Solved Windows Vista White Screen On Start Up

OTL Extras log file shown below.

OTL Extras logfile created on: 10/9/2013 9:41:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reg\Videos\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 59.83% Memory free
5.86 Gb Paging File | 4.45 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.29 Gb Total Space | 136.56 Gb Free Space | 62.84% Space Free | Partition Type: NTFS
Drive D: | 15.30 Gb Total Space | 2.20 Gb Free Space | 14.40% Space Free | Partition Type: NTFS

Computer Name: REG-HP | User Name: Reg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3216955013-3313353329-1657192595-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Internet Security Premium
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Lexmark 2200 Series" = Lexmark 2200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Browsersafeguard" = BrowserSafeguard
"Comodo Dragon" = Comodo Dragon
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"My HP Game Console" = HP Game Console
"RealPlayer 12.0" = RealPlayer
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087374" = Jewel Quest - Heritage
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3216955013-3313353329-1657192595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"JNLP" = JNLP
"Smart Fortress 2012" = Smart Fortress 2012

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2013 6:14:29 PM | Computer Name = Reg-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp:
0x4cd8eed3 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4cd8eed3
Exception
code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x450 Faulting application
start time: 0x01cebef34df07059 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Report Id: d681f131-2ae6-11e3-93f3-60eb691a42a3

Error - 10/5/2013 4:04:03 AM | Computer Name = Reg-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp:
0x4cd8eed3 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4cd8eed3
Exception
code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x118 Faulting application
start time: 0x01cec1a130bff2f2 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Report Id: b2d0c58a-2d94-11e3-ab12-60eb691a42a3

Error - 10/5/2013 4:22:37 AM | Computer Name = Reg-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/5/2013 4:39:35 AM | Computer Name = Reg-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp:
0x4cd8eed3 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4cd8eed3
Exception
code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x59c Faulting application
start time: 0x01cec1a625e12a99 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Report Id: a97b4507-2d99-11e3-8c36-60eb691a42a3

Error - 10/7/2013 4:36:32 PM | Computer Name = Reg-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp:
0x4cd8eed3 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4cd8eed3
Exception
code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x478 Faulting application
start time: 0x01cec39cb6d4abc3 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Report Id: 264aab34-2f90-11e3-a23d-60eb691a42a3

Error - 10/7/2013 5:07:33 PM | Computer Name = Reg-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/7/2013 5:51:25 PM | Computer Name = Reg-HP | Source = Application Error | ID = 1000
Description = Faulting application name: RogueKillerX64.exe, version: 8.7.1.0, time
stamp: 0x524d5ab5 Faulting module name: RogueKillerX64.exe, version: 8.7.1.0, time
stamp: 0x524d5ab5 Exception code: 0xc0000005 Fault offset: 0x000000000016d69e Faulting
process id: 0x1394 Faulting application start time: 0x01cec39dffde11bc Faulting application
path: C:\Users\Reg\Videos\Desktop\RogueKillerX64.exe Faulting module path: C:\Users\Reg\Videos\Desktop\RogueKillerX64.exe
Report
Id: 9c333c09-2f9a-11e3-a23d-60eb691a42a3

Error - 10/7/2013 5:53:23 PM | Computer Name = Reg-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service Google Update Service (gupdate) since QueryServiceConfig API failed System
Error: The system cannot find the file specified. .

Error - 10/7/2013 6:34:55 PM | Computer Name = Reg-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service Google Update Service (gupdate) since QueryServiceConfig API failed System
Error: The system cannot find the file specified. .

Error - 10/7/2013 7:39:29 PM | Computer Name = Reg-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 10/1/2013 4:40:32 PM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 30 TargetSite: Void SetWMISysInformation()

Error - 10/1/2013 5:09:39 PM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 30 TargetSite: Void SetWMISysInformation()

Error - 10/1/2013 5:10:39 PM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 30 TargetSite: Void SetWMISysInformation()

Error - 10/1/2013 6:15:30 PM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: TargetSite: Void SetWMISysInformation()

Error - 10/1/2013 6:16:30 PM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: TargetSite: Void SetWMISysInformation()

Error - 10/5/2013 4:07:46 AM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 30 TargetSite: Void SetWMISysInformation()

Error - 10/5/2013 4:08:46 AM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 30 TargetSite: Void SetWMISysInformation()

Error - 10/5/2013 4:40:43 AM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 30 TargetSite: Void SetWMISysInformation()

