mikehende

I've always been told that the HDD is unrelated to a linux OS and is one way to know if the HDD is bad [if the linux loads and runs properly]?

If that is the case Cindy, any idea why Knoppix would not load?

The repair did not work, it restarted itself after showing another error message then shows now "Diagnosing your pc"

When I press the power button, it shows "no bootable device-Please restart system. Your pc ran into a problem and needs to restart." 1] I changed the Boot order to boot Knoppix but then I get: "Boot Failure: a proper digital signature was not found. One of the files on the selected boot device was rejected by the secure boot feature" then the laptop shuts down. 2] I also see the options to go into safe mode but it doesn't work and the system restarts itself. 3] I tried doing a factory recovery by holding down the 0 key as it suggests here: https://support.toshiba.com/support/viewContentDetail?contentId=2737864 but that does not work with the system restarting itself. 4] Now I am seeing: Repairing disk errors. This might take over an hour to complete" If the above no.4 does not work, I am thinking I can try running a chkdsk but how can I do so from outside of windows? BTW, I am now sometimes hearing a "clicking" noise every now and then, I am guessing this is coming from the HDD while the system is trying to repair it?

Problem solved, wish I could do what you've just done, as usual thanks a million for the help Pete! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2014 Ran by user at 2014-10-22 17:52:59 Run:1 Running from C:\Users\user\Desktop Loaded Profile: user (Available profiles: user) Boot Mode: Normal ============================================== Content of fixlist: ***************** FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs () S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] 2014-10-20 07:25 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\sqmjyr C:\Users\user\AppData\Local\Temp\39340F291.exe C:\Users\user\AppData\Local\Temp\68e3f.exe C:\Users\user\AppData\Local\Temp\6F19Aa.exe C:\Users\user\AppData\Local\Temp\7b26.exe C:\Users\user\AppData\Local\Temp\burnsetup.exe C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\user\AppData\Local\Temp\i4jdel0.exe C:\Users\user\AppData\Local\Temp\instract.exe C:\Users\user\AppData\Local\Temp\nsc6F7D.exe C:\Users\user\AppData\Local\Temp\nsh6D79.exe C:\Users\user\AppData\Local\Temp\nsmF106.exe C:\Users\user\AppData\Local\Temp\nss5248.exe C:\Users\user\AppData\Local\Temp\nsx543C.exe C:\Users\user\AppData\Local\Temp\ose00000.exe C:\Users\user\AppData\Local\Temp\ose00001.exe C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe C:\Users\user\AppData\Local\Temp\sp-downloader.exe C:\Users\user\AppData\Local\Temp\tmp8B39.exe C:\Users\user\AppData\Local\Temp\vpsetup.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs Hosts: CMD: ipconfig /flushdns EmptyTemp: ***************** Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml => Moved successfully. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs => Moved successfully. MBAMSwissArmy => Service deleted successfully. C:\Users\user\AppData\Roaming\sqmjyr => Moved successfully. C:\Users\user\AppData\Local\Temp\39340F291.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\68e3f.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\6F19Aa.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\7b26.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\burnsetup.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\i4jdel0.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\instract.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\nsc6F7D.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\nsh6D79.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\nsmF106.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\nss5248.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\nsx543C.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\ose00001.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\sp-downloader.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\tmp8B39.exe => Moved successfully. C:\Users\user\AppData\Local\Temp\vpsetup.exe => Moved successfully. "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs" => File/Directory not found. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 2.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2014 Ran by user at 2014-10-22 16:30:21 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 95742 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AlbumPlayer V5.3e Demo Edition (HKLM\...\AlbumPlayer Demo Edition_is1) (Version: - Albumon) AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.) BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com) Briz MP3 Splitter (HKLM\...\Briz MP3 Splitter_is1) (Version: - ) CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP) EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation) erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.) GoldWave v5.70 (HKLM\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden HP Softpaq SP45813 (HKLM\...\SP45813) (Version: - ) ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2413 - Intel Corporation) Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MP3 Diags (HKLM\...