( 1 )
09:09:52.0919 0x11f0 Object is SCO, delete is not allowed
09:09:52.0919 0x11f0 WmiAcpi ( UnsignedFile.Multi.Generic ) - warning
09:09:52.0934 0x11f0 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:09:52.0965 0x11f0 wmiApSrv - detected UnsignedFile.Multi.Generic ( 1 )
09:09:52.0965 0x11f0 Object is SCO, delete is not allowed
09:09:52.0965 0x11f0 wmiApSrv ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0012 0x11f0 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:09:53.0090 0x11f0 WMPNetworkSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0090 0x11f0 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0090 0x11f0 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:09:53.0121 0x11f0 WPCSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0121 0x11f0 Object is SCO, delete is not allowed
09:09:53.0121 0x11f0 WPCSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0121 0x11f0 Force sending object to P2P due to detect: WPCSvc
09:09:53.0121 0x11f0 Object send P2P result: false
09:09:53.0153 0x11f0 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:09:53.0184 0x11f0 WPDBusEnum - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0184 0x11f0 Object is SCO, delete is not allowed
09:09:53.0184 0x11f0 WPDBusEnum ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0199 0x11f0 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:09:53.0231 0x11f0 ws2ifsl - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0231 0x11f0 Object is SCO, delete is not allowed
09:09:53.0231 0x11f0 ws2ifsl ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0246 0x11f0 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
09:09:53.0277 0x11f0 wscsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0277 0x11f0 Object is SCO, delete is not allowed
09:09:53.0277 0x11f0 wscsvc ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0324 0x11f0 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:09:53.0355 0x11f0 WSDPrintDevice - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0355 0x11f0 WSDPrintDevice ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0402 0x11f0 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
09:09:53.0433 0x11f0 WSDScan - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0433 0x11f0 WSDScan ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0433 0x11f0 WSearch - ok
09:09:53.0543 0x11f0 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
09:09:53.0621 0x11f0 wuauserv - ok
09:09:53.0667 0x11f0 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:09:53.0714 0x11f0 WudfPf - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0714 0x11f0 Object is SCO, delete is not allowed
09:09:53.0714 0x11f0 WudfPf ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0714 0x11f0 Force sending object to P2P due to detect: WudfPf
09:09:53.0714 0x11f0 Object send P2P result: false
09:09:53.0745 0x11f0 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:09:53.0777 0x11f0 WUDFRd - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0777 0x11f0 Object is SCO, delete is not allowed
09:09:53.0777 0x11f0 WUDFRd ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0823 0x11f0 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:09:53.0855 0x11f0 wudfsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0855 0x11f0 Object is SCO, delete is not allowed
09:09:53.0855 0x11f0 wudfsvc ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0855 0x11f0 Force sending object to P2P due to detect: wudfsvc
09:09:53.0855 0x11f0 Object send P2P result: false
09:09:53.0870 0x11f0 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
09:09:53.0917 0x11f0 WwanSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0917 0x11f0 WwanSvc ( UnsignedFile.Multi.Generic ) - warning
09:09:53.0917 0x11f0 Force sending object to P2P due to detect: WwanSvc
09:09:53.0917 0x11f0 Object send P2P result: false
09:09:53.0964 0x11f0 [ 894F963BE999BA9DB5AAC3AED55B115D, F4ECDD57FC5F6E295414745C2B8A2D9F9074C7035A6902456EE4447560863710 ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
09:09:53.0979 0x11f0 XAudio - detected UnsignedFile.Multi.Generic ( 1 )
09:09:53.0979 0x11f0 XAudio ( UnsignedFile.Multi.Generic ) - warning
09:09:54.0104 0x11f0 [ 0812F65CA33A76E080336E07F65C61C6, 654BDC41171C2A3F874F5FEE19CB391522732923427F6B9F77407F8D4765A26C ] XmppAuth C:\Program Files\AVG\CloudCare\XmppAuth.exe
09:09:54.0135 0x11f0 XmppAuth - ok
09:09:54.0151 0x11f0 ================ Scan global ===============================
09:09:54.0213 0x11f0 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
09:09:54.0276 0x11f0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
09:09:54.0291 0x11f0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
09:09:54.0307 0x11f0 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
09:09:54.0338 0x11f0 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
09:09:54.0354 0x11f0 [ Global ] - ok
09:09:54.0354 0x11f0 ================ Scan MBR ==================================
09:09:54.0369 0x11f0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:09:54.0775 0x11f0 \Device\Harddisk0\DR0 - ok
09:09:54.0775 0x11f0 ================ Scan VBR ==================================
09:09:54.0791 0x11f0 [ 9865380EBB1B1C543A66352016E35E3E ] \Device\Harddisk0\DR0\Partition1
09:09:54.0791 0x11f0 \Device\Harddisk0\DR0\Partition1 - ok
09:09:54.0791 0x11f0 [ F96DF2677595D3D854F1A86E13CE51BC ] \Device\Harddisk0\DR0\Partition2
09:09:54.0791 0x11f0 \Device\Harddisk0\DR0\Partition2 - ok
09:09:54.0806 0x11f0 [ F6E1041D1C9F436BA79E564A6CDC6457 ] \Device\Harddisk0\DR0\Partition3
09:09:54.0806 0x11f0 \Device\Harddisk0\DR0\Partition3 - ok
09:09:54.0806 0x11f0 ================ Scan generic autorun ======================
09:09:54.0853 0x11f0 [ 7BA157B8D3CAFDAB7557A1958295FBA8, 77C8DC6BADBB58765C2E8577DFE8489EE2104BF64A006215A2DE818D20446F4B ] C:\Windows\system32\TpShocks.exe
09:09:54.0869 0x11f0 TpShocks - ok
09:09:54.0900 0x11f0 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:09:54.0947 0x11f0 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
09:09:54.0947 0x11f0 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
09:09:54.0947 0x11f0 Force sending object to P2P due to detect: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:09:54.0947 0x11f0 Object send P2P result: false
09:09:54.0947 0x11f0 PWMTRV - ok
09:09:55.0009 0x11f0 [ FD334D8C75FA3AD04B0211E4F99BDDFD, 3A1BFF26EDD7E4E2CE4B92FA7331E3160D4CF606122CAC7C02B34656CE0A7983 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
09:09:55.0025 0x11f0 LENOVO.TPKNRRES - ok
09:09:55.0040 0x11f0 [ 1A73D7D5766BC5DDE3BCDEA0F59DF59B, 66F7097912272A9D7D8751BC7597FC6E780D194A0587BD669CFBF5E38A91DD65 ] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
09:09:55.0056 0x11f0 IMSS - ok
09:09:55.0087 0x11f0 [ BB73B4A6D4A9F1410563D1BA4D53E7CA, 38641DF5215C770B30FEC045D930835CF8DC72F2F6CA30A85AD08B5D6B26AD33 ] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
09:09:55.0103 0x11f0 IJNetworkScanUtility - ok
09:09:55.0181 0x11f0 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
09:09:55.0181 0x11f0 BCSSync - ok
09:09:55.0259 0x11f0 [ 27CFFB1E41A2BE2A25957A679BD84E10, 521DC8F3439EAA780AE0DA68B0FC6E671963AF76E165590EA83D2F6896B1C941 ] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
09:09:55.0305 0x11f0 AdobeCS5ServiceManager - detected UnsignedFile.Multi.Generic ( 1 )
09:09:55.0305 0x11f0 AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - warning
09:09:55.0305 0x11f0 Force sending object to P2P due to detect: C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
09:09:55.0321 0x11f0 Object send P2P result: false
09:09:55.0368 0x11f0 [ 5447AF432CDA61159ADDE218C468FFD9, 63BD74521F679F195C24C1818267ECCBD8A7F5C2B4CEF3E60EC46B5AE0AC72A8 ] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
09:09:55.0399 0x11f0 AdobeAAMUpdater-1.0 - ok
09:09:55.0446 0x11f0 [ A5880BCCB8D36AB9EC35ADDAC2773A4F, 2D050447F42A2B8CB9A9AC705F72E8EDF7671E3ACDC141EC332A406928D56E2B ] C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
09:09:55.0446 0x11f0 ACWLIcon - ok
09:09:55.0477 0x11f0 [ DD07FE0128204206DAFE16EA6739396F, A452E786248FD3EAD0D88A4FEB6C3883E89A2C33CD060EFFD68C76FEE413C450 ] C:\Program Files\Lenovo\Access Connections\ACTray.exe
09:09:55.0508 0x11f0 ACTray - ok
09:09:55.0524 0x11f0 [ B64449927444E3C2B6D969D04601FCCF, C0294A6B1967CDED820229F39D3A273C107F6487943D9FDFB3FBE26F4EA3737D ] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
09:09:55.0555 0x11f0 AcWin7Hlpr - detected UnsignedFile.Multi.Generic ( 1 )
09:09:55.0555 0x11f0 AcWin7Hlpr ( UnsignedFile.Multi.Generic ) - warning
09:09:55.0555 0x11f0 Force sending object to P2P due to detect: C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
09:09:55.0555 0x11f0 Object send P2P result: false
09:09:55.0586 0x11f0 [ 16843BD5B2C3A1FE581045E176E0298B, 7AF9F9A258DFD526BB4CAAAE4250177B5DC9C5967453B838F3867C1F9E1E1D43 ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
09:09:55.0602 0x11f0 SmartAudio - ok
09:09:55.0695 0x11f0 [ 38E330A28E034CE632F218AD2AD6452B, A0394688DD698A315EB1A40B0278B660D6EBB47E150A760649204945B703F640 ] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
09:09:55.0742 0x11f0 Trend Micro RUBotted V2.0 Beta - ok
09:09:55.0976 0x11f0 [ 28D29874E6B31DCB68A01127EF3D4DB5, 3D79C53FEF5C4CE17E155D92B59BB868378EA2A69A28B92FAF882020D48D57F5 ] C:\Program Files\AVG\AVG2014\avgui.exe
09:09:56.0117 0x11f0 AVG_UI - ok
09:09:56.0351 0x11f0 [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
09:09:56.0491 0x11f0 SDTray - ok
09:09:56.0507 0x11f0 [ DFE0702C5065EC62DC9B8B08997C1A85, 5C658208BAC41BF8570A01176B5F5DC14FCCB9525924D2FA9C2FBCD7ACB90FD6 ] C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
09:09:56.0522 0x11f0 AVG CloudCare - ok
09:09:56.0647 0x11f0 [ 52B9FA60C8B60932AABFAE73CF3BA61C, 01A364D22603B852E9FB659CCBBB637A27DA78D01EE9F4288A78310EF56C8D2C ] C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
09:09:56.0678 0x11f0 racontrol - ok
09:09:56.0756 0x11f0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:09:56.0803 0x11f0 Sidebar - detected UnsignedFile.Multi.Generic ( 1 )
09:09:56.0819 0x11f0 Object is SCO, delete is not allowed
09:09:56.0819 0x11f0 Sidebar ( UnsignedFile.Multi.Generic ) - warning
09:09:56.0834 0x11f0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
09:09:56.0850 0x11f0 mctadmin - detected UnsignedFile.Multi.Generic ( 1 )
09:09:56.0850 0x11f0 mctadmin ( UnsignedFile.Multi.Generic ) - warning
09:09:56.0897 0x11f0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:09:56.0959 0x11f0 Sidebar - detected UnsignedFile.Multi.Generic ( 1 )
09:09:56.0959 0x11f0 Object is SCO, delete is not allowed
09:09:56.0959 0x11f0 Sidebar ( UnsignedFile.Multi.Generic ) - warning
09:09:56.0959 0x11f0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
09:09:56.0990 0x11f0 mctadmin - detected UnsignedFile.Multi.Generic ( 1 )
09:09:56.0990 0x11f0 mctadmin ( UnsignedFile.Multi.Generic ) - warning
09:09:57.0021 0x11f0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
09:09:57.0068 0x11f0 Sidebar - detected UnsignedFile.Multi.Generic ( 1 )
09:09:57.0068 0x11f0 Object is SCO, delete is not allowed
09:09:57.0068 0x11f0 Sidebar ( UnsignedFile.Multi.Generic ) - warning
09:09:57.0068 0x11f0 Force sending object to P2P due to detect: C:\Program Files\Windows Sidebar\sidebar.exe
09:09:57.0084 0x11f0 Object send P2P result: false
09:09:57.0146 0x11f0 [ C948AC73822CA662CF44185B909EA18B, 75895AA3AAED47D50D178CF064F939ED1EB345E9ADD12527F9F5737395A9AFB4 ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
09:09:57.0193 0x11f0 OfficeSyncProcess - ok
09:09:57.0224 0x11f0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:09:57.0287 0x11f0 Sidebar - detected UnsignedFile.Multi.Generic ( 1 )
09:09:57.0287 0x11f0 Object is SCO, delete is not allowed
09:09:57.0287 0x11f0 Sidebar ( UnsignedFile.Multi.Generic ) - warning
09:09:57.0287 0x11f0 AVG-Secure-Search-Update_JUNE2013_TB - ok
09:09:57.0318 0x11f0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
09:09:57.0333 0x11f0 mctadmin - detected UnsignedFile.Multi.Generic ( 1 )
09:09:57.0333 0x11f0 mctadmin ( UnsignedFile.Multi.Generic ) - warning
09:09:57.0443 0x11f0 [ E9A1828AE398AE48EF6FC39953B7B5D5, E4439C75F67A2B4D8015327C5DC6D77ECF6E7893E54261704DEB5A5F400DCC61 ] C:\Program Files\Windows Live\Installer\wlstart.exe
09:09:57.0489 0x11f0 WLStart - ok
09:09:57.0489 0x11f0 AVG-Secure-Search-Update_JUNE2013_TB - ok
09:09:57.0567 0x11f0 AV detected via SS2: AVG CloudCare AntiVirus 2014, C:\Program Files\AVG\AVG2014\avgwsc.exe ( 14.0.0.4800 ), 0x41000 ( enabled : updated )
09:09:57.0567 0x11f0 FW detected via SS2: AVG CloudCare AntiVirus 2014, C:\Program Files\AVG\AVG2014\avgwsc.exe ( 14.0.0.4800 ), 0x41010 ( enabled )
09:09:57.0567 0x11f0 ============================================================
09:09:57.0567 0x11f0 Scan finished
09:09:57.0567 0x11f0 ============================================================

