My son has contracted the Trovi Chrome browser hijack
I ran malwarebytes, then booted up Internet Explorer and all was fine. Uninstalled Chrome, reinstalled, and the Trovi reappeared
Hear is an aswMBR log
aswMBR Log
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-30 19:20:29
-----------------------------
19:20:29.746 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:29.746 Number of processors: 2 586 0x602
19:20:29.746 ComputerName: JOHN-PC UserName: John
19:20:31.306 Initialize success
19:20:31.447 VM: initialized successfully
19:20:31.447 VM: Amd CPU BiosDisabled
19:25:19.234 AVAST engine defs: 14123001
19:25:34.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
19:25:34.226 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
19:25:34.335 Disk 0 MBR read successfully
19:25:34.351 Disk 0 MBR scan
19:25:34.429 Disk 0 unknown MBR code
19:25:34.444 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:25:34.444 Disk 0 default boot code
19:25:34.507 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464857 MB offset 206848
19:25:34.616 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11981 MB offset 952233984
19:25:34.725 Disk 0 scanning C:\Windows\system32\drivers
19:25:52.400 Service scanning
19:26:27.032 Modules scanning
19:26:27.048 Disk 0 trace - called modules:
19:26:27.079 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:26:27.079 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035ab060]
19:26:27.094 3 CLASSPNP.SYS[fffff8800193043f] -> nt!IofCallDriver -> [0xfffffa8002474c60]
19:26:27.094 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8002e93450]
19:26:29.247 AVAST engine scan C:\Windows
19:26:35.144 AVAST engine scan C:\Windows\system32
19:31:37.131 AVAST engine scan C:\Windows\system32\drivers
19:31:59.080 AVAST engine scan C:\Users\John
19:36:02.222 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
19:36:02.300 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-30 19:20:29
-----------------------------
19:20:29.746 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:29.746 Number of processors: 2 586 0x602
19:20:29.746 ComputerName: JOHN-PC UserName: John
19:20:31.306 Initialize success
19:20:31.447 VM: initialized successfully
19:20:31.447 VM: Amd CPU BiosDisabled
19:25:19.234 AVAST engine defs: 14123001
19:25:34.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
19:25:34.226 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
19:25:34.335 Disk 0 MBR read successfully
19:25:34.351 Disk 0 MBR scan
19:25:34.429 Disk 0 unknown MBR code
19:25:34.444 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:25:34.444 Disk 0 default boot code
19:25:34.507 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464857 MB offset 206848
19:25:34.616 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11981 MB offset 952233984
19:25:34.725 Disk 0 scanning C:\Windows\system32\drivers
19:25:52.400 Service scanning
19:26:27.032 Modules scanning
19:26:27.048 Disk 0 trace - called modules:
19:26:27.079 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:26:27.079 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035ab060]
19:26:27.094 3 CLASSPNP.SYS[fffff8800193043f] -> nt!IofCallDriver -> [0xfffffa8002474c60]
19:26:27.094 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8002e93450]
19:26:29.247 AVAST engine scan C:\Windows
19:26:35.144 AVAST engine scan C:\Windows\system32
19:31:37.131 AVAST engine scan C:\Windows\system32\drivers
19:31:59.080 AVAST engine scan C:\Users\John
19:36:02.222 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
19:36:02.300 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
19:38:07.516 File: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO76R89N\WebCakesetup[1].exe **INFECTED** Win32:Webcake-A [Adw]
19:46:49.961 AVAST engine scan C:\ProgramData
19:51:45.832 Disk 0 statistics 4252893/0/0 @ 2.53 MB/s
19:51:45.832 Scan finished successfully
19:54:40.942 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
19:54:41.004 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
FRST Scan
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by John (administrator) on JOHN-PC on 30-12-2014 20:00:19
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GW Port Controller] => C:\Program Files (x86)\Samsung\SmarThru\PORTCTRL.EXE [163840 2004-12-15] (Samsung Electronics Co., Ltd., Samsung Software Center.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\...\MountPoints2: {64c5dfcb-5c64-11e1-8caa-806e6f6e6963} - E:\autorun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKU\S-1-5-21-2219148673-3672275092-2702570280-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
SearchScopes: HKLM -> DefaultScope {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A868644-478D-4F42-A436-6096690BD064} URL = http://www.ask.com/w...}&l=dis&o=cacqd
SearchScopes: HKLM -> {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6A868644-478D-4F42-A436-6096690BD064} URL = http://www.ask.com/w...}&l=dis&o=cacqd
