OK here's the first log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by MSI (administrator) on MSI-PC on 19-02-2014 12:45:08
Running from C:\Users\MSI\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Spotify Ltd) C:\Users\MSI\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\Run: [Spotify Web Helper] - C:\Users\MSI\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-21] (Spotify Ltd)
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\MountPoints2: {882128ff-5e4a-11e3-bf73-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\MountPoints2: {eba0547b-76a1-11e3-8c86-806e6f6e6963} - D:\Installer.exe
GroupPolicyUsers\S-1-5-21-3387219566-1224868445-3889475731-1004\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dl l ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Extension: (Google Docs) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-05]
CHR Extension: (Google Drive) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-05]
CHR Extension: (YouTube) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-05]
CHR Extension: (Google Wallet) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Gmail) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-05]
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-19 12:45 - 2014-02-19 12:45 - 00006444 _____ () C:\Users\MSI\Downloads\FRST.txt
2014-02-19 12:45 - 2014-02-19 12:45 - 00000000 ____D () C:\FRST
2014-02-19 12:44 - 2014-02-19 12:44 - 02153472 _____ (Farbar) C:\Users\MSI\Downloads\FRST64.exe
2014-02-16 18:49 - 2014-02-16 18:49 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-16 14:58 - 2014-02-16 14:58 - 13079688 _____ (Microsoft Corporation) C:\Users\MSI\Downloads\Silverlight_x64.exe
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Local\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\ProgramData\MathematicaPlayer
2014-02-11 22:54 - 2014-02-11 22:54 - 00001290 _____ () C:\Users\MSI\Desktop\Wolfram CDF Player 9.lnk
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\ProgramData\Mathematica
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-02-11 22:50 - 2014-02-11 22:54 - 00000000 ____D () C:\Program Files\Extras
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files (x86)\Wolfram Research
2014-02-11 22:49 - 2013-02-07 19:39 - 00369968 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i3.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00360752 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcpip32.mlp
2014-02-11 22:49 - 2013-02-07 19:39 - 00258864 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i2.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00252720 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i1.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00173360 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmodule32.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00095536 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcp32.mlp
2014-02-11 22:49 - 2013-02-07 19:39 - 00088368 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlshm32.mlp
2014-02-11 22:49 - 2013-02-07 19:39 - 00078128 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmap32.mlp
2014-02-11 22:46 - 2014-02-11 22:48 - 201814584 _____ (Wolfram Research, Inc. ) C:\Users\MSI\Downloads\CDFPlayer_9.0.1_WIN.exe
2014-02-08 21:58 - 2014-02-08 21:58 - 00000000 ____D () C:\Users\Ezmeralda\AppData\Local\Blizzard Entertainment
2014-02-08 21:54 - 2014-02-08 21:57 - 00000000 ____D () C:\Users\Ezmeralda\Documents\StarCraft II
2014-02-04 23:22 - 2014-02-04 23:22 - 00000000 ____D () C:\Users\MSI\AppData\Local\Blizzard Entertainment
2014-02-04 19:51 - 2014-02-04 19:51 - 00000134 ____R () C:\Users\MSI\Desktop\Valid.Ext
2014-02-04 19:41 - 2014-02-04 19:51 - 00000000 ____D () C:\Super Nintendo
2014-02-04 19:41 - 2014-02-02 12:55 - 01781760 _____ (Gary Henderson) C:\Users\MSI\Desktop\Super Nintendo.exe
2014-02-03 22:37 - 2014-02-03 22:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
==================== One Month Modified Files and Folders =======
2014-02-19 12:45 - 2014-02-19 12:45 - 00006444 _____ () C:\Users\MSI\Downloads\FRST.txt
2014-02-19 12:45 - 2014-02-19 12:45 - 00000000 ____D () C:\FRST
2014-02-19 12:44 - 2014-02-19 12:44 - 02153472 _____ (Farbar) C:\Users\MSI\Downloads\FRST64.exe
2014-02-19 12:44 - 2013-12-05 23:49 - 00316640 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 12:41 - 2013-12-11 21:05 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 12:41 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 12:41 - 2009-07-13 20:51 - 00036755 _____ () C:\Windows\setupact.log