spypcsense
2015-01-16, 21:58
Just noticed that it exceeded capacity

09:09:57.0583 0x1510 Detected object count: 198
09:09:57.0583 0x1510 Actual detected object count: 198
09:11:43.0025 0x1510 MSiSCSI ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0056 0x1510 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0072 0x1510 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0072 0x1510 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0088 0x1510 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0103 0x1510 C:\Windows\system32\DRIVERS\MTConfig.sys - copied to quarantine
09:11:43.0103 0x1510 MTConfig ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0150 0x1510 napagent ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0181 0x1510 NativeWifiP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0197 0x1510 C:\Windows\system32\DRIVERS\ndiscap.sys - copied to quarantine
09:11:43.0197 0x1510 NdisCap ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0212 0x1510 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0244 0x1510 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0275 0x1510 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0290 0x1510 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0306 0x1510 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0353 0x1510 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0384 0x1510 C:\Windows\System32\netman.dll - copied to quarantine
09:11:43.0384 0x1510 Netman ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0415 0x1510 netprofm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:43.0774 0x1510 C:\Windows\system32\DRIVERS\NETw5s32.sys - copied to quarantine
09:11:43.0774 0x1510 NETw5s32 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0086 0x1510 C:\Windows\system32\DRIVERS\netw5v32.sys - copied to quarantine
09:11:44.0086 0x1510 netw5v32 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0460 0x1510 C:\Windows\system32\DRIVERS\NETwNs32.sys - copied to quarantine
09:11:44.0460 0x1510 NETwNs32 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0538 0x1510 NlaSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0538 0x1510 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0570 0x1510 nsi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0585 0x1510 nsiproxy ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0601 0x1510 Null ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0632 0x1510 ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0663 0x1510 C:\Windows\system32\pnrpsvc.dll - copied to quarantine
09:11:44.0663 0x1510 p2pimsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0710 0x1510 p2psvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0726 0x1510 Parport ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0741 0x1510 C:\Windows\system32\DRIVERS\parvdm.sys - copied to quarantine
09:11:44.0741 0x1510 Parvdm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0819 0x1510 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe - copied to quarantine
09:11:44.0819 0x1510 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0850 0x1510 PcaSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0897 0x1510 PEAUTH ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:44.0960 0x1510 C:\Windows\system32\peerdistsvc.dll - copied to quarantine
09:11:44.0960 0x1510 PeerDistSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0069 0x1510 pla ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0147 0x1510 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0162 0x1510 C:\Windows\system32\pnrpauto.dll - copied to quarantine
09:11:45.0162 0x1510 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0240 0x1510 C:\Windows\system32\pnrpsvc.dll - copied to quarantine
09:11:45.0240 0x1510 PNRPsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0272 0x1510 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0318 0x1510 C:\Windows\system32\umpo.dll - copied to quarantine
09:11:45.0318 0x1510 Power ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0350 0x1510 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0365 0x1510 Processor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0412 0x1510 ProfSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0428 0x1510 Psched ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0521 0x1510 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe - copied to quarantine
09:11:45.0521 0x1510 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0599 0x1510 C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe - copied to quarantine
09:11:45.0599 0x1510 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0646 0x1510 QWAVE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0662 0x1510 QWAVEdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0693 0x1510 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0708 0x1510 C:\Windows\system32\DRIVERS\AgileVpn.sys - copied to quarantine
09:11:45.0708 0x1510 RasAgileVpn ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0724 0x1510 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0755 0x1510 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0786 0x1510 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0802 0x1510 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0818 0x1510 RasSstp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0849 0x1510 rdbss ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0942 0x1510 C:\Windows\system32\DRIVERS\rdpbus.sys - copied to quarantine
09:11:45.0942 0x1510 rdpbus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0974 0x1510 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:45.0989 0x1510 RDPDR ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0005 0x1510 RDPENCDD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0036 0x1510 C:\Windows\system32\drivers\rdprefmp.sys - copied to quarantine
09:11:46.0036 0x1510 RDPREFMP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0067 0x1510 C:\Windows\system32\drivers\rdpvideominiport.sys - copied to quarantine
09:11:46.0083 0x1510 RdpVideoMiniport ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0114 0x1510 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0176 0x1510 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0223 0x1510 C:\Windows\system32\regsvc.dll - copied to quarantine
09:11:46.0223 0x1510 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0301 0x1510 C:\Windows\system32\DRIVERS\rfcomm.sys - copied to quarantine
09:11:46.0301 0x1510 RFCOMM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0379 0x1510 C:\Windows\system32\DRIVERS\rimspe86.sys - copied to quarantine
09:11:46.0379 0x1510 rimspci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0442 0x1510 C:\Windows\System32\RpcEpMap.dll - copied to quarantine
09:11:46.0442 0x1510 RpcEptMapper ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0473 0x1510 C:\Windows\system32\locator.exe - copied to quarantine
09:11:46.0473 0x1510 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0504 0x1510 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0535 0x1510 C:\Windows\system32\drivers\vms3cap.sys - copied to quarantine
09:11:46.0535 0x1510 s3cap ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0551 0x1510 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0566 0x1510 C:\Windows\system32\DRIVERS\scfilter.sys - copied to quarantine
09:11:46.0566 0x1510 scfilter ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0629 0x1510 C:\Windows\system32\schedsvc.dll - copied to quarantine
09:11:46.0629 0x1510 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0660 0x1510 C:\Windows\system32\drivers\sdbus.sys - copied to quarantine
09:11:46.0660 0x1510 sdbus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0691 0x1510 SDRSVC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0707 0x1510 C:\Windows\system32\drivers\secdrv.sys - copied to quarantine
09:11:46.0707 0x1510 secdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0769 0x1510 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0800 0x1510 SENS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0816 0x1510 C:\Windows\system32\sensrsvc.dll - copied to quarantine
09:11:46.0816 0x1510 SensrSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0863 0x1510 Serenum ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0941 0x1510 Serial ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:46.0972 0x1510 sermouse ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0019 0x1510 SessionEnv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0034 0x1510 sffdisk ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0066 0x1510 sffp_mmc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0097 0x1510 sffp_sd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0128 0x1510 sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0175 0x1510 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0222 0x1510 C:\Windows\System32\shsvcs.dll - copied to quarantine
09:11:47.0222 0x1510 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0253 0x1510 Smb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0284 0x1510 SNMPTRAP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0331 0x1510 C:\Windows\System32\spoolsv.exe - copied to quarantine
09:11:47.0331 0x1510 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0518 0x1510 C:\Windows\system32\sppsvc.exe - copied to quarantine
09:11:47.0518 0x1510 sppsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0549 0x1510 C:\Windows\system32\sppuinotify.dll - copied to quarantine
09:11:47.0549 0x1510 sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0627 0x1510 srv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0674 0x1510 srv2 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0721 0x1510 C:\Windows\system32\DRIVERS\VSTAZL3.SYS - copied to quarantine
09:11:47.0721 0x1510 SrvHsfHDA ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0799 0x1510 C:\Windows\system32\DRIVERS\VSTDPV3.SYS - copied to quarantine
09:11:47.0799 0x1510 SrvHsfV92 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:47.0986 0x1510 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS - copied to quarantine
09:11:47.0986 0x1510 SrvHsfWinac ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0017 0x1510 srvnet ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0064 0x1510 C:\Windows\System32\ssdpsrv.dll - copied to quarantine
09:11:48.0064 0x1510 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0111 0x1510 SstpSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0220 0x1510 StiSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0282 0x1510 C:\Windows\system32\storsvc.dll - copied to quarantine
09:11:48.0282 0x1510 StorSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0376 0x1510 C:\Program Files\Lenovo\System Update\SUService.exe - copied to quarantine
09:11:48.0376 0x1510 SUService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0454 0x1510 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
09:11:48.0470 0x1510 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0501 0x1510 swprv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0579 0x1510 SysMain ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0626 0x1510 TabletInputService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0672 0x1510 C:\Windows\System32\tapisrv.dll - copied to quarantine
09:11:48.0672 0x1510 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0704 0x1510 TBS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0766 0x1510 tcpipreg ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0797 0x1510 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0860 0x1510 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0906 0x1510 tdx ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:48.0984 0x1510 TermService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0031 0x1510 C:\Windows\system32\themeservice.dll - copied to quarantine
09:11:49.0031 0x1510 Themes ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0062 0x1510 C:\Windows\system32\drivers\tpm.sys - copied to quarantine
09:11:49.0062 0x1510 TPM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0109 0x1510 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0172 0x1510 TrustedInstaller ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0250 0x1510 tssecsrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0312 0x1510 C:\Windows\system32\drivers\tsusbflt.sys - copied to quarantine
09:11:49.0312 0x1510 TsUsbFlt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0359 0x1510 tunnel ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0546 0x1510 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe - copied to quarantine
09:11:49.0546 0x1510 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0593 0x1510 udfs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0624 0x1510 UI0Detect ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0655 0x1510 umbus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0702 0x1510 UmPass ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0733 0x1510 UmRdpService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0764 0x1510 C:\Windows\System32\upnphost.dll - copied to quarantine
09:11:49.0764 0x1510 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0811 0x1510 C:\Windows\system32\drivers\usbaudio.sys - copied to quarantine
09:11:49.0811 0x1510 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0858 0x1510 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:49.0967 0x1510 usbcir ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0030 0x1510 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0092 0x1510 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0154 0x1510 usbohci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0264 0x1510 C:\Windows\system32\drivers\CM108.sys - copied to quarantine
09:11:50.0264 0x1510 USBPNPA ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0295 0x1510 usbprint ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0357 0x1510 C:\Windows\system32\drivers\usbscan.sys - copied to quarantine
09:11:50.0357 0x1510 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0388 0x1510 C:\Windows\system32\DRIVERS\USBSTOR.SYS - copied to quarantine
09:11:50.0388 0x1510 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0466 0x1510 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0529 0x1510 C:\Windows\System32\Drivers\usbvideo.sys - copied to quarantine
09:11:50.0529 0x1510 usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0560 0x1510 UxSms ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0607 0x1510 vds ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0654 0x1510 vga ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0685 0x1510 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0716 0x1510 ViaC7 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0747 0x1510 C:\Windows\system32\drivers\VMBusHID.sys - copied to quarantine
09:11:50.0747 0x1510 VMBusHID ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0825 0x1510 VSS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0856 0x1510 C:\Windows\system32\DRIVERS\vwifibus.sys - copied to quarantine
09:11:50.0856 0x1510 vwifibus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0903 0x1510 C:\Windows\system32\DRIVERS\vwififlt.sys - copied to quarantine
09:11:50.0903 0x1510 vwififlt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0934 0x1510 C:\Windows\system32\DRIVERS\vwifimp.sys - copied to quarantine
09:11:50.0934 0x1510 vwifimp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:50.0997 0x1510 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0028 0x1510 WacomPen ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0075 0x1510 WANARP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0106 0x1510 Wanarpv6 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0200 0x1510 wbengine ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0246 0x1510 C:\Windows\System32\wbiosrvc.dll - copied to quarantine
09:11:51.0246 0x1510 WbioSrvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0293 0x1510 wcncsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0340 0x1510 WcsPlugInService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0371 0x1510 WdiServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0402 0x1510 WdiSystemHost ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0449 0x1510 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0480 0x1510 Wecsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0527 0x1510 wercplsupport ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0558 0x1510 WerSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0590 0x1510 C:\Windows\system32\DRIVERS\wfplwf.sys - copied to quarantine
09:11:51.0590 0x1510 WfpLwf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0683 0x1510 C:\Windows\system32\DRIVERS\HSX_CNXT.sys - copied to quarantine
09:11:51.0683 0x1510 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0808 0x1510 WinDefend ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:51.0917 0x1510 Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0026 0x1510 WinRM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0073 0x1510 C:\Windows\system32\DRIVERS\WinUsb.sys - copied to quarantine
09:11:52.0073 0x1510 WinUsb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0167 0x1510 Wlansvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0229 0x1510 WmiAcpi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0307 0x1510 wmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0416 0x1510 C:\Program Files\Windows Media Player\wmpnetwk.exe - copied to quarantine
09:11:52.0416 0x1510 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0448 0x1510 WPCSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0494 0x1510 WPDBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0541 0x1510 ws2ifsl ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0588 0x1510 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0650 0x1510 C:\Windows\system32\DRIVERS\WSDPrint.sys - copied to quarantine
09:11:52.0650 0x1510 WSDPrintDevice ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0713 0x1510 C:\Windows\system32\DRIVERS\WSDScan.sys - copied to quarantine
09:11:52.0713 0x1510 WSDScan ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0775 0x1510 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0806 0x1510 WUDFRd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0869 0x1510 wudfsvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0916 0x1510 C:\Windows\System32\wwansvc.dll - copied to quarantine
09:11:52.0916 0x1510 WwanSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:52.0978 0x1510 C:\Windows\system32\DRIVERS\XAudio32.sys - copied to quarantine
09:11:52.0978 0x1510 XAudio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0072 0x1510 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
09:11:53.0072 0x1510 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0196 0x1510 C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe - copied to quarantine
09:11:53.0196 0x1510 AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0259 0x1510 C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe - copied to quarantine
09:11:53.0259 0x1510 AcWin7Hlpr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0352 0x1510 Sidebar ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0399 0x1510 C:\Windows\System32\mctadmin.exe - copied to quarantine
09:11:53.0399 0x1510 mctadmin ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0493 0x1510 Sidebar ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0508 0x1510 C:\Windows\System32\mctadmin.exe - copied to quarantine
09:11:53.0508 0x1510 mctadmin ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0586 0x1510 Sidebar ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0664 0x1510 Sidebar ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:11:53.0696 0x1510 C:\Windows\System32\mctadmin.exe - copied to quarantine
09:11:53.0696 0x1510 mctadmin ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
09:12:30.0465 0x0548 Deinitialize success