\MP3Diags) (Version: - ) MP3 Splitter 5.5.1.a (HKLM\...\F87A61F2-76B1-4D8B-BBE5-C23086BF8E95_is1) (Version: - Accmeware Corporation) OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - ) Samsung Link 2.0.0.1407291559 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1407291559 - Copyright 2013 SAMSUNG) Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer) Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.) VirtualDJ (HKLM\...\VirtualDJ) (Version: - ) WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 21-10-2014 16:28:23 Removed Microsoft Office Professional Plus 2010 21-10-2014 16:59:06 Installed Microsoft Office Professional Plus 2010 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E577432-A09F-4C2C-97A7-FB0BF6BB203D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.) Task: {6B6C1EEA-9A81-42BF-A948-9CA95F810552} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.) Task: {854B572C-F8D7-4D76-8753-CD9E1C8A90DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {93AF4437-BB52-46F0-979A-AF35A95F3B4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.) Task: {96EEC2D1-88A0-4324-8291-0F79E4AF8F60} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-21] () Task: {A2F352EE-0ABF-422D-8B97-4EDDE3E8E228} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-04-22 13:34 - 2014-07-29 15:59 - 00022016 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll 2014-04-22 13:34 - 2014-07-29 15:59 - 00041472 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll 2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll 2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll 2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll 2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll 2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll 2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2014-04-22 13:34 - 2014-07-29 15:59 - 01595392 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll 2014-04-22 13:34 - 2014-07-29 15:59 - 01165824 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll 2014-07-31 14:07 - 2014-07-31 14:07 - 00640512 _____ () C:\Windows\Temp\sqlite-3.7.151-x86-sqlitejdbc.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll 2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll 2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll 2014-09-24 18:55 - 2014-09-24 18:55 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-09-09 17:59 - 2014-09-09 17:59 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3001920249-2789374724-3985487498-500 - Administrator - Disabled) Guest (S-1-5-21-3001920249-2789374724-3985487498-501 - Limited - Disabled) user (S-1-5-21-3001920249-2789374724-3985487498-1000 - Administrator - Enabled) => C:\Users\user ==================== Faulty Device Manager Devices ============= Name: PCI Serial Port Description: PCI Serial Port Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2014 00:08:43 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/21/2014 00:36:46 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/20/2014 07:30:08 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/16/2014 06:19:19 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/15/2014 03:39:10 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/14/2014 07:33:21 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/12/2014 10:05:40 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/11/2014 07:14:02 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/11/2014 07:03:01 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/06/2014 04:02:40 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. System errors: ============= Error: (10/21/2014 07:53:33 PM) (Source: DCOM) (EventID: 10001) (User: ) Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (10/21/2014 01:58:48 AM) (Source: DCOM) (EventID: 10001) (User: ) Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (10/20/2014 06:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Error: (10/20/2014 05:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Error: (10/20/2014 04:55:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Error: (10/20/2014 03:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Error: (10/20/2014 02:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Error: (10/20/2014 01:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Error: (10/20/2014 00:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Error: (10/19/2014 11:55:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The SPP Notification Service service terminated with the following error: %%5 Microsoft Office Sessions: ========================= Error: (10/22/2014 00:08:43 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/21/2014 00:36:46 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/20/2014 07:30:08 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/16/2014 06:19:19 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/15/2014 03:39:10 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/14/2014 07:33:21 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/12/2014 10:05:40 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/11/2014 07:14:02 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/11/2014 07:03:01 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (10/06/2014 04:02:40 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 64% Total physical RAM: 1977.25 MB Available physical RAM: 709.05 MB Total Pagefile: 3954.49 MB Available Pagefile: 2612.65 MB Total Virtual: 2047.88 MB Available Virtual: 1902.