Error - 10/5/2013 4:41:43 AM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 40 TargetSite: Void SetWMISysInformation()

Error - 10/7/2013 4:39:00 PM | Computer Name = Reg-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3002 Ram
Utilization: 40 TargetSite: Void SetWMISysInformation()

[ HP Wireless Assistant Events ]
Error - 10/1/2013 5:13:42 PM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 10/1/2013 5:16:52 PM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description =

Error - 10/1/2013 6:19:36 PM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 10/1/2013 6:19:37 PM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 10/5/2013 4:09:15 AM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 10/5/2013 4:09:16 AM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 10/5/2013 4:44:43 AM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 10/5/2013 4:44:44 AM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 10/7/2013 4:42:10 PM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 10/7/2013 4:42:11 PM | Computer Name = Reg-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

[ Media Center Events ]
Error - 10/7/2013 11:17:48 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 04:17:47 - Error connecting to the internet. 04:17:48 - Unable
to contact server..

Error - 10/7/2013 11:17:57 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 04:17:53 - Error connecting to the internet. 04:17:53 - Unable
to contact server..

Error - 10/8/2013 12:18:03 AM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 05:18:03 - Error connecting to the internet. 05:18:03 - Unable
to contact server..

Error - 10/8/2013 12:18:09 AM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 05:18:08 - Error connecting to the internet. 05:18:08 - Unable
to contact server..

Error - 10/8/2013 2:16:40 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 19:16:39 - Error connecting to the internet. 19:16:40 - Unable
to contact server..

Error - 10/8/2013 2:16:49 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 19:16:45 - Error connecting to the internet. 19:16:45 - Unable
to contact server..

Error - 10/8/2013 3:16:54 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 20:16:54 - Error connecting to the internet. 20:16:54 - Unable
to contact server..

Error - 10/8/2013 3:17:00 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 20:16:59 - Error connecting to the internet. 20:16:59 - Unable
to contact server..

Error - 10/9/2013 2:06:14 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 19:06:14 - Error connecting to the internet. 19:06:14 - Unable
to contact server..

Error - 10/9/2013 2:06:25 PM | Computer Name = Reg-HP | Source = MCUpdate | ID = 0
Description = 19:06:20 - Error connecting to the internet. 19:06:20 - Unable
to contact server..

[ OSession Events ]
Error - 1/18/2011 2:24:48 PM | Computer Name = Reg-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/29/2011 5:47:49 AM | Computer Name = Reg-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 97
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/12/2011 7:51:36 AM | Computer Name = Reg-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 161
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/19/2011 10:48:45 AM | Computer Name = Reg-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/9/2013 4:30:00 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/9/2013 4:30:01 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7000
Description = The BFE service failed to start due to the following error: %%5

Error - 10/9/2013 4:30:03 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7001
Description = The IKE and AuthIP IPsec Keying Modules service depends on the BFE
service which failed to start because of the following error: %%5

Error - 10/9/2013 4:30:46 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 10/9/2013 4:30:46 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 10/9/2013 4:38:04 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/9/2013 4:38:04 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7000
Description = The BFE service failed to start due to the following error: %%5

Error - 10/9/2013 4:38:07 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7001
Description = The IKE and AuthIP IPsec Keying Modules service depends on the BFE
service which failed to start because of the following error: %%5

Error - 10/9/2013 4:39:01 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 10/9/2013 4:39:01 PM | Computer Name = Reg-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKU\S-1-5-21-3216955013-3313353329-1657192595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3216955013-3313353329-1657192595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49157;https=127.0.0.1:49157
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@ei.VideoScavenger_1e.com/Plugin: C:\Program Files (x86)\VideoScavenger_1eEI\Installr\1.bin\NP1eEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O3 - HKU\S-1-5-21-3216955013-3313353329-1657192595-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O33 - MountPoints2\{a9a96f2a-134a-11e0-8288-60eb691a42a3}\Shell - "" = AutoRun
O33 - MountPoints2\{a9a96f2a-134a-11e0-8288-60eb691a42a3}\Shell\AutoRun\command - "" = F:\KODAK_Software_Downloader.exe


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Log file shown below.