2014-02-18 23:34 - 2013-12-05 00:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 23:21 - 2013-12-11 21:05 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-18 22:56 - 2014-01-05 23:18 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-02-18 18:45 - 2009-07-13 20:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 18:45 - 2009-07-13 20:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 18:42 - 2009-07-13 21:13 - 00006166 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 21:16 - 2013-12-11 21:05 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 21:16 - 2013-12-11 21:05 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 18:49 - 2014-02-16 18:49 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-16 14:58 - 2014-02-16 14:58 - 13079688 _____ (Microsoft Corporation) C:\Users\MSI\Downloads\Silverlight_x64.exe
2014-02-12 19:34 - 2009-07-13 20:45 - 00344664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-12 00:22 - 2014-01-13 21:17 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\Spotify
2014-02-11 23:22 - 2014-01-13 21:17 - 00000000 ____D () C:\Users\MSI\AppData\Local\Spotify
2014-02-11 23:01 - 2013-12-09 01:11 - 00076504 _____ () C:\Users\MSI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Local\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\ProgramData\MathematicaPlayer
2014-02-11 22:54 - 2014-02-11 22:54 - 00001290 _____ () C:\Users\MSI\Desktop\Wolfram CDF Player 9.lnk
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\ProgramData\Mathematica
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-02-11 22:54 - 2014-02-11 22:50 - 00000000 ____D () C:\Program Files\Extras
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files (x86)\Wolfram Research
2014-02-11 22:48 - 2014-02-11 22:46 - 201814584 _____ (Wolfram Research, Inc. ) C:\Users\MSI\Downloads\CDFPlayer_9.0.1_WIN.exe
2014-02-09 22:16 - 2013-12-13 21:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-08 22:01 - 2014-01-05 23:18 - 00000000 ____D () C:\Users\MSI\Documents\StarCraft II
2014-02-08 21:58 - 2014-02-08 21:58 - 00000000 ____D () C:\Users\Ezmeralda\AppData\Local\Blizzard Entertainment
2014-02-08 21:57 - 2014-02-08 21:54 - 00000000 ____D () C:\Users\Ezmeralda\Documents\StarCraft II
2014-02-05 00:34 - 2013-12-05 00:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 00:34 - 2013-12-05 00:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 00:34 - 2013-12-05 00:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 23:22 - 2014-02-04 23:22 - 00000000 ____D () C:\Users\MSI\AppData\Local\Blizzard Entertainment
2014-02-04 20:19 - 2013-12-11 21:06 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000134 ____R () C:\Users\MSI\Desktop\Valid.Ext
2014-02-04 19:51 - 2014-02-04 19:41 - 00000000 ____D () C:\Super Nintendo
2014-02-03 22:37 - 2014-02-03 22:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-03 22:35 - 2013-12-09 01:04 - 00000000 ____D () C:\ProgramData\Apple
2014-02-02 12:55 - 2014-02-04 19:41 - 01781760 _____ (Gary Henderson) C:\Users\MSI\Desktop\Super Nintendo.exe
2014-01-23 11:48 - 2013-12-15 00:55 - 00000000 ____D () C:\Users\Linda
2014-01-23 11:48 - 2013-12-15 00:39 - 00000000 ____D () C:\Users\Guest
2014-01-23 11:48 - 2013-12-11 20:52 - 00000000 ____D () C:\Users\Ezmeralda
2014-01-23 11:48 - 2013-12-04 23:53 - 00000000 ____D () C:\Users\MSI
2014-01-23 11:47 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_a aa_aih[1].exe
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_a aa_aih[1]_1.exe
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_a aa_aih[1]_2.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 22:21
==================== End Of Log ============================
And here is the addition.txt log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by MSI at 2014-02-19 12:45:37
Running from C:\Users\MSI\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKCU Version: 3.3.2.30380 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
Half-Life 2: Deathmatch (x32 Version: - Valve)
Hawken (HKCU Version: - Meteor Entertainment)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
LibreOffice 4.1.0.4 (x32 Version: 4.1.0.4 - The Document Foundation)
Mathematica Extras 9.0 (4092550) (Version: 9.0.1 - Wolfram Research, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PlanetSide 2 (HKCU Version: 1.0.3.183 - Sony Online Entertainment)
Sound Blaster X-Fi MB 2 (x32 Version: 1.04.00 - Creative Technology Limited)
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
StarCraft II (x32 Version: - Blizzard Entertainment)
Steam (x32 Version: - Valve Corporation)
THX TruStudio Pro (x32 Version: 1.04.00 - Creative Technology Limited)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (x32 Version: 9.0.1 - Wolfram Research, Inc.)
