This post is in reference to my thread in Windows Update
Checkup results:
Results of screen317's Security Check version 1.001
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Reader XI
Mozilla Firefox 36.0.4 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST results:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Rito (administrator) on HOMEPC on 01-05-2015 18:24:53
Running from C:\Users\Rito\Desktop
Loaded Profiles: Rito (Available profiles: Rito & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\...\MountPoints2: {5fb743fb-78b1-11e2-be70-9c2a701dfdce} - "J:\LaunchU3.exe" -a
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll [20328 2012-07-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Rito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USB Control Center.lnk [2014-10-07]
ShortcutTarget: USB Control Center.lnk -> C:\Program Files\Belkin\USB Control Center\Connect.exe (Belkin International, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-07-09] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
SearchScopes: HKU\S-1-5-21-3433547100-3960895037-459998971-1001 -> DefaultScope {91E6FD29-62A2-45D8-A552-9A0305A9D5C6} URL =
SearchScopes: HKU\S-1-5-21-3433547100-3960895037-459998971-1001 -> {91E6FD29-62A2-45D8-A552-9A0305A9D5C6} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-02] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-09] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-09] (AVAST Software)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetings.calguard.ca.gov/client/T27LD/webex/ieatgpc1.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Rito\AppData\Roaming\Mozilla\Firefox\Profiles\mqgk2wv9.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-07-25] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-09]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2014-10-07] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 HPSLPSVC; C:\Users\Rito\AppData\Local\Temp\7zS7D2A\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-06] (Malwarebytes Corporation)
R3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive)
R2 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [304480 2014-10-07] (silex technology, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 18:24 - 2015-05-01 18:25 - 00016631 _____ () C:\Users\Rito\Desktop\FRST.txt
2015-05-01 18:23 - 2015-05-01 18:24 - 00000000 ____D () C:\FRST
2015-05-01 18:22 - 2015-05-01 18:22 - 02101248 _____ (Farbar) C:\Users\Rito\Desktop\FRST64.exe
2015-05-01 18:13 - 2015-05-01 18:13 - 00000000 ___RD () C:\Users\Rito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-26 21:00 - 2015-04-26 21:00 - 00093795 _____ () C:\Users\Rito\Desktop\WindowsUpdate.zip
2015-04-26 19:22 - 2015-04-26 19:22 - 45142221 _____ () C:\Users\Rito\Desktop\CBS.zip
2015-04-26 15:06 - 2015-04-26 15:06 - 04044661 _____ () C:\Users\Rito\Desktop\Windows8-RT-KB3031432-x64.msu
2015-04-25 20:24 - 2015-04-25 20:24 - 00002906 _____ () C:\Users\Rito\Desktop\SFCFix.txt
2015-04-25 20:23 - 2015-04-25 20:23 - 01359702 _____ () C:\Users\Rito\Desktop\SFCFix.zip
2015-04-25 20:21 - 2015-04-25 20:21 - 01317376 _____ (niemiro) C:\Users\Rito\Desktop\SFCFix.exe
2015-04-25 20:19 - 2015-04-25 20:24 - 00000000 ____D () C:\Users\Rito\AppData\Local\niemiro
2015-04-25 16:41 - 2015-04-25 16:40 - 01491660 _____ () C:\Users\Rito\Desktop\cbs.txt
2015-04-08 22:01 - 2015-04-08 22:01 - 00175251 _____ () C:\Users\Rito\Documents\D 185_April 2015 COMPANY MEETING SLIDE DECK.pptx
2015-04-08 21:24 - 2015-04-08 21:24 - 00051335 _____ () C:\Users\Rito\Documents\GST TRACKER FY 15.xlsx
2015-04-06 22:27 - 2015-04-06 22:27 - 00000000 ____D () C:\Users\Rito\Documents\07-GFT-0108
2015-04-06 00:36 - 2014-10-13 18:38 - 00450773 ____R () C:\windows\system32\Drivers\etc\hosts.20150406-003614.backup
2015-04-05 00:51 - 2015-04-25 20:24 - 00000000 ____D () C:\SFCFix
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 18:23 - 2014-07-09 12:36 - 00000000 ____D () C:\Users\Rito\AppData\Local\CrashDumps
2015-05-01 18:23 - 2014-07-09 10:18 - 01087879 _____ () C:\windows\WindowsUpdate.log
2015-05-01 18:22 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2015-05-01 18:19 - 2013-01-23 23:27 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-01 18:17 - 2012-07-26 00:28 - 00005598 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-01 18:10 - 2013-01-23 23:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-01 18:10 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-30 23:02 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2015-04-30 21:53 - 2015-02-26 22:33 - 00000426 _____ () C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-04-30 21:51 - 2014-07-23 16:03 - 00000350 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job