SearchScopes: HKLM-x32 -> {D9FC61FA-EF3B-408E-B1D4-D30024AA7119} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> DefaultScope {763C883E-6808-4A75-9F7A-F9A4B3E97DE8} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> {6A868644-478D-4F42-A436-6096690BD064} URL = http://www.ask.com/w...}&l=dis&o=cacqd
SearchScopes: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> {763C883E-6808-4A75-9F7A-F9A4B3E97DE8} URL = https://www.google.c...?q={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D5C2BD2E-7662-4A38-B7BA-8EC71A7F9C13}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\John\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2219148673-3672275092-2702570280-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
Chrome:
=======
CHR HomePage: Default -> https://www.google.c...E4&ved=0CBEQ1S4
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=M5A71FE5C-C56D-4BA1-A6F4-33816C42CE27&SearchSource=55&CUI=&UM=8&UP=SPC66EC657-6CCE-4E27-8B6F-4AB85604C8E8&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-21]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-21]
CHR Extension: (Skype Click to Call) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-03]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-11-07] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-11-07] (Razer USA Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
U3 aswMBR; \??\C:\Users\John\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\John\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-30 20:00 - 2014-12-30 20:00 - 00015888 _____ () C:\Users\John\Desktop\FRST.txt
2014-12-30 19:59 - 2014-12-30 20:00 - 00000000 ____D () C:\FRST
2014-12-30 19:58 - 2014-12-30 19:58 - 02123264 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-12-30 19:36 - 2014-12-30 19:54 - 00004531 _____ () C:\Users\John\Desktop\aswMBR.txt
2014-12-30 19:36 - 2014-12-30 19:54 - 00000512 _____ () C:\Users\John\Desktop\MBR.dat
2014-12-30 19:19 - 2014-12-30 19:20 - 05198336 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
2014-12-30 18:53 - 2014-12-30 18:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 18:47 - 2014-12-30 19:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 18:47 - 2014-12-30 19:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-30 18:47 - 2014-12-30 19:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 18:17 - 2014-12-30 19:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 18:17 - 2014-12-30 18:17 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 18:17 - 2014-12-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 18:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 18:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 18:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 18:16 - 2014-12-30 18:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-30 05:56 - 2014-12-30 18:11 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-30 05:54 - 2014-12-30 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-30 05:10 - 2014-12-30 05:28 - 00000000 ____D () C:\AdwCleaner
2014-12-30 04:11 - 2014-12-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 04:11 - 2014-12-30 04:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 04:02 - 2014-12-30 04:02 - 00000064 _____ () C:\Users\John\AppData\Local\7283b87a54b9adad3d2a77c693a7f87b
2014-12-30 04:00 - 2014-12-30 04:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-30 03:58 - 2014-12-30 03:58 - 00000000 ____D () C:\Users\John\AppData\Local\Pro_PC_Cleaner
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-30 19:25 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 19:25 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 19:18 - 2009-07-14 00:13 - 00794836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 19:16 - 2012-02-21 00:22 - 01985379 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 19:15 - 2012-02-23 01:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 19:14 - 2012-02-21 02:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 19:13 - 2013-06-18 22:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 19:13 - 2009-08-21 15:53 - 00441934 _____ () C:\Windows\PFRO.log
2014-12-30 19:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 19:13 - 2009-07-13 23:51 - 00334493 _____ () C:\Windows\setupact.log
2014-12-30 19:13 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-30 18:52 - 2012-02-21 00:41 - 00000000 ____D () C:\Users\John\AppData\Local\Deployment
2014-12-30 18:49 - 2012-02-21 00:41 - 00000000 ____D () C:\Users\John\AppData\Local\Google
2014-12-30 18:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-12-30 18:12 - 2012-02-21 00:23 - 00000000 ____D () C:\Users\John
2014-12-30 18:11 - 2013-09-01 15:05 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-12-30 18:11 - 2012-04-24 23:36 - 00000000 ____D () C:\Program Files (x86)\Gw2