==================== Restore Points =========================
21-12-2013 09:07:53 Windows Update
29-12-2013 19:37:38 Scheduled Checkpoint
06-01-2014 07:10:42 Restore Operation
22-01-2014 06:37:26 Scheduled Checkpoint
30-01-2014 03:12:31 Scheduled Checkpoint
01-02-2014 22:55:23 Windows Update
09-02-2014 06:28:20 Scheduled Checkpoint
16-02-2014 07:03:46 Scheduled Checkpoint
==================== Hosts content: ==========================
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {237167B8-0564-4CB5-8B5E-090A0240CD90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {5D2B84A8-521F-4D46-8391-B1149EC704F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
Task: {DC1313E0-2C33-4E66-B607-68DC0C295533} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EC5D92ED-8B75-4FEB-87A3-3A677CAA55F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-05 00:21 - 2011-07-21 20:04 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-12-05 00:21 - 2011-07-21 20:02 - 00207872 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-04 20:19 - 2014-02-01 15:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 20:19 - 2014-02-01 15:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 20:19 - 2014-02-01 15:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 20:19 - 2014-02-01 15:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 20:19 - 2014-02-01 15:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/19/2014 00:43:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/18/2014 06:39:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/17/2014 09:12:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 01:05:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (02/17/2014 00:35:14 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (02/16/2014 11:45:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
System errors:
=============
Error: (02/09/2014 10:16:07 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053
Error: (02/09/2014 10:16:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (02/09/2014 01:38:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
Error: (02/06/2014 11:47:23 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:55:25 PM on 2/5/2014 was unexpected.
Error: (02/04/2014 07:39:59 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/04/2014 07:39:59 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/04/2014 07:39:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/04/2014 07:39:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/01/2014 02:24:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/01/2014 02:24:17 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Microsoft Office Sessions:
=========================
Error: (02/19/2014 00:43:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (02/18/2014 06:39:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (02/17/2014 09:12:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 01:05:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.co...rootstl.cabThe data is invalid.
Error: (02/17/2014 00:35:14 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.co...rootstl.cabThe data is invalid.
Error: (02/16/2014 11:45:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 4095.24 MB
Available physical RAM: 2939.48 MB
Total Pagefile: 8188.68 MB
Available Pagefile: 6794.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:158.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 5FE34B69)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by MSI (administrator) on MSI-PC on 19-02-2014 12:45:08
Running from C:\Users\MSI\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Spotify Ltd) C:\Users\MSI\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\Run: [Spotify Web Helper] - C:\Users\MSI\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-21] (Spotify Ltd)
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\MountPoints2: {882128ff-5e4a-11e3-bf73-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-21-3387219566-1224868445-3889475731-1000\...\MountPoints2: {eba0547b-76a1-11e3-8c86-806e6f6e6963} - D:\Installer.exe
GroupPolicyUsers\S-1-5-21-3387219566-1224868445-3889475731-1004\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dl l ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Extension: (Google Docs) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-05]
CHR Extension: (Google Drive) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-05]
CHR Extension: (YouTube) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-05]
CHR Extension: (Google Wallet) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Gmail) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-05]
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-19 12:45 - 2014-02-19 12:45 - 00006444 _____ () C:\Users\MSI\Downloads\FRST.txt
2014-02-19 12:45 - 2014-02-19 12:45 - 00000000 ____D () C:\FRST
2014-02-19 12:44 - 2014-02-19 12:44 - 02153472 _____ (Farbar) C:\Users\MSI\Downloads\FRST64.exe
2014-02-16 18:49 - 2014-02-16 18:49 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-16 14:58 - 2014-02-16 14:58 - 13079688 _____ (Microsoft Corporation) C:\Users\MSI\Downloads\Silverlight_x64.exe
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Local\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\ProgramData\MathematicaPlayer
2014-02-11 22:54 - 2014-02-11 22:54 - 00001290 _____ () C:\Users\MSI\Desktop\Wolfram CDF Player 9.lnk
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\ProgramData\Mathematica
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-02-11 22:50 - 2014-02-11 22:54 - 00000000 ____D () C:\Program Files\Extras