2015-04-28 22:02 - 2014-07-09 10:52 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-04-27 21:31 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-04-26 17:57 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2015-04-25 20:18 - 2014-07-10 17:34 - 00026871 _____ () C:\ProgramData\hpzinstall.log
2015-04-25 18:29 - 2014-07-22 17:49 - 00000000 ____D () C:\windows\system32\MRT
2015-04-25 18:27 - 2014-07-22 17:49 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-06 00:13 - 2014-07-09 11:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-06 00:00 - 2014-10-13 20:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 13:53 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
==================== Files in the root of some directories =======
2014-07-10 17:34 - 2015-04-25 20:18 - 0026871 _____ () C:\ProgramData\hpzinstall.log
2013-01-23 23:27 - 2013-01-23 23:27 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-01-23 23:24 - 2013-01-23 23:25 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-01-23 23:25 - 2013-01-23 23:26 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-01-23 23:24 - 2013-01-23 23:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-01-23 23:26 - 2013-01-23 23:27 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Some content of TEMP:
====================
C:\Users\Rito\AppData\Local\Temp\ose00000.exe
C:\Users\Rito\AppData\Local\Temp\ose00001.exe
C:\Users\Rito\AppData\Local\Temp\ose00002.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-30 21:33
==================== End Of Log ============================
Addition results:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Rito at 2015-05-01 18:25:37
Running from C:\Users\Rito\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3433547100-3960895037-459998971-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3433547100-3960895037-459998971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3433547100-3960895037-459998971-1006 - Limited - Enabled)
Rito (S-1-5-21-3433547100-3960895037-459998971-1001 - Administrator - Enabled) => C:\Users\Rito
UpdatusUser (S-1-5-21-3433547100-3960895037-459998971-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Aventail Access Manager (HKU\S-1-5-21-3433547100-3960895037-459998971-1001\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.71.491 - SonicWALL Inc)
Aventail Access Manager (x32 Version: 10.71.491 - SonicWALL Inc) Hidden
Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 10.71.237 - SonicWALL Inc)
Aventail Webifiers (HKLM-x32\...\{54D44AD1-A083-48B9-BD6F-AFD517B7C775}) (Version: 10.71.237 - SonicWALL Inc)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C7200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Driver 305.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 305.29 - NVIDIA Corporation)
NVIDIA Graphics Driver 305.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.29 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skypeâ„¢ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
USB Control Center (HKLM\...\Belkin USB Control Center) (Version: 2.0.0 - Belkin International, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-04-2015 22:43:56 Windows Update
12-04-2015 15:59:06 Windows Update
25-04-2015 16:39:32 Windows Update
30-04-2015 21:34:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 22:26 - 2015-04-06 00:36 - 00450831 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {062EDFEA-C763-485B-8478-31FE353F215E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {0D3FF4F5-F517-4FF9-8925-42000C1976DA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {1CB06522-047B-4C3F-B8E7-65CAC5C469B6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {29BFEA1B-127A-48F0-873B-81234F714ED3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {3AC1EF5D-7E2E-4D08-8EBD-ED2AFF7CAFBD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4B49D4F7-F885-49CF-AED4-4D8765B8B0DF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6F6A09AD-A000-4899-BD25-EE77221DC195} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {8BC8B247-C2F2-4EED-A163-F7890E8F8B66} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A5F05D07-D620-4F0F-83D4-33CE0D441626} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {BDF3EA56-BE44-4BB5-B45D-1E9ED9D6BDA7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-25] (Microsoft Corporation)