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:61.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014 Ran by user (administrator) on USER-PC on 22-10-2014 16:29:48 Running from C:\Users\user\Desktop Loaded Profile: user (Available profiles: user) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [566112 2014-07-29] (Copyright 2013 SAMSUNG) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.) HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKU\S-1-5-21-3001920249-2789374724-3985487498-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE [219008 2011-04-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3001920249-2789374724-3985487498-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-22] (Microsoft Corporation) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs () ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x26C8480E975DCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.) BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.) Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: https://my.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-26] FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-05-21] FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-05-21] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed] R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-07-29] (Copyright 2013 SAMSUNG) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2014-04-21] () [File not signed] S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [103416 2013-12-03] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [290376 2013-12-03] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.) R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83864 2013-12-03] (Trend Micro Inc.) R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 16:29 - 2014-10-22 16:30 - 00012461 _____ () C:\Users\user\Desktop\FRST.txt 2014-10-22 16:29 - 2014-10-22 16:29 - 00000000 ____D () C:\FRST 2014-10-22 16:28 - 2014-10-22 16:28 - 01103360 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2014-10-21 13:07 - 2014-10-21 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-10-21 13:07 - 2014-10-21 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-10-21 13:04 - 2014-10-21 13:04 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services 2014-10-21 13:04 - 2014-10-21 13:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Windows\PCHEALTH 2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2014-10-21 13:01 - 2014-10-21 13:01 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8 2014-10-21 13:00 - 2014-10-21 13:00 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-10-21 12:59 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-10-21 12:59 - 2014-10-21 12:59 - 00000000 __RHD () C:\MSOCache 2014-10-20 07:29 - 2014-10-21 12:36 - 00000000 _____ () C:\Windows\DCEBOOT.LOG 2014-10-20 07:26 - 2014-10-20 07:30 - 00021528 _____ () C:\Windows\DCEBoot.exe 2014-10-20 07:25 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\sqmjyr 2014-10-15 01:27 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 01:27 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 01:27 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 01:27 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 01:27 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 01:27 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 01:27 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 01:27 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 01:27 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 01:27 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 01:27 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 01:27 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 01:27 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 01:27 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 01:27 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 01:27 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 01:27 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 01:27 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 01:27 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 01:27 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 01:27 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 01:27 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 01:27 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 01:27 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 01:27 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 01:26 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 01:26 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 01:26 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 01:26 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 01:26 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 01:26 