2014-12-30 18:11 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-30 18:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-30 04:05 - 2013-07-23 05:19 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-12-25 00:05 - 2013-12-18 15:05 - 00000171 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-12-21 23:49 - 2012-02-23 06:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-10 04:26 - 2012-04-13 22:48 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2014-12-10 04:26 - 2012-04-13 22:48 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-12-05 17:07 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Files to move or delete:
====================
C:\Users\John\jagex_cl_runescape_LIVE.dat
C:\Users\John\jagex_cl_runescape_LIVE1.dat
C:\Users\John\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\John\random.dat
Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\binkw32.dll
C:\Users\John\AppData\Local\Temp\d2l_Install.exe
C:\Users\John\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\John\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\John\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\nvStInst.exe
C:\Users\John\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\John\AppData\Local\Temp\ose00000.exe
C:\Users\John\AppData\Local\Temp\pyl1B32.tmp.exe
C:\Users\John\AppData\Local\Temp\pylB2E5.tmp.exe
C:\Users\John\AppData\Local\Temp\pylB55.tmp.exe
C:\Users\John\AppData\Local\Temp\pylCEE2.tmp.exe
C:\Users\John\AppData\Local\Temp\pylF3D0.tmp.exe
C:\Users\John\AppData\Local\Temp\Setup-D2502DD2B71B5-05C0.exe
C:\Users\John\AppData\Local\Temp\Shockwave_Installer_Slim.exe
C:\Users\John\AppData\Local\Temp\Sqlite3.dll
C:\Users\John\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\John\AppData\Local\Temp\xmlUpdater.exe
C:\Users\John\AppData\Local\Temp\_isD91F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 00:45
==================== End Of Log ============================
ADDITION scan
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by John at 2014-12-30 20:01:12
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version: - Ubisoft)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
CamStudio Lossless Codec (HKLM\...\camcodec) (Version: - )
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Crysis (HKLM-x32\...\Steam App 17300) (Version: - Crytek)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D2SE V2.2.0PK (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
DAoC Portal (HKLM-x32\...\{951D4810-1C32-47D1-A5BD-7A1BFB526D94}) (Version: 2.1.0 - DAoC Portal)
Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version: - Electronic Arts)
DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.7.2 - DealPly Technologies Ltd.) <==== ATTENTION
Dear Esther (HKLM-x32\...\Steam App 203810) (Version: - )
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.1 - Dolphin Development Team)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry)
Genesis version Genesis Launcher 1.006 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.006 - Pawel D. alias Laplume for Genesis.)
Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.)
Grappling Hook 1.07 (HKLM-x32\...\{D411BA90-6057-416B-974B-14DB5F88EAA6}_is1) (Version: - Christian Teister)
Guild Wars (HKLM-x32\...\Guild Wars) (Version: - )
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Legendary (HKLM-x32\...\Steam App 16730) (Version: - Gamecock)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Monday Night Combat (HKLM-x32\...\Steam App 63200) (Version: - )
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.0 - )
NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - )
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 10.00 - )
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.4-1.0.7299.14 - raidcall.com)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.7.15 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Samsung SCX-4x16 Series - TWAIN (HKLM-x32\...\{4518D543-6A80-4856-AFA7-10836B42113A}) (Version: - )
Samsung SCX-4x16 Series (HKLM-x32\...\Samsung SCX-4x16 Series) (Version: - )
Samsung SCX-4x16 Series (TWAIN) (HKLM-x32\...\{0D2EDE81-878F-400D-A5C3-3EC445F47750}) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmarThru (HKLM-x32\...\{1CE06390-46D0-11D6-8578-006008CA5356}) (Version: - )
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2219148673-3672275092-2702570280-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
06-12-2014 17:26:20 Windows Update
09-12-2014 18:04:45 Windows Update
13-12-2014 17:36:59 Windows Update
17-12-2014 18:01:05 Windows Update
21-12-2014 16:42:16 Windows Update
25-12-2014 09:53:26 Windows Update
29-12-2014 20:32:11 Windows Update
30-12-2014 03:59:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
30-12-2014 04:56:32 Removed Activate Norton Online Backup
30-12-2014 05:05:17 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
30-12-2014 06:04:26 Checkpoint by HitmanPro
30-12-2014 06:07:22 Checkpoint by HitmanPro
30-12-2014 18:08:22 Restore Operation
30-12-2014 18:25:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A073B24-10AB-44CE-B286-E61521017231} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {3A7B8998-8AF8-4E0F-B54B-1201F382FB99} - System32\Tasks\{27D265FD-A249-4029-8A26-07FF277D8125} => pcalua.exe -a "C:\Program Files (x86)\SAMSUNG\SmarThru\list32.exe" -d C:\PROGRA~2\Samsung\SmarThru