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files (x86)\Wolfram Research
2014-02-11 22:49 - 2013-02-07 19:39 - 00369968 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i3.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00360752 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcpip32.mlp
2014-02-11 22:49 - 2013-02-07 19:39 - 00258864 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i2.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00252720 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i1.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00173360 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmodule32.dll
2014-02-11 22:49 - 2013-02-07 19:39 - 00095536 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcp32.mlp
2014-02-11 22:49 - 2013-02-07 19:39 - 00088368 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlshm32.mlp
2014-02-11 22:49 - 2013-02-07 19:39 - 00078128 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmap32.mlp
2014-02-11 22:46 - 2014-02-11 22:48 - 201814584 _____ (Wolfram Research, Inc. ) C:\Users\MSI\Downloads\CDFPlayer_9.0.1_WIN.exe
2014-02-08 21:58 - 2014-02-08 21:58 - 00000000 ____D () C:\Users\Ezmeralda\AppData\Local\Blizzard Entertainment
2014-02-08 21:54 - 2014-02-08 21:57 - 00000000 ____D () C:\Users\Ezmeralda\Documents\StarCraft II
2014-02-04 23:22 - 2014-02-04 23:22 - 00000000 ____D () C:\Users\MSI\AppData\Local\Blizzard Entertainment
2014-02-04 19:51 - 2014-02-04 19:51 - 00000134 ____R () C:\Users\MSI\Desktop\Valid.Ext
2014-02-04 19:41 - 2014-02-04 19:51 - 00000000 ____D () C:\Super Nintendo
2014-02-04 19:41 - 2014-02-02 12:55 - 01781760 _____ (Gary Henderson) C:\Users\MSI\Desktop\Super Nintendo.exe
2014-02-03 22:37 - 2014-02-03 22:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
==================== One Month Modified Files and Folders =======
2014-02-19 12:45 - 2014-02-19 12:45 - 00006444 _____ () C:\Users\MSI\Downloads\FRST.txt
2014-02-19 12:45 - 2014-02-19 12:45 - 00000000 ____D () C:\FRST
2014-02-19 12:44 - 2014-02-19 12:44 - 02153472 _____ (Farbar) C:\Users\MSI\Downloads\FRST64.exe
2014-02-19 12:44 - 2013-12-05 23:49 - 00316640 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 12:41 - 2013-12-11 21:05 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 12:41 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 12:41 - 2009-07-13 20:51 - 00036755 _____ () C:\Windows\setupact.log
2014-02-18 23:34 - 2013-12-05 00:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 23:21 - 2013-12-11 21:05 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-18 22:56 - 2014-01-05 23:18 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-02-18 18:45 - 2009-07-13 20:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 18:45 - 2009-07-13 20:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 18:42 - 2009-07-13 21:13 - 00006166 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 21:16 - 2013-12-11 21:05 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 21:16 - 2013-12-11 21:05 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 18:49 - 2014-02-16 18:49 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-16 14:59 - 2014-02-16 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-16 14:58 - 2014-02-16 14:58 - 13079688 _____ (Microsoft Corporation) C:\Users\MSI\Downloads\Silverlight_x64.exe
2014-02-12 19:34 - 2009-07-13 20:45 - 00344664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-12 00:22 - 2014-01-13 21:17 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\Spotify
2014-02-11 23:22 - 2014-01-13 21:17 - 00000000 ____D () C:\Users\MSI\AppData\Local\Spotify
2014-02-11 23:01 - 2013-12-09 01:11 - 00076504 _____ () C:\Users\MSI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Roaming\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\MSI\AppData\Local\MathematicaPlayer
2014-02-11 22:58 - 2014-02-11 22:58 - 00000000 ____D () C:\ProgramData\MathematicaPlayer
2014-02-11 22:54 - 2014-02-11 22:54 - 00001290 _____ () C:\Users\MSI\Desktop\Wolfram CDF Player 9.lnk
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\ProgramData\Mathematica
2014-02-11 22:54 - 2014-02-11 22:54 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-02-11 22:54 - 2014-02-11 22:50 - 00000000 ____D () C:\Program Files\Extras
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files (x86)\Wolfram Research
2014-02-11 22:48 - 2014-02-11 22:46 - 201814584 _____ (Wolfram Research, Inc. ) C:\Users\MSI\Downloads\CDFPlayer_9.0.1_WIN.exe
2014-02-09 22:16 - 2013-12-13 21:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-08 22:01 - 2014-01-05 23:18 - 00000000 ____D () C:\Users\MSI\Documents\StarCraft II
2014-02-08 21:58 - 2014-02-08 21:58 - 00000000 ____D () C:\Users\Ezmeralda\AppData\Local\Blizzard Entertainment
2014-02-08 21:57 - 2014-02-08 21:54 - 00000000 ____D () C:\Users\Ezmeralda\Documents\StarCraft II
2014-02-05 00:34 - 2013-12-05 00:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 00:34 - 2013-12-05 00:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 00:34 - 2013-12-05 00:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 23:22 - 2014-02-04 23:22 - 00000000 ____D () C:\Users\MSI\AppData\Local\Blizzard Entertainment
2014-02-04 20:19 - 2013-12-11 21:06 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 19:51 - 2014-02-04 19:51 - 00000134 ____R () C:\Users\MSI\Desktop\Valid.Ext
2014-02-04 19:51 - 2014-02-04 19:41 - 00000000 ____D () C:\Super Nintendo
2014-02-03 22:37 - 2014-02-03 22:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 22:37 - 2014-02-03 22:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-03 22:35 - 2013-12-09 01:04 - 00000000 ____D () C:\ProgramData\Apple