Juliet
2015-01-16, 22:11
Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif



NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

After running this tool tell me what the computer is doing now.

spypcsense
2015-01-17, 01:38
Finished Windows Repair - BTW there are a couple of new versions out.
Running Malwarebytes and Spybot S&D (Spybot says I haven't scanned for 115 days but I've scanned several times and there is a log from Jan. 9) May take a couple of hours to finish. then I will try to run Windows Update and see if that works or I get the "you ain't genuine" message again. I'll let you know. Really appreciate all your efforts.

Juliet
2015-01-17, 01:43
your welcome :)

spypcsense
2015-01-17, 04:14
Well I guess we're not out of the woods yet.
Malwarebytes found and quarantined PUP.optional.spigot.A, .MyEmoticons.A
Spybot found 21 items which I fixed - they are all low level
will post the logs if you want
Update says the service isn't running but it is.
2nd time I clicked on control panel got message with long string of characters that says "The remote procedure call failed and did not execute"
Rebooted and tried update again - no luck even though service is running.
Downloaded MS Fixit, loaded the troubleshooter and then came up with message that it couldn't proceed. Microsoft support has all kinds of troubleshooting tips .....except for a troubleshooting error.http://forums.spybot.info/images/smilies/sad.gif

spypcsense
2015-01-17, 05:16
Downloaded and installed an upgrade from Lenovo. The computer is now installing updates!!! :)

Juliet
2015-01-17, 14:39
Downloaded and installed an upgrade from Lenovo. The computer is now installing updates!!! :)

your kidding me!

kinda unfair to me that a computer needing something as simple as a driver update (if thats what it was) was holding this process up.
Lenovo or Microsoft should had sent something saying it was required.

spypcsense
2015-01-18, 01:57
Wasn't just that. There was malware in the computer and it took all those scans to get it out to where I could upgrade and update. That being said - if an MS forum suggested upgrading drivers or removing malware, I couldn't find it. Their search engine sucks - even if you put something in quotes.


your kidding me!

kinda unfair to me that a computer needing something as simple as a driver update (if thats what it was) was holding this process up.
Lenovo or Microsoft should had sent something saying it was required.

Juliet
2015-01-18, 02:13
I'm not thinking we'll find much more but to be on the safe side let's run a new FRST log


Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

spypcsense
2015-01-19, 19:54
Hello Juliet - Hope you got some time to relax this weekend. Here's where we are at: The Genuine windows error still pops up. A system check shows Windows as being activated. The MS program to resolve the issue loads and runs instead of erroring out like it did before but it doesn't finish - just keeps going and going. One other little tidbit - I changed the home page and the default search engine to Google. I had been using Bing but in all this mess it got changed to Yahoo. Now default search has gone back to Yahoo.
Here are the logs - if they both fit.
FRST:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {8B8759FD-D298-4DA4-9E65-1537394A49E4} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://10.0.0.26:85/HiDvrOcx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Yahoo!
FF Homepage: google.com
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2701720504-2077786656-4262629455-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruce\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: DownloadHelper - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Quick Translator - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\dyc1xnox.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-03-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-17]