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 01:26 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 01:26 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 01:26 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 01:26 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 01:26 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 01:26 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 01:26 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 01:26 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-15 01:26 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 01:26 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 01:26 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 01:26 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 01:26 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 01:26 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 01:26 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 01:26 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 01:26 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-10-15 01:26 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-15 01:26 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-10-15 01:26 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-10-15 01:25 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 01:25 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 01:25 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 01:25 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 01:25 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 01:25 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 01:25 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 01:25 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 01:25 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 01:25 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 01:25 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-10-15 01:25 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 01:25 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 01:25 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 01:25 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 01:25 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 01:25 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 01:25 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 01:25 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 01:25 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-14 17:45 - 2014-10-15 18:45 - 00000000 ____D () C:\ALBUMS 2014-10-14 08:03 - 2014-10-14 08:03 - 00000000 ____D () C:\Users\user\AppData\Local\MediaMonkey 2014-10-14 08:02 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\MediaMonkey 2014-10-14 08:02 - 2014-10-14 08:02 - 00001005 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk 2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\ProgramData\MediaMonkey 2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\Program Files\MediaMonkey 2014-10-14 08:01 - 2014-10-14 08:01 - 15197616 _____ (Ventis Media Inc. ) C:\Users\user\Downloads\MediaMonkey_4.1.4.1709.exe 2014-10-13 13:10 - 2014-10-13 13:10 - 00880272 _____ (Google Inc.) C:\Users\user\Downloads\googledrivesync.exe 2014-10-13 13:10 - 2014-10-13 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-10-08 16:29 - 2014-10-08 16:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB 2014-10-08 16:29 - 2014-10-08 16:29 - 00000000 ____D () C:\Program Files\RMPrepUSB 2014-10-07 09:43 - 2014-10-07 09:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerISO 2014-10-07 09:41 - 2014-10-08 08:01 - 00000000 ____D () C:\pebuilder3110a 2014-10-07 09:41 - 2014-10-07 09:41 - 03306678 _____ (Bart Lagerweij ) C:\Users\user\Downloads\pebuilder3110a.exe 2014-10-07 09:38 - 2014-10-07 09:38 - 02959872 _____ (Power Software Ltd) C:\Users\user\Downloads\PowerISO6.exe 2014-10-07 09:34 - 2014-10-07 09:34 - 00815616 _____ () C:\Users\user\Downloads\WinSetupFromUSB 0-2-2.exe 2014-10-07 09:31 - 2014-10-07 09:31 - 00815616 _____ () C:\Users\user\Downloads\WinSetupFromUSB 0-2-2.exe.exe 2014-10-06 18:35 - 2014-10-06 18:39 - 498751488 _____ () C:\Users\user\Documents\VRMSP_EN.ISO 2014-10-03 13:25 - 2014-10-03 13:59 - 00000000 ____D () C:\AlbumPlayerData 2014-10-03 13:23 - 2014-10-03 13:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\AlbumPlayer 2014-10-03 13:23 - 2014-10-03 13:25 - 00000000 ____D () C:\ProgramData\AlbumPlayer 2014-10-03 13:23 - 2014-10-03 13:23 - 00000000 ____D () C:\Users\user\AppData\Local\AlbumPlayer 2014-10-03 13:23 - 2014-10-03 13:23 - 00000000 ____D () C:\Program Files\Bonjour 2014-10-03 13:22 - 2014-10-03 13:22 - 00001005 _____ () C:\Users\user\Desktop\AlbumPlayer.lnk 2014-10-03 13:22 - 2014-10-03 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlbumPlayer 2014-10-03 13:21 - 2014-10-03 13:22 - 00000000 ____D () C:\Program Files\AlbumPlayer 2014-10-03 13:20 - 2014-10-03 13:21 - 27904340 _____ (Albumon ) C:\Users\user\Downloads\albumplayer_demo.exe 2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ___RD () C:\Program Files\Skype 2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-27 07:36 - 2014-09-27 07:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Apple Computer 