Task: {3B89A8FC-1014-442D-84C4-1C6CD37B1C32} - System32\Tasks\{F5005AA5-06E8-4DE4-B57D-DC3FE14439F6} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {58E5A4A6-4A56-4679-B1C6-78E5A349102E} - System32\Tasks\{4671340F-F734-4465-B468-555FD91F2532} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {75549EAE-3B09-4B96-B18B-B5E569A16738} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {BB4F321B-4D01-44AC-8057-08312E363FA3} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {CEC36D68-B698-491A-8E71-57BC38C75682} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2219148673-3672275092-2702570280-1000
Task: {D3E082D2-5548-4AF1-B87E-92DB436165FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30] (Adobe Systems Incorporated)
Task: {FB0BD0F8-23A3-4D34-A18B-6ABA0268961F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
==================== Loaded Modules (whitelisted) =============
2013-06-18 22:37 - 2013-05-12 15:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-26 12:49 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-18 16:04 - 2011-07-18 16:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2009-05-26 03:36 - 2009-05-26 03:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2219148673-3672275092-2702570280-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2219148673-3672275092-2702570280-1006 - Limited - Enabled)
Guest (S-1-5-21-2219148673-3672275092-2702570280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2219148673-3672275092-2702570280-1007 - Limited - Enabled)
John (S-1-5-21-2219148673-3672275092-2702570280-1000 - Administrator - Enabled) => C:\Users\John
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002E3EB00.72). hr = 0x80070005, Access is denied.
.
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000960,(null),0,REG_BINARY,0000000004DEE440.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {1c16117a-1fc0-4719-b0b3-6ee1888768b4}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002dc,(null),0,REG_BINARY,0000000002C1E5A0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {812e3862-5936-481c-a94c-38ab1f5baa9b}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000960,(null),0,REG_BINARY,0000000004DEE440.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {1c16117a-1fc0-4719-b0b3-6ee1888768b4}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a6c,(null),0,REG_BINARY,0000000000CAE0D0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {97b39f61-f308-4d08-a552-9c2174cf563c}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002dc,(null),0,REG_BINARY,0000000002C1E5A0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {812e3862-5936-481c-a94c-38ab1f5baa9b}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a6c,(null),0,REG_BINARY,0000000000CAE0D0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {97b39f61-f308-4d08-a552-9c2174cf563c}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000204,(null),0,REG_BINARY,0000000002DBEF00.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {b0ed2b63-6e15-4b2b-8c29-1f82e6ba9ba8}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001a4,(null),0,REG_BINARY,0000000001F2EB20.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {0118fd34-8e5d-4d2b-9285-5e42eed96e78}
Error: (12/30/2014 06:08:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d4,(null),0,REG_BINARY,0000000002F6EE50.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {1cf97c67-1e68-4120-bb7a-37fd9485bac7}
System errors:
=============
Error: (12/30/2014 07:13:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (12/30/2014 07:13:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20
Error: (12/30/2014 06:38:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (12/30/2014 06:38:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20
Error: (12/30/2014 06:14:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DealPly Live Service (dealplylive) service failed to start due to the following error:
%%1053
Error: (12/30/2014 06:14:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DealPly Live Service (dealplylive) service to connect.
Error: (12/30/2014 06:12:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (12/30/2014 06:12:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20
Error: (12/30/2014 06:12:54 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: %24
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: %600
Error: (12/30/2014 06:06:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Athlon II X2 215 Processor
Percentage of memory in use: 53%
Total physical RAM: 3070.49 MB
Available physical RAM: 1431.52 MB
Total Pagefile: 6139.17 MB
Available Pagefile: 4146.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:453.96 GB) (Free:143.4 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.7 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================