2014-02-02 12:55 - 2014-02-04 19:41 - 01781760 _____ (Gary Henderson) C:\Users\MSI\Desktop\Super Nintendo.exe
2014-01-23 11:48 - 2013-12-15 00:55 - 00000000 ____D () C:\Users\Linda
2014-01-23 11:48 - 2013-12-15 00:39 - 00000000 ____D () C:\Users\Guest
2014-01-23 11:48 - 2013-12-11 20:52 - 00000000 ____D () C:\Users\Ezmeralda
2014-01-23 11:48 - 2013-12-04 23:53 - 00000000 ____D () C:\Users\MSI
2014-01-23 11:47 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_a aa_aih[1].exe
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_a aa_aih[1]_1.exe
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_a aa_aih[1]_2.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 22:21
==================== End Of Log ============================
And here is the addition.txt log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by MSI at 2014-02-19 12:45:37
Running from C:\Users\MSI\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKCU Version: 3.3.2.30380 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
Half-Life 2: Deathmatch (x32 Version: - Valve)
Hawken (HKCU Version: - Meteor Entertainment)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
LibreOffice 4.1.0.4 (x32 Version: 4.1.0.4 - The Document Foundation)
Mathematica Extras 9.0 (4092550) (Version: 9.0.1 - Wolfram Research, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PlanetSide 2 (HKCU Version: 1.0.3.183 - Sony Online Entertainment)
Sound Blaster X-Fi MB 2 (x32 Version: 1.04.00 - Creative Technology Limited)
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
StarCraft II (x32 Version: - Blizzard Entertainment)
Steam (x32 Version: - Valve Corporation)
THX TruStudio Pro (x32 Version: 1.04.00 - Creative Technology Limited)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (x32 Version: 9.0.1 - Wolfram Research, Inc.)
==================== Restore Points =========================
21-12-2013 09:07:53 Windows Update
29-12-2013 19:37:38 Scheduled Checkpoint
06-01-2014 07:10:42 Restore Operation
22-01-2014 06:37:26 Scheduled Checkpoint
30-01-2014 03:12:31 Scheduled Checkpoint
01-02-2014 22:55:23 Windows Update
09-02-2014 06:28:20 Scheduled Checkpoint
16-02-2014 07:03:46 Scheduled Checkpoint
==================== Hosts content: ==========================
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {237167B8-0564-4CB5-8B5E-090A0240CD90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {5D2B84A8-521F-4D46-8391-B1149EC704F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
Task: {DC1313E0-2C33-4E66-B607-68DC0C295533} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EC5D92ED-8B75-4FEB-87A3-3A677CAA55F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-05 00:21 - 2011-07-21 20:04 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-12-05 00:21 - 2011-07-21 20:02 - 00207872 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-04 20:19 - 2014-02-01 15:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 20:19 - 2014-02-01 15:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 20:19 - 2014-02-01 15:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 20:19 - 2014-02-01 15:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 20:19 - 2014-02-01 15:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/19/2014 00:43:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/18/2014 06:39:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/17/2014 09:12:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 01:05:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (02/17/2014 00:35:14 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (02/16/2014 11:45:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
System errors:
=============
Error: (02/09/2014 10:16:07 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053
Error: (02/09/2014 10:16:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (02/09/2014 01:38:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
Error: (02/06/2014 11:47:23 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:55:25 PM on 2/5/2014 was unexpected.
Error: (02/04/2014 07:39:59 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/04/2014 07:39:59 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/04/2014 07:39:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/04/2014 07:39:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/01/2014 02:24:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/01/2014 02:24:17 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Microsoft Office Sessions:
=========================
Error: (02/19/2014 00:43:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (02/18/2014 06:42:44 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (02/18/2014 06:39:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (02/17/2014 09:15:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (02/17/2014 09:12:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/17/2014 01:05:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.co...rootstl.cabThe data is invalid.
Error: (02/17/2014 00:35:14 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.co...rootstl.cabThe data is invalid.
Error: (02/16/2014 11:45:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 4095.24 MB
Available physical RAM: 2939.48 MB
Total Pagefile: 8188.68 MB
Available Pagefile: 6794.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:158.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 5FE34B69)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================