Task: {D9E9D20D-EF81-474F-96B3-7DD3778A3E7A} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-11-11] ()
Task: {E8D1705E-2FE3-4B7A-A591-845FCB82F319} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
==================== Loaded Modules (whitelisted) ==============
2014-10-07 15:22 - 2014-10-07 15:22 - 00055296 ____N () C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
2013-01-23 23:26 - 2012-04-24 19:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-02 20:28 - 2012-07-02 20:28 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-06-28 16:39 - 2012-06-28 16:39 - 00262144 _____ () C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
2014-09-18 11:37 - 2014-07-02 19:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-07-09 10:52 - 2014-07-09 10:52 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-30 22:27 - 2015-04-30 22:27 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15043001\algo.dll
2015-05-01 18:11 - 2015-05-01 18:11 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050101\algo.dll
2014-07-09 11:08 - 2014-05-13 10:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-09 11:08 - 2014-05-13 10:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-09 11:08 - 2014-05-13 10:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-09 11:08 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-09 11:08 - 2012-04-03 15:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-05 18:45 - 2014-11-05 18:45 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b4c56431dc6618247d108efd4895d52a\PSIClient.ni.dll
2013-01-23 23:25 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-09 10:52 - 2014-07-09 10:52 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-23 23:19 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-18 11:37 - 2014-07-30 15:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-07-06 09:09 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 11:37 - 2012-11-25 21:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Rito\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win CHROME 1920x1200.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3E4527D9-7B3E-4E2D-BF4A-DAE32D5E4A9E}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{CFECD4B8-C3FE-43BE-9228-F71CAC550824}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{23536418-5CD3-4F4C-8E48-FC759C90C850}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{4EAF1B49-2B35-46F3-B2EA-95C86636FD1F}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{FDD8F58D-F2A1-4C23-B82A-555EC1BBF1BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{DD24EEBD-64A4-4C49-9E4E-65900B0AEC98}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{EB8FA03E-2E84-45EC-8F5D-AABE8737019F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C944C2C3-BA0B-4A83-97ED-A8DF8FDCB254}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6465FB78-86B9-4F4E-A5A9-CCC770B89B22}] => (Allow) LPort=2869
FirewallRules: [{395A58D3-6445-416E-9E75-E9A165279510}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A0467417-98B7-4C3D-8922-F1EB3122EACB}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [UDP Query User{248365A6-A0DF-400D-956D-1F9B84C251FD}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{2675B85D-7DBC-4711-9B09-D586290D1A94}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{1FDDB922-1BBE-474C-A364-2A3CF2A5BF0F}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [{289164AD-F659-48CA-AB98-CC7C3F7BBA4A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{2A9C2E4B-A29A-4785-883E-5F7F056D71E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{557C2C82-537A-43D4-9F34-B348833BA5D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{11090A68-52A3-444C-A91C-542332C94EE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{F0AE9076-F09D-4D57-A043-B5134DB05379}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{130B4663-76B9-4840-8834-8B9976B65B49}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS5B3F\hppiw.exe
FirewallRules: [{0A61684E-287A-472E-B86F-8C3980450331}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS5B3F\hppiw.exe
FirewallRules: [{A3816DFC-A7FD-4A29-BFD3-EB2DA9C0B637}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS7D2A\hppiw.exe
FirewallRules: [{8C8600D1-DD39-4442-AE16-56E9BFD35C41}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS7D2A\hppiw.exe
FirewallRules: [{990D7052-F8B0-4468-8329-2A80F0B8383A}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS0146\setup\hpznui40.exe