All processes killed
========== OTL ==========
HKU\S-1-5-21-3216955013-3313353329-1657192595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3216955013-3313353329-1657192595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.VideoScavenger_1e.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3216955013-3313353329-1657192595-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKAiO2StatusMonitor deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9a96f2a-134a-11e0-8288-60eb691a42a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9a96f2a-134a-11e0-8288-60eb691a42a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9a96f2a-134a-11e0-8288-60eb691a42a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9a96f2a-134a-11e0-8288-60eb691a42a3}\ not found.
File F:\KODAK_Software_Downloader.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{aceab5d6-b906-da34-1c5b-5229844f2684} folder moved successfully.
C:\FRST\Quarantine\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ folder moved successfully.
C:\FRST\Quarantine\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\❤≸⋙\Ⱒ☠⍨ folder moved successfully.
C:\FRST\Quarantine\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\❤≸⋙ folder moved successfully.
C:\FRST\Quarantine\Install\{aceab5d6-b906-da34-1c5b-5229844f2684} folder moved successfully.
Folder move failed. C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\ \...\‮ﯹ๛\{aceab5d6-b906-da34-1c5b-5229844f2684} scheduled to be moved on reboot.
Folder move failed. C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\ \...\‮ﯹ๛ scheduled to be moved on reboot.
Folder move failed. C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\ \... scheduled to be moved on reboot.
C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\ folder moved successfully.
Folder move failed. C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684} scheduled to be moved on reboot.
C:\FRST\Quarantine\Install\Install folder moved successfully.
C:\FRST\Quarantine\Install folder moved successfully.
C:\FRST\Quarantine\Browsersafeguard\Resources folder moved successfully.
C:\FRST\Quarantine\Browsersafeguard folder moved successfully.
C:\FRST\Quarantine\$aceab5d6b906da341c5b5229844f2684 folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 133231 bytes
->Temporary Internet Files folder emptied: 1638172 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 49215460 bytes
->Flash cache emptied: 1701 bytes

User: Public

User: Reg
->Temp folder emptied: 1661318743 bytes
->Temporary Internet Files folder emptied: 6308125488 bytes
->Java cache emptied: 536786 bytes
->Google Chrome cache emptied: 19834634 bytes
->Flash cache emptied: 258623 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1652967558 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3613407596 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 325351 bytes
RecycleBin emptied: 17382076 bytes

Total Files Cleaned = 12,708.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: Reg
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Reg
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10092013_225643

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\ \...\‮ﯹ๛\{aceab5d6-b906-da34-1c5b-5229844f2684} not found!
File\Folder C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\ \...\‮ﯹ๛ not found!
File\Folder C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684}\ \... not found!
File\Folder C:\FRST\Quarantine\Install\Install\{aceab5d6-b906-da34-1c5b-5229844f2684} not found!
File\Folder C:\FRST\Quarantine not found!
C:\Users\Reg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Reg\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Security Check log file shown below.

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 29.0.1547.66
Google Chrome 29.0.1547.76
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Farbar Service Scanner log file shown below.


Farbar Service Scanner Version: 13-09-2013
Ran by Reg (administrator) on 10-10-2013 at 06:21:34
Running from "C:\Users\Reg\Videos\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Eset online scanner is still running after 10hrs! I think it may of crashed, but the clock is still running so I'm leaving it for the moment. 922 infected files found which is slightly concerning.


Untitled10.jpg
 
16hr 32min so far, hasn't progressed in 6hrs still on the same file and same percentage. That's just the 6hrs I've been home keeping an eye on it, although it may have stopped long before that.
 
Well, we have no option but to re-run it.
This time try to run it from different browser.
 
Stopped the scan and got the 95% results as shown below, shall I still continue with a new scan or is there something else worth doing upon viewing the below results?
 

Attachments

  • Eset Scan.txt
    100.7 KB · Views: 5
You don't have to re-run it.
All files detected by Eset were already quarantined by Comodo or by FRST.
None of them are active.

But to double check let's run this one. It should be much faster.

Please run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Click on Run now button.
    NOTE. If you're using non-IE browser you'll be asked to download small file (F-SecureOnlineScanner.exe). After downloading double click on the file to run the scan.
  • Click on Start button.
  • Click on "Accept" button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
We posted at the same time but you changed Eset settings. Why?
Those files should be removed by Eset.

Empty Comodo quarantine folder.
Don't worry about others. They'll be removed with our last step.
 
I'm not sure what you mean by I changed the Eset settings. as far as I was aware I followed your instructions but as Eset didn't complete the scan I ended it early. Upon ending it early it gave me a log file which I posted it then gave me the option to tick a box to delete the quarantined files which I ignored and closed the application (having not read your latest post)

I'm now running the F-Secure online scanner, I see what your saying that the infections are not active but held in quarantine by various programs which doesn't seem to be a problem. I will post the results when the scan is complete.
 