Chrome:
=======
CHR HomePage: Default -> CF2A1B5DAB7B5315E55715EF8EC5133FC9F72ED56902A51959CDB1A61A4E382D
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=523482&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-08]
CHR Extension: (Google Wallet) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2009-11-26] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [255336 2009-11-26] (Lenovo)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [948736 2011-08-08] (Intel Corporation)
R2 AvgApiWrapper; C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe [151832 2014-07-25] (AVG Technologies, Inc.)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AvgRemote; C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe [54960 2013-09-05] (AVG Technologies, Inc.)
R2 AvgUpgrade; C:\Program Files\AVG\CloudCare\AvgUpgrade.exe [78616 2014-07-25] (AVG Technologies, Inc.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [102672 2011-06-03] (Intel(R) Corporation)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-01-31] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R2 raserver; C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1404080 2013-08-29] (AVG Technologies, Inc.)
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35640 2014-07-14] (AVG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 XmppAuth; C:\Program Files\AVG\CloudCare\XmppAuth.exe [285464 2014-07-25] (AVG Technologies, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2012-12-17] (Oak Technology Inc.) [File not signed]
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:34 - 2015-01-19 09:34 - 00000000 ____D () C:\Users\Bruce\Desktop\FRST-OlderVersion
2015-01-17 17:14 - 2015-01-17 17:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-17 16:04 - 2015-01-17 16:04 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(3).exe
2015-01-16 20:56 - 2015-01-16 20:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-16 19:27 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-16 19:27 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-16 19:27 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-16 19:27 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-16 19:27 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-16 19:18 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-16 19:18 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 19:18 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-16 19:18 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-16 19:18 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-16 19:18 - 2014-11-21 18:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-16 19:18 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-16 19:18 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-16 19:18 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-16 19:18 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-16 19:18 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-16 19:18 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-16 19:18 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-16 19:18 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-16 19:18 - 2014-11-21 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-16 19:18 - 2014-11-21 17:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-16 19:18 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-16 19:18 - 2014-11-21 17:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-16 19:18 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-16 19:18 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-16 19:18 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-16 19:18 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-16 19:18 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-16 19:18 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-16 19:18 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-16 19:18 - 2014-11-21 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-16 19:18 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-16 19:18 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-16 19:18 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-16 19:18 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-16 19:18 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-16 19:18 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-16 19:18 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-16 19:18 - 2014-10-13 17:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-16 19:18 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-16 19:18 - 2014-10-13 17:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-16 19:18 - 2014-10-13 17:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-16 19:18 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-16 19:18 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-16 19:18 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-16 19:18 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-16 19:17 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 19:17 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 19:17 - 2014-12-11 09:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 19:17 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-16 19:17 - 2014-12-03 20:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-16 19:17 - 2014-12-01 15:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-16 19:17 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-16 19:17 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-16 19:17 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-16 19:17 - 2014-11-10 17:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-16 19:17 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-16 19:17 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-16 19:17 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-16 19:17 - 2014-10-09 16:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-16 19:17 - 2014-10-02 17:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-16 19:17 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-16 19:17 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-16 19:17 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-16 18:44 - 2012-05-30 13:30 - 00471360 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2015-01-16 18:01 - 2015-01-16 18:01 - 00347816 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\MicrosoftFixit.wu.RNP.Run.exe
2015-01-16 15:25 - 2015-01-16 15:25 - 00000000 ____D () C:\MoTemp
2015-01-16 14:35 - 2015-01-16 14:35 - 00000000 ____D () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio
2015-01-16 14:33 - 2015-01-16 14:34 - 07876439 _____ () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio.zip
2015-01-16 14:17 - 2015-01-16 14:17 - 00003288 _____ () C:\bootsqm.dat
2015-01-16 13:16 - 2015-01-16 13:16 - 01346048 _____ (Indigo Rose Corporation) C:\Users\Bruce\Desktop\uninstall.exe
2015-01-16 13:16 - 2015-01-16 13:16 - 00325960 _____ () C:\Users\Bruce\Desktop\lua5.1.dll
2015-01-16 13:16 - 2015-01-16 13:16 - 00001386 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\Uninstall
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\repairs_info
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\files
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\color_presets
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-16 13:14 - 2015-01-16 13:15 - 09817304 _____ () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-01-16 13:07 - 2015-01-16 13:07 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(2).exe
2015-01-16 09:42 - 2015-01-16 09:43 - 00002241 _____ () C:\Users\Bruce\Desktop\FSS.txt
2015-01-16 09:11 - 2015-01-16 09:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-16 08:52 - 2015-01-16 08:53 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bruce\Desktop\tdsskiller.exe
2015-01-16 08:52 - 2015-01-16 08:52 - 00415232 _____ (Farbar) C:\Users\Bruce\Desktop\FSS.exe
2015-01-15 16:01 - 2015-01-15 16:01 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\PCDr
2015-01-15 16:00 - 2015-01-15 16:00 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-15 14:36 - 2015-01-15 14:36 - 00001731 _____ () C:\Users\Bruce\Desktop\JRT.txt
2015-01-15 14:30 - 2015-01-15 14:30 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 14:27 - 2015-01-15 19:02 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Search Protection
2015-01-15 14:27 - 2015-01-15 14:27 - 01707939 _____ (Thisisu) C:\Users\Bruce\Desktop\JRT(1).exe
2015-01-15 14:25 - 2015-01-15 14:25 - 00236344 _____ () C:\Users\Bruce\Desktop\JRT.exe
2015-01-15 14:03 - 2015-01-15 14:13 - 00000000 ____D () C:\AdwCleaner
2015-01-15 14:00 - 2015-01-15 14:01 - 02191360 _____ () C:\Users\Bruce\Desktop\AdwCleaner.exe
2015-01-15 14:00 - 2015-01-15 14:00 - 00002192 _____ () C:\Users\Bruce\Documents\reply.txt
2015-01-15 10:39 - 2015-01-15 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-15 10:36 - 2015-01-15 11:03 - 00000000 ____D () C:\Users\Bruce\Desktop\mbar
2015-01-15 10:35 - 2015-01-15 10:36 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Bruce\Downloads\mbar-1.08.2.1001.exe
2015-01-15 10:02 - 2015-01-15 10:26 - 00051749 _____ () C:\Users\Bruce\Desktop\Addition.txt
2015-01-15 10:00 - 2015-01-19 09:38 - 00027682 _____ () C:\Users\Bruce\Desktop\FRST.txt
2015-01-15 10:00 - 2015-01-19 09:34 - 01118208 _____ (Farbar) C:\Users\Bruce\Desktop\FRST.exe
2015-01-13 16:14 - 2015-01-13 16:14 - 00002214 _____ () C:\Users\Bruce\Desktop\aswMBR.txt
2015-01-13 16:14 - 2015-01-13 16:14 - 00000512 _____ () C:\Users\Bruce\Desktop\MBR.dat
2015-01-13 14:10 - 2015-01-13 14:11 - 05198336 _____ (AVAST Software) C:\Users\Bruce\Desktop\aswMBR.exe
2015-01-13 13:46 - 2015-01-13 13:47 - 00051749 _____ () C:\Users\Bruce\Desktop\oldAddition.txt
2015-01-13 13:43 - 2015-01-19 09:35 - 00000000 ____D () C:\FRST
2015-01-13 13:37 - 2015-01-13 13:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRUCE-LENOVO-Microsoft-Windows-7-Professional-(32-bit).dat
2015-01-13 13:36 - 2015-01-13 13:36 - 00000000 ____D () C:\RegBackup
2015-01-13 13:35 - 2015-01-13 13:35 - 00002196 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-01-13 13:32 - 2015-01-13 13:32 - 04215584 _____ () C:\Users\Bruce\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-13 13:06 - 2015-01-13 13:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(1).exe
2015-01-09 20:00 - 2015-01-19 09:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 19:59 - 2015-01-15 10:39 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 19:59 - 2015-01-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 19:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 19:58 - 2015-01-09 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG
2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG
2015-01-09 09:28 - 2015-01-09 09:00 - 08994813 _____ () C:\Users\Admin\Documents\CBS.txt.log
2015-01-09 09:18 - 2015-01-09 09:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2014
2015-01-09 09:17 - 2015-01-09 09:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2014
2015-01-09 09:17 - 2015-01-09 09:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-02 12:53 - 2015-01-07 10:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-02 12:53 - 2015-01-02 12:53 - 00000000 ____D () C:\ProgramData\Intel.sav
2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-01-02 12:43 - 2015-01-02 12:43 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Intel
2015-01-02 12:42 - 2015-01-02 12:42 - 00001139 _____ () C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\Program Files\Intel Driver Update Utility
2015-01-02 12:41 - 2015-01-02 12:41 - 02333416 _____ (Intel) C:\Users\Bruce\Downloads\Intel Driver Update Utility Installer.exe
2015-01-02 12:26 - 2015-01-02 12:26 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate.exe
2014-12-27 22:41 - 2014-12-27 22:41 - 00011079 _____ () C:\Users\Bruce\Documents\computer.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 09:38 - 2010-06-23 05:46 - 01411414 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 09:34 - 2009-07-20 21:30 - 00800182 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 09:34 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:34 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 09:33 - 2011-11-01 07:44 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 09:28 - 2013-10-17 08:35 - 00000000 ____D () C:\ProgramData\AVGRemoteIT
2015-01-19 09:28 - 2011-05-03 15:00 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-19 09:28 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 09:28 - 2009-07-13 20:39 - 00192315 _____ () C:\Windows\setupact.log
2015-01-18 23:46 - 2010-07-21 11:01 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook Files
2015-01-18 23:46 - 2010-06-24 18:18 - 00000000 ____D () C:\Users\braley\Outlook
2015-01-18 23:42 - 2012-04-08 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 14:13 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-17 13:53 - 2011-04-08 18:25 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 23:21 - 2010-06-23 06:31 - 00462888 _____ () C:\Users\Bruce\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-16 21:00 - 2009-07-13 20:33 - 03896504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-16 20:56 - 2014-07-09 11:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-16 20:56 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-16 19:47 - 2010-06-24 23:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-16 19:41 - 2013-08-17 09:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 18:38 - 2010-06-23 05:44 - 00000000 ____D () C:\swshare
2015-01-16 17:40 - 2013-01-09 04:02 - 00000000 ____D () C:\Users\Bruce\Documents\Technical
2015-01-16 15:25 - 2010-06-23 06:28 - 00000000 ____D () C:\Users\Bruce
2015-01-16 15:12 - 2010-06-23 05:42 - 01868734 _____ () C:\Windows\PFRO.log
2015-01-16 15:12 - 2010-06-23 05:34 - 00000000 ____D () C:\Windows\CSC
2015-01-16 14:32 - 2013-07-18 16:22 - 00001734 _____ () C:\Users\Bruce\Desktop\settings.ini
2015-01-15 13:20 - 2014-04-03 21:57 - 00000000 ____D () C:\Users\Outlook
2015-01-13 14:42 - 2012-04-08 09:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 14:42 - 2011-05-26 08:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 12:59 - 2011-05-03 15:00 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-11 00:56 - 2010-10-02 07:35 - 00000000 ____D () C:\Users\Bruce\Documents\Politics
2015-01-10 09:59 - 2009-07-13 20:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 19:59 - 2011-11-01 13:12 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-09 09:18 - 2012-05-06 10:50 - 00462888 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 09:17 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-07 11:01 - 2013-12-14 10:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-07 10:39 - 2010-06-24 23:49 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Microsoft Help
2015-01-07 10:19 - 2014-06-21 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 10:19 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin
2015-01-07 10:19 - 2011-11-09 01:58 - 00000000 ____D () C:\ProgramData\Intel
2015-01-07 10:19 - 2010-06-23 06:21 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-07 10:19 - 2010-06-22 18:22 - 00000000 ____D () C:\Users\braley
2015-01-07 10:19 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-07 10:19 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Cisco
2015-01-07 10:18 - 2010-06-23 05:39 - 00000000 ____D () C:\Program Files\Intel
2015-01-02 12:54 - 2013-11-18 07:58 - 00000000 ____D () C:\Users\TEMP
2014-12-31 13:15 - 2010-06-22 22:55 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-26 00:55 - 2011-09-25 21:46 - 00000000 ____D () C:\Users\Bruce\Documents\Melaleuca
2014-12-25 12:35 - 2012-05-21 10:09 - 00000000 ____D () C:\Users\Bruce\Documents\Sean
2014-12-22 20:01 - 2009-07-19 17:04 - 00000000 ____D () C:\Users\Bruce\Documents\Financial

==================== Files in the root of some directories =======
2014-06-14 12:48 - 2014-06-14 12:48 - 6103040 _____ () C:\Program Files\GUT3266.tmp
2012-04-26 10:24 - 2012-05-07 16:17 - 0022616 _____ () C:\Users\Bruce\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-02-15 12:01 - 2014-03-03 21:01 - 0002235 _____ () C:\Users\Bruce\AppData\Roaming\SAS7_000.DAT
2014-02-23 13:04 - 2014-02-23 13:04 - 0000000 _____ () C:\Users\Bruce\AppData\Roaming\SharedSettings.ccs
2011-11-07 10:10 - 2012-05-02 12:01 - 0172925 _____ () C:\Users\Bruce\AppData\Local\ars.cache
2011-11-07 10:10 - 2012-05-02 12:01 - 0417386 _____ () C:\Users\Bruce\AppData\Local\census.cache
2012-11-20 09:16 - 2012-11-20 09:16 - 0005632 _____ () C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-24 10:08 - 2010-12-24 10:08 - 0000036 _____ () C:\Users\Bruce\AppData\Local\housecall.guid.cache
2011-01-10 08:10 - 2011-01-10 08:10 - 0004096 ____H () C:\Users\Bruce\AppData\Local\keyfile3.drm
2010-09-15 08:47 - 2014-09-17 21:48 - 0007604 _____ () C:\Users\Bruce\AppData\Local\resmon.resmoncfg
2011-04-08 18:24 - 2011-04-08 18:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-02-21 15:28 - 2013-02-21 17:19 - 0000034 _____ () C:\ProgramData\IpAndPort.fig
2013-02-21 15:28 - 2013-09-13 22:30 - 0000225 _____ () C:\ProgramData\RmUserCfg.ini

Some content of TEMP:
====================
C:\Users\Bruce\AppData\Local\Temp\Quarantine.exe
C:\Users\Bruce\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 16:45

==================== End Of Log ============================
ADDITION.TXT
=================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG CloudCare AntiVirus 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Connect Add-in (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Adobe Connect Add-in) (Version: - )
Adobe Creative Suite 5 Production Premium (HKLM\...\{53BC789D-073D-47B6-AA9F-DE05990AF07A}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.10 (HKLM\...\Amazon MP3 Downloader) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.6 - Vantage Software Technologies)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG CloudCare (HKLM\...\AVG CloudCare) (Version: 3.2.1 - AVG Technologies)
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.9 - AVG Technologies) Hidden
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon MX870 series User Registration (HKLM\...\Canon MX870 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: - )
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel DVD MovieFactory (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 Lenovo Edition (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeLorme Street Atlas USA 2009 (HKLM\...\{AEB95804-A937-49E6-940A-37A606C16D5D}) (Version: 9.00.0000 - DeLorme Publishing)
Digital Picture Recovery (HKLM\...\Digital Picture Recovery) (Version: 2.1.2.8 - dtidata.com)
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Free File Opener v2011.6.0.4 (HKLM\...\Free File Opener_is1) (Version: 2011.6.0.4 - Free File Opener, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
HD Writer AE 3.0 (HKLM\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM\...\{7A3FFA58-876F-489C-B6CF-0503916224DF}) (Version: 3.0.5617 - HTC Corporation)
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.157 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.157 - InterVideo Inc.) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche Studios)
K-Lite Codec Pack 6.0.4 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0002.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version: - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Mobile Broadband Connect (HKLM\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Firefox 4.0 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0 (x86 en-US)) (Version: 4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
NetViewer 2.1.584.0 (HKLM\...\NetViewer) (Version: 2.1.584.0 - )
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12130 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (HKLM\...\Adobe_1b5a11fde44351ae0f4c7fd0e4daadc) (Version: 4.4.0 - Adobe Systems Incorporated)
Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (Version: 4.4.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks (Version: 19.0.4011.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4011.705 - Intuit Inc.)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.3.7 - Intuit)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Search Protection (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Search Protection) (Version: 10.7.0.1 - Spigot, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
The Print Shop 22 (HKLM\...\{E34351A4-4B10-4DFF-96BC-84C642D9C625}) (Version: 22.00.0000 - Broderbund Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.10a - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.50 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebEx (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net (11/19/2009 11.5.5.0) (HKLM\...\A140D730315E230942517BDDAEC2B1B5FCC45A3F) (Version: 11/19/2009 11.5.5.0 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1026\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points =========================