FirewallRules: [{1B0FC33E-BC5B-46E6-955F-77C94C036C6F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{BAB27DB5-387B-405A-B350-199737B12C02}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3A52AE47-0252-4D34-8D7C-8E5B756058DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2D0AAF64-061D-423E-9AC9-1D12F126EF80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{8D1B1895-024A-42CB-8470-144E1CB4ECCC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{548208BF-D1D2-4F0F-A81C-D5EF5A9A83E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{AC6328E6-0FE5-475C-94B0-2D1DF777BA9B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{713796C7-9F75-44FE-B158-FF471BA5890A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{65B7E6EC-BAC2-4E86-B0AC-C805911F754D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{02B278E7-A22F-417A-9ECC-F663B9EDB6BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{FB85F515-2840-46D7-A2DC-3F0008CBFF34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{1EAC1B83-797E-41E8-9766-DFAA0F86175D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{96EC0412-30F4-48F1-A979-10EB9DCA1F89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{DA2309A6-BF7B-4934-8CB9-8568ADD44064}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{8DF0CBBF-B18D-49A6-807D-64E74AB2F19A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FB7D5B5-BF1F-4836-A3DA-EC775519CC79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E385B561-1830-44C1-B79A-F5D658CE6CF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A5CE6843-3CAC-42EC-88FC-F23D1202A43B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{32A64BB8-C868-4300-A1B9-E23E38965C0B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{57881774-B74E-4110-92C3-D68DBE846030}] => (Allow) C:\Program Files\Belkin\USB Control Center\Connect.exe
FirewallRules: [{8A858749-8E30-4198-AE7C-6D6C30BD0CDB}] => (Allow) LPort=19540
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2015 06:23:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x00056b0d
Faulting process id: 0x1848
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5
Error: (05/01/2015 06:17:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (05/01/2015 06:17:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (05/01/2015 06:14:04 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-04-08T01:14:03Z. Error Code: 0x80071A2D.
Error: (04/30/2015 09:35:56 PM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
copy. Check the Application and System event logs for any related errors.
Operation:
OnFreeze event
Freeze Event
Context:
Execution Context: Registry Writer
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {3ef130cc-d725-4a71-b0b7-b15ea70dc9e9}
Error: (04/30/2015 10:33:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/30/2015 10:33:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/28/2015 10:07:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/28/2015 10:07:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/27/2015 08:06:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
System errors:
=============
Error: (05/01/2015 06:22:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:20:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (05/01/2015 06:20:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:18:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (05/01/2015 06:17:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:15:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (05/01/2015 06:15:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:13:57 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x3000000054324. The name of the file is "\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1".
Error: (05/01/2015 06:13:57 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x10000000562e4. The name of the file is "\Windows\System32\config\SECURITY.LOG1".
Error: (05/01/2015 06:13:57 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x10000000562e2. The name of the file is "\Windows\System32\config\SAM.LOG1".
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 8153.01 MB
Available physical RAM: 6054.95 MB
Total Pagefile: 9689.02 MB
Available Pagefile: 7370.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.79 GB) (Free:830.31 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:12.24 GB) (Free:0.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 13F0DBA2)
Partition: GPT Partition Type.