2014-09-24 18:55 - 2014-09-24 18:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-23 13:55 - 2014-09-23 13:55 - 00000000 ____D () C:\Users\user\AppData\Local\Apple Computer 2014-09-23 07:15 - 2014-09-23 07:16 - 00000000 ____D () C:\Program Files\QuickTime 2014-09-23 07:15 - 2014-09-23 07:15 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-09-23 07:15 - 2014-09-23 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-09-23 07:15 - 2014-09-23 07:15 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-09-23 07:13 - 2014-09-23 07:13 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-09-23 07:12 - 2014-09-23 07:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\Users\user\AppData\Local\Apple 2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\ProgramData\Apple 2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-09-23 07:09 - 2014-09-23 07:09 - 41945432 _____ (Apple Inc.) C:\Users\user\Downloads\QuickTimeInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 16:28 - 2014-04-21 15:40 - 00115288 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-22 16:28 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-22 16:28 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-22 16:15 - 2014-08-19 14:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-22 16:11 - 2014-08-26 09:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-10-22 15:59 - 2014-04-21 15:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-22 13:15 - 2014-08-19 14:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-22 12:13 - 2014-04-21 18:14 - 01085139 _____ () C:\Windows\WindowsUpdate.log 2014-10-22 12:08 - 2014-04-22 06:31 - 00017298 _____ () C:\Windows\PFRO.log 2014-10-22 12:08 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-22 12:08 - 2009-07-14 00:39 - 00060662 _____ () C:\Windows\setupact.log 2014-10-22 12:08 - 2009-07-14 00:33 - 00428096 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-22 11:54 - 2014-07-07 13:43 - 00000000 ____D () C:\Users\user\Desktop\JOBS 2014-10-22 06:38 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-21 19:25 - 2014-09-09 12:32 - 00000000 ____D () C:\Users\user\Desktop\Daisy 2014-10-21 14:27 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-21 13:11 - 2014-04-21 17:32 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-21 13:05 - 2009-07-14 03:48 - 00000000 ____D () C:\Windows\ShellNew 2014-10-21 13:05 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\MSBuild 2014-10-21 13:05 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-21 13:03 - 2014-04-21 17:35 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-10-21 13:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-10-21 13:01 - 2009-07-13 22:04 - 00000478 _____ () C:\Windows\win.ini 2014-10-20 07:31 - 2014-09-15 15:37 - 00000000 ____D () C:\Users\user\Desktop\Test 2014-10-20 07:27 - 2014-05-30 11:06 - 00209432 _____ () C:\Windows\RegBootClean.exe 2014-10-18 08:34 - 2014-06-25 12:55 - 00000000 ____D () C:\goldwave 2014-10-18 08:22 - 2014-04-21 15:22 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-17 13:36 - 2014-08-19 14:17 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-15 04:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-10-14 17:42 - 2014-09-09 15:58 - 00000000 ___RD () C:\LUTHER 2014-10-14 17:06 - 2014-07-22 06:51 - 00000000 ____D () C:\Users\user\Desktop\Sur pics 2014-10-14 11:05 - 2014-05-21 19:59 - 00000000 ____D () C:\ProgramData\Trend Micro 2014-10-13 13:10 - 2014-08-19 14:16 - 00000000 ____D () C:\Users\user\AppData\Local\Google 2014-10-13 13:10 - 2014-08-19 14:16 - 00000000 ____D () C:\Program Files\Google 2014-10-10 15:27 - 2014-07-22 16:52 - 00000000 ____D () C:\Users\user\Desktop\Speakers 2014-10-07 08:31 - 2014-05-21 20:00 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-10-06 18:30 - 2014-09-12 10:41 - 00000000 ____D () C:\Cruzer files 2014-09-29 06:32 - 2014-04-21 15:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-27 07:37 - 2014-08-26 09:48 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-27 07:37 - 2014-08-26 09:47 - 00000000 ____D () C:\ProgramData\Skype 2014-09-24 14:59 - 2014-04-21 15:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-24 14:59 - 2014-04-21 15:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\39340F291.exe C:\Users\user\AppData\Local\Temp\68e3f.exe C:\Users\user\AppData\Local\Temp\6F19Aa.exe C:\Users\user\AppData\Local\Temp\7b26.exe C:\Users\user\AppData\Local\Temp\burnsetup.exe C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\user\AppData\Local\Temp\i4jdel0.exe C:\Users\user\AppData\Local\Temp\instract.exe C:\Users\user\AppData\Local\Temp\nsc6F7D.exe C:\Users\user\AppData\Local\Temp\nsh6D79.exe C:\Users\user\AppData\Local\Temp\nsmF106.exe C:\Users\user\AppData\Local\Temp\nss5248.exe C:\Users\user\AppData\Local\Temp\nsx543C.exe C:\Users\user\AppData\Local\Temp\ose00000.exe C:\Users\user\AppData\Local\Temp\ose00001.exe C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe C:\Users\user\AppData\Local\Temp\sp-downloader.exe C:\Users\user\AppData\Local\Temp\tmp8B39.exe C:\Users\user\AppData\Local\Temp\vpsetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 08:41 ==================== End Of Log ============================