11-12-2014 08:26:30 Scheduled Checkpoint
02-01-2015 12:41:54 Intel® Driver Update Utility
02-01-2015 12:49:03 Intel® PROSet/Wireless Software
15-01-2015 16:52:24 Scheduled Checkpoint
16-01-2015 19:19:34 Windows Update
16-01-2015 23:24:04 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2015-01-15 13:20 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08C60E9B-4AD4-495A-8EC7-40CF1EE8811B} - System32\Tasks\InstallShield Software online update program => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-16] (InstallShield Software Corporation)
Task: {0D98184E-32AB-4002-B42B-183B6EDE33C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {0F989BE7-FEE9-4162-AE5A-F0A7A78DE8B6} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {19BCC457-29AA-430F-93C8-C6B770EE7692} - System32\Tasks\{A90682E6-3795-4060-AEF9-00A2150BFA68} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl"
Task: {1B29FD60-61DE-403F-897E-94F774D856AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1BB0418C-9C6A-40D2-8683-CA6D7982BECB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {209C7C6C-CBC2-41FC-A757-DE2A25B80416} - System32\Tasks\{CE78F2F9-EEDA-49CB-A1BD-08DE7DE8C0E5} => E:\Setup.exe
Task: {24F6D86F-A55F-4B4E-9D48-6068FF00C60A} - System32\Tasks\{C2405C53-C542-458F-9782-7D4BB17E147C} => E:\ace\SINGLE\SETUP.EXE
Task: {259A12A9-FBB3-4479-A1F1-FE533ABCCBF8} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {259B58CC-1CC0-4F60-8FD4-184FE3DFCE1D} - System32\Tasks\{1540E941-4CD6-4941-B170-D0D20F45E0EA} => E:\autorun.exe
Task: {29A590F7-ED48-4A5D-8364-F25C8A2B21D1} - System32\Tasks\Message Center plus => C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {365039BA-D056-4548-A4C1-AFB67518136C} - System32\Tasks\{641FAB8B-0345-4BF5-B407-89A82A9DF934} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\\tssmpm.cpl"
Task: {46207F1F-8A9D-44C9-9459-533110387C20} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {4E2708E9-4E2B-4EBA-88BE-87E01CF4C422} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {573C700B-BFB7-4B2D-82E0-C295EA4664E8} - System32\Tasks\{C7870018-95CD-49A1-8511-2FA7DD647873} => E:\ace\SINGLE\SETUP.EXE
Task: {5FA52832-1814-4100-AA81-EB64BEC12DAF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {5FBD5FCB-2122-4448-9B82-830D2108807B} - System32\Tasks\LaunchCSS => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-26] (Lenovo Group Limited)
Task: {62D0B3DA-2018-48B9-962C-482771543418} - System32\Tasks\{B746EDA9-1EA4-4B66-BAC3-5BF8C299A8A9} => E:\autorun.exe
Task: {693133C6-59A9-4F14-A5B4-E9E8F49197D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7307B735-7772-49FD-BE2F-36BF96E0ECAB} - System32\Tasks\{8CE865C7-79CA-44DE-B8AE-9993D0236C60} => D:\install.exe
Task: {7A317081-074A-4C61-95C8-6A2DDA1B2437} - System32\Tasks\{35A9C21D-65FC-45D5-9472-346495408226} => E:\ace\SINGLE\SETUP.EXE
Task: {7B925F22-0399-476E-AFE5-C75552BD7A16} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Lenovo-Bruce => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {83952255-1DDD-4BDB-920F-A1DFF0AC08DD} - System32\Tasks\{10F11F3A-58FF-4BBC-8168-6105E14410B6} => E:\setup.exe
Task: {897B4F6E-FDF0-43CB-AE03-04E312300C23} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-11-26] (Lenovo Group Limited)
Task: {9314E8F0-AD1C-478B-A2C5-6137608B6FDD} - System32\Tasks\InstallShield Software update service => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {998D0A65-D9FE-4D67-BFED-C8F4819732F0} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A5F8BFAD-B368-437F-B7AD-456939861D20} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {A954044F-9745-4724-8204-3743B7F5AEDF} - System32\Tasks\{56A271B6-B527-4A59-AF05-1682CC725F72} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B3500B58-8693-4A86-8951-F362C64A5553} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B400A4B7-0DE1-49DA-83D9-D646D73CCA92} - System32\Tasks\{84AE0A25-3344-4110-87F8-F39AE4C1A56B} => pcalua.exe -a C:\SWTools\skype\Skype_Setup.exe -d C:\SWTools\skype
Task: {B9C075ED-2906-4D73-9811-23DFA22104F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {BBBE9FE9-89F6-460F-B3C8-201CFCCEB524} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {CD4068ED-893C-4AA9-99B9-7E5A262B9E32} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {D811F944-863A-4423-803A-C4E084E2332A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-12-20] ()
Task: {D9293844-F489-4397-8BB9-488ACE94A14F} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {DA3AEC2B-0BB5-45D9-9C97-879863A2D03B} - System32\Tasks\{2E88491F-1A5F-4A22-B292-ACEA4ED9DC0B} => pcalua.exe -a C:\Users\Bruce\Downloads\MediaToolsProfessional5.1.exe -d C:\Users\Bruce\Downloads
Task: {DF844C5B-A434-4CA2-A6A9-75A739EF1328} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {F50085CF-F530-4CBB-99B3-2DBE91056D68} - System32\Tasks\{76A69476-6ADD-4A19-91A6-0EF971717ED4} => E:\setup.exe
Task: {FF0EB834-16BF-4947-9A96-236DF606E5FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {FF7B19BC-F590-446A-B3CB-AE8A5C665E10} - System32\Tasks\TVT\LaunchRnR => C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 08:35 - 2013-10-28 14:48 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-11-26 17:48 - 2009-11-26 17:48 - 00006656 _____ () C:\Program Files\Lenovo\Access Connections\ACNewBiosHelper.dll
2013-10-17 08:35 - 2014-07-25 06:45 - 00059160 _____ () C:\Program Files\AVG\CloudCare\ZlibStream.dll
2013-10-17 08:35 - 2014-07-25 06:45 - 00073496 _____ () C:\Program Files\AVG\CloudCare\UpdateProxy.dll
2014-09-08 10:12 - 2013-09-05 06:21 - 00179888 _____ () C:\Program Files\AVG\CloudCare\AvgRemote\VIPTunnelDll.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-23 05:43 - 2009-11-26 10:10 - 00032768 _____ () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2013-12-14 10:59 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-14 10:59 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-01-31 18:13 - 2010-08-24 18:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll
2014-07-14 02:26 - 2014-07-14 02:26 - 00585528 _____ () C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll
2014-07-14 02:26 - 2014-07-14 02:26 - 00357176 _____ () C:\Program Files\AVG\AVG PC TuneUp\tuavgx.dll
2013-12-14 10:59 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-14 10:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-14 10:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgRemote => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\raserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\XmppAuth => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2701720504-2077786656-4262629455-1006 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2701720504-2077786656-4262629455-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2701720504-2077786656-4262629455-1009 - Limited - Enabled)
braley (S-1-5-21-2701720504-2077786656-4262629455-1003 - Limited - Enabled) => C:\Users\braley
Bruce (S-1-5-21-2701720504-2077786656-4262629455-1001 - Administrator - Enabled) => C:\Users\Bruce
Guest (S-1-5-21-2701720504-2077786656-4262629455-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2701720504-2077786656-4262629455-1005 - Limited - Enabled)
Sean (S-1-5-21-2701720504-2077786656-4262629455-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/18/2015 04:00:27 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7436) Asapi: (16:00:27:3110)(7436) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>1E443A609F227DDC</RequestId><HostId>qLc5YYkQbD4y/oQVaus1ehC4XZlAwCWGEMQVlSPXQ2iR6vkh1X6qYAGP4UxwNnPI</HostId></Error>

Error: (01/17/2015 04:00:47 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8640) Asapi: (16:00:47:9780)(8640) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/17/2015 04:00:33 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8640) Asapi: (16:00:33:4540)(8640) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>725C8B52BC2BC955</RequestId><HostId>Xswj8O39WBEv3Dvw1/kEHHIPRJMXPDX92DqD/U+2qifqmdfIonjhndgBD8X0sADG</HostId></Error>

Error: (01/16/2015 06:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/16/2015 06:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.


System errors:
=============
Error: (01/19/2015 09:39:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/19/2015 09:29:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/19/2015 09:29:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/19/2015 09:29:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/18/2015 11:47:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2015 11:37:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2015 11:27:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2015 11:17:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2015 11:07:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2015 10:57:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/18/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/18/2015 04:00:27 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (7436) Asapi: (16:00:27:3110)(7436) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>1E443A609F227DDC</RequestId><HostId>qLc5YYkQbD4y/oQVaus1ehC4XZlAwCWGEMQVlSPXQ2iR6vkh1X6qYAGP4UxwNnPI</HostId></Error>

Error: (01/17/2015 04:00:47 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8640) Asapi: (16:00:47:9780)(8640) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/17/2015 04:00:33 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8640) Asapi: (16:00:33:4540)(8640) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>725C8B52BC2BC955</RequestId><HostId>Xswj8O39WBEv3Dvw1/kEHHIPRJMXPDX92DqD/U+2qifqmdfIonjhndgBD8X0sADG</HostId></Error>

Error: (01/16/2015 06:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/16/2015 06:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583

Error: (01/16/2015 06:44:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3059.69 MB
Available physical RAM: 1325.34 MB
Total Pagefile: 6117.66 MB
Available Pagefile: 3920.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.45 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:673.37 GB) (Free:397.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Premiere Pro CS5 CIB) (CDROM) (Total:4.12 GB) (Free:0 GB) UDF
Drive q: (Lenovo_Recovery) (Fixed) (Total:24.09 GB) (Free:18.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B729D094)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Juliet
2015-01-19, 22:12
well damn, burst my bubble why don't ya!


If you can, go to add/remove programs list and delete...If found
Search Protection

This script I'm creating should allow you to afterwards set your homepage and default search engine.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)




start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> {8B8759FD-D298-4DA4-9E65-1537394A49E4} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=g...type=523482&p=
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=523482&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
C:\Users\Bruce\AppData\Roaming\Search Protection
C:\Users\Bruce\AppData\Local\Temp\Quarantine.exe
C:\Users\Bruce\AppData\Local\Temp\sqlite3.dll
Search Protection (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Search Protection) (Version: 10.7.0.1 - Spigot, Inc.) <==== ATTENTION
Task: {46207F1F-8A9D-44C9-9459-533110387C20} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION

EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~

http://technet.microsoft.com/en-us/library/cc734083%28v=ws.10%29.aspx
And under Application Errors, "The Cryptographic Services service failed to initialize the Catalog Database." The system catalog database ensures your system files haven't been tampered with. Scroll down the link for instructions on how to repair the system catalog database:


~~~~~~~~~~~~~~~`

this nonsense may not ybe our fault.
See here:
http://www.infoworld.com/article/2859267/operating-systems/windows-7-hit-by-rash-of-bogus-not-genuine-reports-validation-code-0x8004fe21.html
and here:
http://www.infoworld.com/article/2859115/microsoft-windows/microsoft-releases-silver-bullet-patch-kb-3024777-to-eliminate-botched-patch-kb-3004394.html

spypcsense
2015-01-21, 00:54
Fraid I messed up. Was still having problem with Firefox so uninstalled the older of the two versions that showed up in Programs and Features and lost all my bookmarks, history etc. Some of that info is important for a possible legal problem so I did a system restore to 1pm yesterday and then to 11pm on the 16th when the first restore didn't work. That didn't work either so I went back to the restore on the 19th as just about everything was done then. I'm thinking about attaching my old drive via usb and copying the bookmark and history files back. What is the risk? If there is a high risk I can reinstall the old drive and run through all the scans we have done to clean it before I copy the files. Haven't tried replacing the Crypto catalog yet.
Regards

Juliet
2015-01-21, 01:21
might have a problem here even with system restore.

Did you in the beginning do registry backup with Tweaking.com?

02-01-2015 12:49:03 Intel® PROSet/Wireless Software <-- you may already used this date

LastRegBack: 2014-12-17 23:49


I think the worse that might happen is more windows alerts that you may have already solved.

spypcsense
2015-01-21, 02:16
Last registry backup was at 2:36pm Jan 16, 2015 which I can restore thru Tweaking.com. Also did one at 2pm and another on the 13th when we started on this. Not clear on where to go from here - Are you thinking that hooking up the drive via usb might reverse some of the fixes but not cause major harm?



might have a problem here even with system restore.

Did you in the beginning do registry backup with Tweaking.com?

02-01-2015 12:49:03 Intel® PROSet/Wireless Software <-- you may already used this date

LastRegBack: 2014-12-17 23:49


I think the worse that might happen is more windows alerts that you may have already solved.

Juliet
2015-01-21, 02:33
Are you thinking that hooking up the drive via usb might reverse some of the fixes but not cause major harm?
either or
If some type of infection sets in, then I'm here to help with that.

see if this helps
Recover lost or missing Bookmarks
https://support.mozilla.org/en-US/kb/recover-lost-or-missing-bookmarks

spypcsense
2015-01-21, 18:37
Morning
Recovered the bookmarks from a July backup. Thanks.
Will run FRST again and then rebuild the cryptographic catalog.
Will post results when done.

Juliet
2015-01-22, 03:34
ok
let me know what happens.

Juliet
2015-01-24, 15:53
Still need help?

Juliet
2015-01-26, 12:40
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.

Juliet
2015-01-27, 21:07
Topic reopened.

Please tell me whats happening on the computer now.

spypcsense
2015-01-28, 19:27
Computer sometimes is extremely slow. Here is the FRST log:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\XmppAuth.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
(AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(SAMSUNG Electornics Co., Ltd.) C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
() C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2009-11-27] (Lenovo.)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [ACWLIcon] => C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe [181608 2009-11-26] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [435560 2009-11-26] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AVG CloudCare] => C:\Program Files\AVG\CloudCare\AvgTrayApp.exe [108312 2014-11-03] (AVG Technologies, Inc.)
HKLM\...\Run: [racontrol] => C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1403360 2014-08-14] (AVG Technologies, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {06113c30-fef8-11e3-8c7b-78dd08b37ded} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {cd33b098-e596-11e2-9fb9-00262dfc1d87} - E:\VZW_Software_upgrade_assistant.exe
IFEO\isuspm.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\natspeak.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://10.0.0.26:85/HiDvrOcx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v9mtrg9w.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2701720504-2077786656-4262629455-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bruce\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27]

Chrome:
=======
CHR HomePage: Default -> CF2A1B5DAB7B5315E55715EF8EC5133FC9F72ED56902A51959CDB1A61A4E382D
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=523482&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-08]
CHR Extension: (Google Wallet) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2009-11-26] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [255336 2009-11-26] (Lenovo)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [948736 2011-08-08] (Intel Corporation)
R2 AvgApiWrapper; C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe [152856 2014-11-03] (AVG Technologies, Inc.)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AvgRemote; C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe [54752 2014-08-28] (AVG Technologies, Inc.)
R2 AvgUpgrade; C:\Program Files\AVG\CloudCare\AvgUpgrade.exe [78616 2014-11-03] (AVG Technologies, Inc.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [102672 2011-06-03] (Intel(R) Corporation)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-01-31] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R2 raserver; C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1403360 2014-08-14] (AVG Technologies, Inc.)
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35640 2014-07-14] (AVG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 XmppAuth; C:\Program Files\AVG\CloudCare\XmppAuth.exe [285976 2014-11-03] (AVG Technologies, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2012-12-17] (Oak Technology Inc.) [File not signed]
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 08:41 - 2015-01-27 08:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 22:19 - 2015-01-25 22:19 - 00569960 _____ (TODO: <Company name>) C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe
2015-01-21 19:03 - 2015-01-21 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG CloudCare
2015-01-21 19:03 - 2015-01-21 19:03 - 00000000 ____D () C:\Program Files\Common Files\Windows Microsoft Shared
2015-01-19 13:10 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-19 09:34 - 2015-01-28 08:12 - 00000000 ____D () C:\Users\Bruce\Desktop\FRST-OlderVersion
2015-01-17 16:04 - 2015-01-17 16:04 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(3).exe
2015-01-16 20:56 - 2015-01-16 20:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-16 19:27 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-16 19:27 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-16 19:27 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-16 19:27 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-16 19:27 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-16 19:18 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-16 19:18 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 19:18 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-16 19:18 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-16 19:18 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-16 19:18 - 2014-11-21 18:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-16 19:18 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-16 19:18 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-16 19:18 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-16 19:18 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-16 19:18 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-16 19:18 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-16 19:18 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-16 19:18 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-16 19:18 - 2014-11-21 17:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-16 19:18 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-16 19:18 - 2014-11-21 17:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-16 19:18 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-16 19:18 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-16 19:18 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-16 19:18 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-16 19:18 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-16 19:18 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-16 19:18 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-16 19:18 - 2014-11-21 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-16 19:18 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-16 19:18 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-16 19:18 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-16 19:18 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-16 19:18 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-16 19:18 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-16 19:18 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-16 19:18 - 2014-10-13 17:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-16 19:18 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-16 19:18 - 2014-10-13 17:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-16 19:18 - 2014-10-13 17:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-16 19:18 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-16 19:18 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-16 19:18 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-16 19:18 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-16 19:18 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-16 19:18 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-16 19:17 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 19:17 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 19:17 - 2014-12-11 09:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 19:17 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-16 19:17 - 2014-12-03 20:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-16 19:17 - 2014-12-03 20:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-16 19:17 - 2014-12-01 15:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-16 19:17 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-16 19:17 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-16 19:17 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-16 19:17 - 2014-11-10 17:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-16 19:17 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-16 19:17 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-16 19:17 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-16 19:17 - 2014-10-09 16:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-16 19:17 - 2014-10-02 17:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-16 19:17 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-16 19:17 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-16 19:17 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-16 19:17 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-16 18:44 - 2012-05-30 13:30 - 00471360 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2015-01-16 18:01 - 2015-01-16 18:01 - 00347816 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\MicrosoftFixit.wu.RNP.Run.exe
2015-01-16 15:25 - 2015-01-16 15:25 - 00000000 ____D () C:\MoTemp
2015-01-16 14:35 - 2015-01-16 14:35 - 00000000 ____D () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio
2015-01-16 14:33 - 2015-01-16 14:34 - 07876439 _____ () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio.zip
2015-01-16 14:17 - 2015-01-16 14:17 - 00003288 _____ () C:\bootsqm.dat
2015-01-16 13:16 - 2015-01-16 13:16 - 01346048 _____ (Indigo Rose Corporation) C:\Users\Bruce\Desktop\uninstall.exe
2015-01-16 13:16 - 2015-01-16 13:16 - 00325960 _____ () C:\Users\Bruce\Desktop\lua5.1.dll
2015-01-16 13:16 - 2015-01-16 13:16 - 00001386 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\Uninstall
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\repairs_info
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\files
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\color_presets
2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-16 13:14 - 2015-01-16 13:15 - 09817304 _____ () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-01-16 13:07 - 2015-01-16 13:07 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(2).exe
2015-01-16 09:42 - 2015-01-16 09:43 - 00002241 _____ () C:\Users\Bruce\Desktop\FSS.txt
2015-01-16 09:11 - 2015-01-16 09:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-16 08:52 - 2015-01-16 08:53 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bruce\Desktop\tdsskiller.exe
2015-01-16 08:52 - 2015-01-16 08:52 - 00415232 _____ (Farbar) C:\Users\Bruce\Desktop\FSS.exe
2015-01-15 16:01 - 2015-01-15 16:01 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\PCDr
2015-01-15 16:00 - 2015-01-15 16:00 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-15 14:36 - 2015-01-15 14:36 - 00001731 _____ () C:\Users\Bruce\Desktop\JRT.txt
2015-01-15 14:30 - 2015-01-15 14:30 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 14:27 - 2015-01-15 14:27 - 01707939 _____ (Thisisu) C:\Users\Bruce\Desktop\JRT(1).exe
2015-01-15 14:25 - 2015-01-15 14:25 - 00236344 _____ () C:\Users\Bruce\Desktop\JRT.exe
2015-01-15 14:03 - 2015-01-15 14:13 - 00000000 ____D () C:\AdwCleaner
2015-01-15 14:00 - 2015-01-15 14:01 - 02191360 _____ () C:\Users\Bruce\Desktop\AdwCleaner.exe
2015-01-15 14:00 - 2015-01-15 14:00 - 00002192 _____ () C:\Users\Bruce\Documents\reply.txt
2015-01-15 10:39 - 2015-01-15 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-15 10:36 - 2015-01-15 11:03 - 00000000 ____D () C:\Users\Bruce\Desktop\mbar
2015-01-15 10:35 - 2015-01-15 10:36 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Bruce\Downloads\mbar-1.08.2.1001.exe
2015-01-15 10:02 - 2015-01-21 11:06 - 00055635 _____ () C:\Users\Bruce\Desktop\Addition.txt
2015-01-15 10:00 - 2015-01-28 08:13 - 00026194 _____ () C:\Users\Bruce\Desktop\FRST.txt
2015-01-15 10:00 - 2015-01-28 08:12 - 01121792 _____ (Farbar) C:\Users\Bruce\Desktop\FRST.exe
2015-01-13 16:14 - 2015-01-13 16:14 - 00002214 _____ () C:\Users\Bruce\Desktop\aswMBR.txt
2015-01-13 16:14 - 2015-01-13 16:14 - 00000512 _____ () C:\Users\Bruce\Desktop\MBR.dat
2015-01-13 14:10 - 2015-01-13 14:11 - 05198336 _____ (AVAST Software) C:\Users\Bruce\Desktop\aswMBR.exe
2015-01-13 13:46 - 2015-01-13 13:47 - 00051749 _____ () C:\Users\Bruce\Desktop\oldAddition.txt
2015-01-13 13:43 - 2015-01-28 08:12 - 00000000 ____D () C:\FRST
2015-01-13 13:37 - 2015-01-13 13:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRUCE-LENOVO-Microsoft-Windows-7-Professional-(32-bit).dat
2015-01-13 13:36 - 2015-01-13 13:36 - 00000000 ____D () C:\RegBackup
2015-01-13 13:35 - 2015-01-13 13:35 - 00002196 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-01-13 13:32 - 2015-01-13 13:32 - 04215584 _____ () C:\Users\Bruce\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-13 13:06 - 2015-01-13 13:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(1).exe
2015-01-09 20:00 - 2015-01-27 18:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 19:59 - 2015-01-15 10:39 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 19:59 - 2015-01-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 19:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 19:58 - 2015-01-09 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2015-01-09 10:01 - 2015-01-21 19:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG
2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG
2015-01-09 09:28 - 2015-01-09 09:00 - 08994813 _____ () C:\Users\Admin\Documents\CBS.txt.log
2015-01-09 09:18 - 2015-01-09 09:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2014
2015-01-09 09:17 - 2015-01-09 09:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2014
2015-01-09 09:17 - 2015-01-09 09:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-02 12:53 - 2015-01-07 10:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-02 12:53 - 2015-01-02 12:53 - 00000000 ____D () C:\ProgramData\Intel.sav
2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-01-02 12:43 - 2015-01-02 12:43 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Intel
2015-01-02 12:42 - 2015-01-02 12:42 - 00001139 _____ () C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\Program Files\Intel Driver Update Utility
2015-01-02 12:41 - 2015-01-02 12:41 - 02333416 _____ (Intel) C:\Users\Bruce\Downloads\Intel Driver Update Utility Installer.exe
2015-01-02 12:26 - 2015-01-02 12:26 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 08:10 - 2010-06-23 05:46 - 01586172 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 08:10 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 08:10 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 08:07 - 2011-11-01 07:44 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-28 08:04 - 2013-10-17 08:35 - 00000000 ____D () C:\ProgramData\AVGRemoteIT
2015-01-28 08:04 - 2011-05-03 15:00 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-28 08:04 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 08:04 - 2009-07-13 20:39 - 00192875 _____ () C:\Windows\setupact.log
2015-01-27 22:58 - 2010-07-21 11:01 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook Files
2015-01-27 22:58 - 2010-06-24 18:18 - 00000000 ____D () C:\Users\braley\Outlook
2015-01-27 22:42 - 2012-04-08 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 09:01 - 2011-04-08 18:25 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-27 08:57 - 2009-10-02 05:41 - 00000000 ____D () C:\Users\Bruce\Documents\Health
2015-01-27 08:47 - 2011-01-24 16:51 - 00000000 ____D () C:\Users\Bruce\Documents\investment
2015-01-27 08:14 - 2009-07-13 20:33 - 03896504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 12:42 - 2012-04-08 09:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 12:42 - 2011-05-26 08:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 10:56 - 2009-07-20 21:30 - 00800182 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 19:09 - 2013-06-30 12:23 - 00000000 ____D () C:\TEMP
2015-01-20 09:08 - 2010-06-24 23:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-19 19:22 - 2010-06-23 06:28 - 00000000 ____D () C:\Users\Bruce
2015-01-19 19:17 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-19 19:16 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin
2015-01-19 19:16 - 2010-06-22 18:22 - 00000000 ____D () C:\Users\braley
2015-01-19 19:15 - 2011-04-08 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-19 19:15 - 2010-06-23 06:21 - 00000000 ____D () C:\ProgramData\Lenovo
2015-01-19 19:15 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-01-19 19:15 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 19:13 - 2011-03-25 10:40 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Mozilla Firefox
2015-01-19 19:13 - 2010-06-22 15:53 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Mozilla
2015-01-16 23:21 - 2010-06-23 06:31 - 00462888 _____ () C:\Users\Bruce\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-16 20:56 - 2014-07-09 11:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-16 20:56 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-16 19:41 - 2013-08-17 09:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 18:38 - 2010-06-23 05:44 - 00000000 ____D () C:\swshare
2015-01-16 17:40 - 2013-01-09 04:02 - 00000000 ____D () C:\Users\Bruce\Documents\Technical
2015-01-16 15:12 - 2010-06-23 05:42 - 01868734 _____ () C:\Windows\PFRO.log
2015-01-16 15:12 - 2010-06-23 05:34 - 00000000 ____D () C:\Windows\CSC
2015-01-16 14:32 - 2013-07-18 16:22 - 00001734 _____ () C:\Users\Bruce\Desktop\settings.ini
2015-01-15 13:20 - 2014-04-03 21:57 - 00000000 ____D () C:\Users\Outlook
2015-01-13 12:59 - 2011-05-03 15:00 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-11 00:56 - 2010-10-02 07:35 - 00000000 ____D () C:\Users\Bruce\Documents\Politics
2015-01-10 09:59 - 2009-07-13 20:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 19:59 - 2011-11-01 13:12 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-09 09:18 - 2012-05-06 10:50 - 00462888 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 09:17 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-07 11:01 - 2013-12-14 10:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-07 10:39 - 2010-06-24 23:49 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Microsoft Help
2015-01-07 10:19 - 2014-06-21 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 10:19 - 2011-11-09 01:58 - 00000000 ____D () C:\ProgramData\Intel
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Cisco
2015-01-07 10:18 - 2010-06-23 05:39 - 00000000 ____D () C:\Program Files\Intel
2015-01-02 12:54 - 2013-11-18 07:58 - 00000000 ____D () C:\Users\TEMP
2014-12-31 13:15 - 2010-06-22 22:55 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-14 12:48 - 2014-06-14 12:48 - 6103040 _____ () C:\Program Files\GUT3266.tmp
2012-04-26 10:24 - 2012-05-07 16:17 - 0022616 _____ () C:\Users\Bruce\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-02-15 12:01 - 2014-03-03 21:01 - 0002235 _____ () C:\Users\Bruce\AppData\Roaming\SAS7_000.DAT
2014-02-23 13:04 - 2014-02-23 13:04 - 0000000 _____ () C:\Users\Bruce\AppData\Roaming\SharedSettings.ccs
2011-11-07 10:10 - 2012-05-02 12:01 - 0172925 _____ () C:\Users\Bruce\AppData\Local\ars.cache
2011-11-07 10:10 - 2012-05-02 12:01 - 0417386 _____ () C:\Users\Bruce\AppData\Local\census.cache
2012-11-20 09:16 - 2012-11-20 09:16 - 0005632 _____ () C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-24 10:08 - 2010-12-24 10:08 - 0000036 _____ () C:\Users\Bruce\AppData\Local\housecall.guid.cache
2011-01-10 08:10 - 2011-01-10 08:10 - 0004096 ____H () C:\Users\Bruce\AppData\Local\keyfile3.drm
2010-09-15 08:47 - 2014-09-17 21:48 - 0007604 _____ () C:\Users\Bruce\AppData\Local\resmon.resmoncfg
2011-04-08 18:24 - 2011-04-08 18:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-02-21 15:28 - 2013-02-21 17:19 - 0000034 _____ () C:\ProgramData\IpAndPort.fig
2013-02-21 15:28 - 2013-09-13 22:30 - 0000225 _____ () C:\ProgramData\RmUserCfg.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 16:45

==================== End Of Log ============================

Juliet
2015-01-28, 21:12
Can you post the Addition.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)

After the above please uninstall Google Chrome,

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click on Google Chrome
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.



and reinstall from http://www.google.com/chrome/