OK...

redtarget.gif
Make sure you empty Comodo quarantine folder.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader and install one of two free alternatives:

- Foxit PDF Reader from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

redtarget.gif
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

Now, FSS shows several registry issues.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif



Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif



Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif


Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Post new FSS log as well.
 
Windows repair log

Starting Repairs...
Start (11/10/2013 00:39:27)

01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (11/10/2013 00:39:27)
Running Repair Under Current User Account
Done (11/10/2013 00:39:39)

01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (11/10/2013 00:39:39)
Running Repair Under System Account
Done (11/10/2013 00:42:44)

01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (11/10/2013 00:42:44)
Running Repair Under System Account
Done (11/10/2013 00:44:41)

03 - Register System Files
Start (11/10/2013 00:44:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:46:05)

04 - Repair WMI
Start (11/10/2013 00:46:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:51:32)

05 - Repair Windows Firewall
Start (11/10/2013 00:51:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:52:14)

06 - Repair Internet Explorer
Start (11/10/2013 00:52:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:55:12)

07 - Repair MDAC/MS Jet
Start (11/10/2013 00:55:12)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:56:20)

08 - Repair Hosts File
Start (11/10/2013 00:56:20)
Running Repair Under System Account
Done (11/10/2013 00:56:22)

09 - Remove Policies Set By Infections
Start (11/10/2013 00:56:22)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:56:27)

11 - Repair Icons
Start (11/10/2013 00:56:27)
Running Repair Under System Account
Done (11/10/2013 00:56:29)

12 - Repair Winsock & DNS Cache
Start (11/10/2013 00:56:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:56:51)

14 - Repair Proxy Settings
Start (11/10/2013 00:56:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:56:56)

16 - Repair Windows Updates
Start (11/10/2013 00:56:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:59:20)

17 - Repair CD/DVD Missing/Not Working
Start (11/10/2013 00:59:20)
Done (11/10/2013 00:59:20)

18 - Repair Volume Shadow Copy Service
Start (11/10/2013 00:59:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:59:38)

20 - Repair MSI (Windows Installer)
Start (11/10/2013 00:59:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:59:51)

22.01 - Repair bat Association
Start (11/10/2013 00:59:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 00:59:56)

22.02 - Repair cmd Association
Start (11/10/2013 00:59:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:01)

22.03 - Repair com Association
Start (11/10/2013 01:00:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:06)

22.04 - Repair Directory Association
Start (11/10/2013 01:00:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:10)

22.05 - Repair Drive Association
Start (11/10/2013 01:00:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:15)

22.06 - Repair exe Association
Start (11/10/2013 01:00:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:20)

22.07 - Repair Folder Association
Start (11/10/2013 01:00:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:24)

22.08 - Repair inf Association
Start (11/10/2013 01:00:24)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:29)

22.09 - Repair lnk (Shortcuts) Association
Start (11/10/2013 01:00:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:34)

22.10 - Repair msc Association
Start (11/10/2013 01:00:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:41)

22.11 - Repair reg Association
Start (11/10/2013 01:00:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:46)

22.12 - Repair scr Association
Start (11/10/2013 01:00:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:50)

23 - Repair Windows Safe Mode
Start (11/10/2013 01:00:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:00:55)

24 - Repair Print Spooler
Start (11/10/2013 01:00:55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:01:37)

25 - Restore Important Windows Services
Start (11/10/2013 01:01:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:02:04)

26 - Set Windows Services To Default Startup
Start (11/10/2013 01:02:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/10/2013 01:03:34)

Cleaning up empty logs...

All Selected Repairs Done.
Done (11/10/2013 01:03:34)
Total Repair Time: 00:24:07


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account

FSS Log file


Farbar Service Scanner Version: 13-09-2013
Ran by Reg (administrator) on 11-10-2013 at 01:12:54
Running from "C:\Users\Reg\Videos\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
That looks much better but it looks like there is a problem with Windows firewall.
Please let me know if you can turn it on.
 
I've installed Comodo firewall alongside Comodo Internet Security Premium which was already previously installed. I was under the impression that Comodo Internet Security Premium already had a firewall built in, but I downloaded and installed the firewall separately from the Comodo website anyway.

There seems to be no diffenence in the GUI of of Comodo Internet Security Premium since installing the additional firewall, but you may or may not advise me to set it up differently to the default settings.
 
Back