Hi Pete, sorry not understanding this, I looked in the Task Manager and Msconfig lists but not seeing an entry with the letters "yyge"? If you mean the programs under "All Programs" from the Start menu, not understanding which program to remove?

I am seeing this error message when I start up my pc, can't find anything on it online?

Thanks Cindy, that's a great article and link but I am still trying to figure out how the word "cloud" can be associated with info being backed up on a physical computer server?

I am not understand the info on the net, on a pc your files are physically written on a disk in the HDD, where are files physically stored in a cloud?

I am almost at the point of trashing this freakin old touchscreen pc, I have tried almost every method of creating a boot sub flash drive, it boots but always some problem installing xp on this unit which lead me to believe it's the unit and not the boot softwares or methods I have tried? If it is something on the unit, I wonder if replacing the HDD will allow me to reinstall XP?

Sorry for the late reply Cindy, I am trying different methods as I find them over the net to boot from the flash drive, get back to you.

I skipped to the reformat instructions but as the attached pics shows, I cannot reformat?

Don't look like this will work. I got to loading bartpe on the machine via the flash drive but stuck at this part, when I navigate to "Diskpart", the cmd prompt only flickers for a split second and is gone so I cannot get to enter the commands. Step 5: Prepping the Hard Disk: You need to make sure that your hard drive is partitioned and formatted properly. Especially if you've had Linux or some other operating system on it, you'll need to repartition and format it. BartPE contains DiskPart for disk partitioning and A43 File Manager to format your drive. If you are sure that your hard drive is set up properly (i.e. it has only run Windows, it contains a valid FAT or NTFS partition) then you can safe yourself the hassle and skip this step. To repartition (This procedure will destroy any data on the hard drive): From the Go menu, navigate to DiskPart. Enter the commands needed to repartition your drive. For example, try the following: select disk 0 (select the first disk), clean (purges the entire drive, essentially resetting it), create partition primary (creates a single partition from the entire disk), assign (assign the partition a drive letter), exit (quits DiskPart).

I am trying this here: http://www.poweriso.com/tutorials/how-to-make-winxp-bootable-usb-drive.htm but the poweriso method but is is asking for the location of the XP files which is on the CD in the DVD drive and when I select it, as the screenshot shows I am seeing a few different folders and don't know which one to select? I am thinking every folder on the CD has to be included? I have the iso image file from yesterday but looks like bartpe is asking to create the xp iso and not copy it, any ideas please?

That's accurate I tried "Rufus" but it did not work.

I have searched the net for instructions on creating an XP bootable flash drive but not understanding the instructions, I need XP Pro SP2, I have the discs but nor sure I can create this on my win7 machine?

Noted, ok guys, really appreciate the help and knowledge!

Ok, one final question guys, I am guessing I will be needing all versions of win8 and also 8.1?

I am trying to figure out which touchscreen software is on this unit so i can try doing a fresh install and would appreciate any help advice please since I cannot find a touchscreen specific forum on the net where I might get help with this? I am seeing a folder on the C drive named "Touchscreen", inside that folder I am seeing a few items with one document titled "Instructions for installing Zounds touchscreen, when I open that doc, I am seeing "Instructions for installing Solo 17 Touchscreen in Zounds Store" and then in another location C/Program Files I am seeing this folder "SimpleTouch FE", can anyone shed any light on which software is the actual touchscreen software please? Maybe I can look in the Device Manager for drivers but under which item should I look for the touchscreen drivers in "Sound, video and game Controllers"?

Ok, I'll see about getting all versions of win8 on one disk but before I move on from this thread, can anyone confirm this question I had asked before please so next time I will know what the deal is? "So if I understand this correctly, best bet would be to get a disc with all versions of win8 and any unit which had any version of win8 installed would automatically choose the correct version to reinstall?"

Well, would this do the job? http://getintopc.com/softwares/operating-systems/download-windows-8-pro/

So if I understand this correctly, best bet would be to get a disc with all versions of win8 and the laptop in question would choose the correct version?