~~~~~~~
Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

spypcsense
2015-01-29, 01:23
Here's Addition.txt
Will run Hijack and post it
I'm not using Chrome - using Firefox - I do have it on the machine and will uninstall
Thanks

======================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG CloudCare AntiVirus 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Connect Add-in (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Adobe Connect Add-in) (Version: - )
Adobe Creative Suite 5 Production Premium (HKLM\...\{53BC789D-073D-47B6-AA9F-DE05990AF07A}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.10 (HKLM\...\Amazon MP3 Downloader) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.6 - Vantage Software Technologies)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG CloudCare (HKLM\...\AVG CloudCare) (Version: 3.2.3 - AVG Technologies)
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.9 - AVG Technologies) Hidden
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon MX870 series User Registration (HKLM\...\Canon MX870 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: - )
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel DVD MovieFactory (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 Lenovo Edition (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeLorme Street Atlas USA 2009 (HKLM\...\{AEB95804-A937-49E6-940A-37A606C16D5D}) (Version: 9.00.0000 - DeLorme Publishing)
Digital Picture Recovery (HKLM\...\Digital Picture Recovery) (Version: 2.1.2.8 - dtidata.com)
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Free File Opener v2011.6.0.4 (HKLM\...\Free File Opener_is1) (Version: 2011.6.0.4 - Free File Opener, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
HD Writer AE 3.0 (HKLM\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM\...\{7A3FFA58-876F-489C-B6CF-0503916224DF}) (Version: 3.0.5617 - HTC Corporation)
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.157 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.157 - InterVideo Inc.) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche Studios)
K-Lite Codec Pack 6.0.4 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0002.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version: - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Mobile Broadband Connect (HKLM\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
NetViewer 2.1.584.0 (HKLM\...\NetViewer) (Version: 2.1.584.0 - )
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12130 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (HKLM\...\Adobe_1b5a11fde44351ae0f4c7fd0e4daadc) (Version: 4.4.0 - Adobe Systems Incorporated)
Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (Version: 4.4.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks (Version: 19.0.4011.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4011.705 - Intuit Inc.)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.3.7 - Intuit)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Search Protection (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Search Protection) (Version: 10.7.0.1 - Spigot, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
The Print Shop 22 (HKLM\...\{E34351A4-4B10-4DFF-96BC-84C642D9C625}) (Version: 22.00.0000 - Broderbund Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.10a - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.50 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebEx (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net (11/19/2009 11.5.5.0) (HKLM\...\A140D730315E230942517BDDAEC2B1B5FCC45A3F) (Version: 11/19/2009 11.5.5.0 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1026\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points =========================

02-01-2015 12:41:54 Intel® Driver Update Utility
02-01-2015 12:49:03 Intel® PROSet/Wireless Software
15-01-2015 16:52:24 Scheduled Checkpoint
16-01-2015 19:19:34 Windows Update
16-01-2015 23:24:04 Windows Update
19-01-2015 13:11:04 Windows Update
19-01-2015 18:25:10 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2015-01-19 12:39 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08C60E9B-4AD4-495A-8EC7-40CF1EE8811B} - System32\Tasks\InstallShield Software online update program => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-16] (InstallShield Software Corporation)
Task: {0D98184E-32AB-4002-B42B-183B6EDE33C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {0F989BE7-FEE9-4162-AE5A-F0A7A78DE8B6} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {19BCC457-29AA-430F-93C8-C6B770EE7692} - System32\Tasks\{A90682E6-3795-4060-AEF9-00A2150BFA68} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl"
Task: {1B29FD60-61DE-403F-897E-94F774D856AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1BB0418C-9C6A-40D2-8683-CA6D7982BECB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {209C7C6C-CBC2-41FC-A757-DE2A25B80416} - System32\Tasks\{CE78F2F9-EEDA-49CB-A1BD-08DE7DE8C0E5} => E:\Setup.exe
Task: {24F6D86F-A55F-4B4E-9D48-6068FF00C60A} - System32\Tasks\{C2405C53-C542-458F-9782-7D4BB17E147C} => E:\ace\SINGLE\SETUP.EXE
Task: {259A12A9-FBB3-4479-A1F1-FE533ABCCBF8} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {259B58CC-1CC0-4F60-8FD4-184FE3DFCE1D} - System32\Tasks\{1540E941-4CD6-4941-B170-D0D20F45E0EA} => E:\autorun.exe
Task: {29A590F7-ED48-4A5D-8364-F25C8A2B21D1} - System32\Tasks\Message Center plus => C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {365039BA-D056-4548-A4C1-AFB67518136C} - System32\Tasks\{641FAB8B-0345-4BF5-B407-89A82A9DF934} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\\tssmpm.cpl"
Task: {4E2708E9-4E2B-4EBA-88BE-87E01CF4C422} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {573C700B-BFB7-4B2D-82E0-C295EA4664E8} - System32\Tasks\{C7870018-95CD-49A1-8511-2FA7DD647873} => E:\ace\SINGLE\SETUP.EXE
Task: {5FA52832-1814-4100-AA81-EB64BEC12DAF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {5FBD5FCB-2122-4448-9B82-830D2108807B} - System32\Tasks\LaunchCSS => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-26] (Lenovo Group Limited)
Task: {62D0B3DA-2018-48B9-962C-482771543418} - System32\Tasks\{B746EDA9-1EA4-4B66-BAC3-5BF8C299A8A9} => E:\autorun.exe
Task: {693133C6-59A9-4F14-A5B4-E9E8F49197D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7307B735-7772-49FD-BE2F-36BF96E0ECAB} - System32\Tasks\{8CE865C7-79CA-44DE-B8AE-9993D0236C60} => D:\install.exe
Task: {7A317081-074A-4C61-95C8-6A2DDA1B2437} - System32\Tasks\{35A9C21D-65FC-45D5-9472-346495408226} => E:\ace\SINGLE\SETUP.EXE
Task: {7B925F22-0399-476E-AFE5-C75552BD7A16} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Lenovo-Bruce => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {83952255-1DDD-4BDB-920F-A1DFF0AC08DD} - System32\Tasks\{10F11F3A-58FF-4BBC-8168-6105E14410B6} => E:\setup.exe
Task: {897B4F6E-FDF0-43CB-AE03-04E312300C23} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-11-26] (Lenovo Group Limited)
Task: {9314E8F0-AD1C-478B-A2C5-6137608B6FDD} - System32\Tasks\InstallShield Software update service => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
Task: {998D0A65-D9FE-4D67-BFED-C8F4819732F0} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A5F8BFAD-B368-437F-B7AD-456939861D20} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {A954044F-9745-4724-8204-3743B7F5AEDF} - System32\Tasks\{56A271B6-B527-4A59-AF05-1682CC725F72} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B3500B58-8693-4A86-8951-F362C64A5553} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B400A4B7-0DE1-49DA-83D9-D646D73CCA92} - System32\Tasks\{84AE0A25-3344-4110-87F8-F39AE4C1A56B} => pcalua.exe -a C:\SWTools\skype\Skype_Setup.exe -d C:\SWTools\skype
Task: {B9C075ED-2906-4D73-9811-23DFA22104F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {BBBE9FE9-89F6-460F-B3C8-201CFCCEB524} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {CD4068ED-893C-4AA9-99B9-7E5A262B9E32} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
Task: {D811F944-863A-4423-803A-C4E084E2332A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-12-20] ()
Task: {D9293844-F489-4397-8BB9-488ACE94A14F} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {DA3AEC2B-0BB5-45D9-9C97-879863A2D03B} - System32\Tasks\{2E88491F-1A5F-4A22-B292-ACEA4ED9DC0B} => pcalua.exe -a C:\Users\Bruce\Downloads\MediaToolsProfessional5.1.exe -d C:\Users\Bruce\Downloads
Task: {DF844C5B-A434-4CA2-A6A9-75A739EF1328} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {F50085CF-F530-4CBB-99B3-2DBE91056D68} - System32\Tasks\{76A69476-6ADD-4A19-91A6-0EF971717ED4} => E:\setup.exe
Task: {FF0EB834-16BF-4947-9A96-236DF606E5FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {FF7B19BC-F590-446A-B3CB-AE8A5C665E10} - System32\Tasks\TVT\LaunchRnR => C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 08:35 - 2013-10-28 14:48 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-11-26 17:48 - 2009-11-26 17:48 - 00006656 _____ () C:\Program Files\Lenovo\Access Connections\ACNewBiosHelper.dll
2013-10-17 08:35 - 2014-11-03 13:34 - 00059160 _____ () C:\Program Files\AVG\CloudCare\ZlibStream.dll
2013-10-17 08:35 - 2014-11-03 13:34 - 00073496 _____ () C:\Program Files\AVG\CloudCare\UpdateProxy.dll
2015-01-21 19:03 - 2014-08-28 07:20 - 00170464 _____ () C:\Program Files\AVG\CloudCare\AvgRemote\VIPTunnelDll.dll
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-01-31 18:13 - 2010-08-24 18:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll
2014-07-14 02:26 - 2014-07-14 02:26 - 00585528 _____ () C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll
2014-07-14 02:26 - 2014-07-14 02:26 - 00357176 _____ () C:\Program Files\AVG\AVG PC TuneUp\tuavgx.dll
2013-12-14 10:59 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-14 10:59 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-14 10:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-14 10:59 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-14 10:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-23 05:43 - 2009-11-26 10:10 - 00032768 _____ () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2009-11-26 17:50 - 2009-11-26 17:50 - 00274432 _____ () C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgRemote => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\raserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\XmppAuth => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2701720504-2077786656-4262629455-1006 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2701720504-2077786656-4262629455-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2701720504-2077786656-4262629455-1009 - Limited - Enabled)
braley (S-1-5-21-2701720504-2077786656-4262629455-1003 - Limited - Enabled) => C:\Users\braley
Bruce (S-1-5-21-2701720504-2077786656-4262629455-1001 - Administrator - Enabled) => C:\Users\Bruce
Guest (S-1-5-21-2701720504-2077786656-4262629455-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2701720504-2077786656-4262629455-1005 - Limited - Enabled)
Sean (S-1-5-21-2701720504-2077786656-4262629455-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 04:26:39 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8008) Asapi: (16:26:39:6300)(8008) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>200D87A54ADF90C2</RequestId><HostId>x7KKA5jzUbAmhoxRlxx5lD2Aywg2mymFJshSYER2yUnqJbfehwCH317oxeC/w0iSsbsmBWY7xOc=</HostId></Error>

Error: (01/27/2015 08:29:36 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6692) Asapi: (08:29:36:1520)(6692) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8A14547A2BCDB74C</RequestId><HostId>5kb6OcQUfRO8Yolglw2SiOQ/IGG1bZUV6msrCy+B9fkITYfBpsTsR48Ck3hPH7Je</HostId></Error>

Error: (01/25/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/25/2015 04:00:46 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6852) Asapi: (16:00:46:2120)(6852) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8FE08459BB4D06F0</RequestId><HostId>lkZa6aNEIigJ7ZrKyqm5qxZcNmcFrAm3P3hf/6QuNWkCvIF45nk59RPEQxC/u/od</HostId></Error>

Error: (01/25/2015 11:08:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8060) Asapi: (11:08:07:1720)(8060) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/25/2015 11:08:04 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8060) Asapi: (11:08:04:7540)(8060) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>0A6B63953DEB69A3</RequestId><HostId>vd7F9hPJzePvSgBC0gHy2vIwiXMjXixOayIL1pHfUBlFtNxWa2aPmSJlhe4elEnV</HostId></Error>

Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:21:18:1790)(1908) ManagedThread - Fatal -- 24 Uncaught unknown exception thrown from thread: PullThread (id: 6680)

Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:21:17:9920)(1908) ClientMessageHandler - Error -- 419 UpdatesProviderToEngineToUI -- before property change observer: 163432864 threw unknown exception

Error: (01/22/2015 04:00:29 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:00:29:5520)(1908) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/22/2015 04:00:20 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:00:20:5040)(1908) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>AF485BDFF6FCC59D</RequestId><HostId>w2RvEhu1wgKkwaAyUUpRdXDjatbdvZta0s6klBYTRkRRP5PExO1iE8EtkpVa54wq</HostId></Error>


System errors:
=============
Error: (01/28/2015 08:06:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/28/2015 08:05:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 08:05:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (01/28/2015 08:05:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 08:05:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/27/2015 10:53:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/27/2015 10:43:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/27/2015 10:33:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/27/2015 10:23:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/27/2015 10:13:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/27/2015 04:26:39 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8008) Asapi: (16:26:39:6300)(8008) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>200D87A54ADF90C2</RequestId><HostId>x7KKA5jzUbAmhoxRlxx5lD2Aywg2mymFJshSYER2yUnqJbfehwCH317oxeC/w0iSsbsmBWY7xOc=</HostId></Error>

Error: (01/27/2015 08:29:36 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6692) Asapi: (08:29:36:1520)(6692) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8A14547A2BCDB74C</RequestId><HostId>5kb6OcQUfRO8Yolglw2SiOQ/IGG1bZUV6msrCy+B9fkITYfBpsTsR48Ck3hPH7Je</HostId></Error>

Error: (01/25/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/25/2015 04:00:46 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6852) Asapi: (16:00:46:2120)(6852) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8FE08459BB4D06F0</RequestId><HostId>lkZa6aNEIigJ7ZrKyqm5qxZcNmcFrAm3P3hf/6QuNWkCvIF45nk59RPEQxC/u/od</HostId></Error>

Error: (01/25/2015 11:08:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8060) Asapi: (11:08:07:1720)(8060) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/25/2015 11:08:04 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8060) Asapi: (11:08:04:7540)(8060) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>0A6B63953DEB69A3</RequestId><HostId>vd7F9hPJzePvSgBC0gHy2vIwiXMjXixOayIL1pHfUBlFtNxWa2aPmSJlhe4elEnV</HostId></Error>

Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:21:18:1790)(1908) ManagedThread - Fatal -- 24 Uncaught unknown exception thrown from thread: PullThread (id: 6680)

Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:21:17:9920)(1908) ClientMessageHandler - Error -- 419 UpdatesProviderToEngineToUI -- before property change observer: 163432864 threw unknown exception

Error: (01/22/2015 04:00:29 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:00:29:5520)(1908) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (01/22/2015 04:00:20 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (1908) Asapi: (16:00:20:5040)(1908) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>AF485BDFF6FCC59D</RequestId><HostId>w2RvEhu1wgKkwaAyUUpRdXDjatbdvZta0s6klBYTRkRRP5PExO1iE8EtkpVa54wq</HostId></Error>


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3059.69 MB
Available physical RAM: 1320.98 MB
Total Pagefile: 6117.66 MB
Available Pagefile: 4150.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.46 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:673.37 GB) (Free:393.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Premiere Pro CS5 CIB) (CDROM) (Total:4.12 GB) (Free:0 GB) UDF
Drive q: (Lenovo_Recovery) (Fixed) (Total:24.09 GB) (Free:18.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B729D094)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

spypcsense
2015-01-29, 02:48
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:46:20 PM, on 1/28/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
C:\Program Files\Lenovo\Access Connections\ACTray.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AVG CloudCare] C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
O4 - HKLM\..\Run: [racontrol] "C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe" -controlservice -slave
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: Verizon Wireless Software Utility Application for Android – Samsung.lnk = Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
O4 - Global Startup: HD Writer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://10.0.0.26
O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} (HiDvrOcx Control) - http://10.0.0.26:85/HiDvrOcx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: AVG CloudCare - AvgApiWrapper (AvgApiWrapper) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG Remote (AvgRemote) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
O23 - Service: AVG CloudCare - AvgUpgrade (AvgUpgrade) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: AVG Remote IT Server (raserver) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: AVG CloudCare - XmppAuth (XmppAuth) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\XmppAuth.exe

--
End of file - 16771 bytes

Juliet
2015-01-29, 02:48
Please continue with the ESET.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png


Please click by the introduction screen on the Next button to continue.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png


Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


When the update has finished, click on the Next button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png


Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.


There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.

For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.


The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

Juliet
2015-01-29, 03:20
Please continue with the two scans as instructed then

These are valid entries, but are classified as 'not required'.

Typically, these entries are infrequently used tasks that can be started manually, if necessary.


Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

Now reboot the computer to set the registry.

spypcsense
2015-01-29, 07:50
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\Bruce\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Bruce\Downloads\winzip18-pp.exe a variant of Win32/InstallCore.TL potentially unwanted application

spypcsense
2015-01-29, 08:36
Malwarebytes anti rootkit came up clean
Fixed the entries in Hijackthis

Juliet
2015-01-29, 12:10
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


start
CloseProcesses:
C:\Users\Bruce\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe
C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe
C:\Users\Bruce\Downloads\winzip18-pp.exe
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


How long have you had Trend Micro\RUBotted\RUBottedGUI.exe on the machine?

Also I noticed you have AVG Internet security package. Have these 2 packages worked well together in the past?

After running the above script, please give me an update how the computer is now.

spypcsense
2015-01-29, 20:01
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Bruce at 2015-01-29 09:37:35 Run:3
Running from C:\Users\Bruce\Desktop
Loaded Profiles: Bruce (Available profiles: Bruce & braley & Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Bruce\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe
C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe
C:\Users\Bruce\Downloads\winzip18-pp.exe
EmptyTemp:

Have had RuBotted for a couple of years
Now using AVG cloud protection and there does not seem to be any conflict
The computer restarted quickly so that's a good sign. I'll run some stuff through it for a couple of hours and let you know.
Regards
End
*****************

Processes closed successfully.
C:\Users\Bruce\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe => Moved successfully.
C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe => Moved successfully.
C:\Users\Bruce\Downloads\winzip18-pp.exe => Moved successfully.
EmptyTemp: => Removed 395.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:38:15 ====

spypcsense
2015-01-29, 20:03
Oops - sorry about that - didn't mean to answer your questions in the middle of the log.:red:

Juliet
2015-01-29, 20:52
Oops - sorry about that - didn't mean to answer your questions in the middle of the log.:red:

The computer restarted quickly so that's a good sign. I'll run some stuff through it for a couple of hours and let you know


Good, let me know if anything causes problems.

spypcsense
2015-01-31, 01:39
Good, let me know if anything causes problems.

So far computer seems to be working fine.
Thanks
PS Check your inbox.

Juliet
2015-01-31, 04:11
Thank you :)

I think we can close this out now.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Purge system restore



Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.

http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Juliet
2015-02-03, 18:15
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.