==================== End Of Log ============================
Checkup results:
Results of screen317's Security Check version 1.001
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Reader XI
Mozilla Firefox 36.0.4 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST results:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Rito (administrator) on HOMEPC on 01-05-2015 18:24:53
Running from C:\Users\Rito\Desktop
Loaded Profiles: Rito (Available profiles: Rito & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\...\MountPoints2: {5fb743fb-78b1-11e2-be70-9c2a701dfdce} - "J:\LaunchU3.exe" -a
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll [20328 2012-07-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Rito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USB Control Center.lnk [2014-10-07]
ShortcutTarget: USB Control Center.lnk -> C:\Program Files\Belkin\USB Control Center\Connect.exe (Belkin International, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-07-09] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
SearchScopes: HKU\S-1-5-21-3433547100-3960895037-459998971-1001 -> DefaultScope {91E6FD29-62A2-45D8-A552-9A0305A9D5C6} URL =
SearchScopes: HKU\S-1-5-21-3433547100-3960895037-459998971-1001 -> {91E6FD29-62A2-45D8-A552-9A0305A9D5C6} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-02] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-09] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-09] (AVAST Software)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetings.calguard.ca.gov/client/T27LD/webex/ieatgpc1.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Rito\AppData\Roaming\Mozilla\Firefox\Profiles\mqgk2wv9.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-07-25] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-05] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-09]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2014-10-07] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 HPSLPSVC; C:\Users\Rito\AppData\Local\Temp\7zS7D2A\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-06] (Malwarebytes Corporation)
R3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive)
R2 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [304480 2014-10-07] (silex technology, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 18:24 - 2015-05-01 18:25 - 00016631 _____ () C:\Users\Rito\Desktop\FRST.txt
2015-05-01 18:23 - 2015-05-01 18:24 - 00000000 ____D () C:\FRST
2015-05-01 18:22 - 2015-05-01 18:22 - 02101248 _____ (Farbar) C:\Users\Rito\Desktop\FRST64.exe
2015-05-01 18:13 - 2015-05-01 18:13 - 00000000 ___RD () C:\Users\Rito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-26 21:00 - 2015-04-26 21:00 - 00093795 _____ () C:\Users\Rito\Desktop\WindowsUpdate.zip
2015-04-26 19:22 - 2015-04-26 19:22 - 45142221 _____ () C:\Users\Rito\Desktop\CBS.zip
2015-04-26 15:06 - 2015-04-26 15:06 - 04044661 _____ () C:\Users\Rito\Desktop\Windows8-RT-KB3031432-x64.msu
2015-04-25 20:24 - 2015-04-25 20:24 - 00002906 _____ () C:\Users\Rito\Desktop\SFCFix.txt
2015-04-25 20:23 - 2015-04-25 20:23 - 01359702 _____ () C:\Users\Rito\Desktop\SFCFix.zip
2015-04-25 20:21 - 2015-04-25 20:21 - 01317376 _____ (niemiro) C:\Users\Rito\Desktop\SFCFix.exe
2015-04-25 20:19 - 2015-04-25 20:24 - 00000000 ____D () C:\Users\Rito\AppData\Local\niemiro
2015-04-25 16:41 - 2015-04-25 16:40 - 01491660 _____ () C:\Users\Rito\Desktop\cbs.txt
2015-04-08 22:01 - 2015-04-08 22:01 - 00175251 _____ () C:\Users\Rito\Documents\D 185_April 2015 COMPANY MEETING SLIDE DECK.pptx
2015-04-08 21:24 - 2015-04-08 21:24 - 00051335 _____ () C:\Users\Rito\Documents\GST TRACKER FY 15.xlsx
2015-04-06 22:27 - 2015-04-06 22:27 - 00000000 ____D () C:\Users\Rito\Documents\07-GFT-0108
2015-04-06 00:36 - 2014-10-13 18:38 - 00450773 ____R () C:\windows\system32\Drivers\etc\hosts.20150406-003614.backup
2015-04-05 00:51 - 2015-04-25 20:24 - 00000000 ____D () C:\SFCFix
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 18:23 - 2014-07-09 12:36 - 00000000 ____D () C:\Users\Rito\AppData\Local\CrashDumps
2015-05-01 18:23 - 2014-07-09 10:18 - 01087879 _____ () C:\windows\WindowsUpdate.log
2015-05-01 18:22 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2015-05-01 18:19 - 2013-01-23 23:27 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-01 18:17 - 2012-07-26 00:28 - 00005598 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-01 18:10 - 2013-01-23 23:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-01 18:10 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-30 23:02 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2015-04-30 21:53 - 2015-02-26 22:33 - 00000426 _____ () C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-04-30 21:51 - 2014-07-23 16:03 - 00000350 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job
2015-04-28 22:02 - 2014-07-09 10:52 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-04-27 21:31 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-04-26 17:57 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2015-04-25 20:18 - 2014-07-10 17:34 - 00026871 _____ () C:\ProgramData\hpzinstall.log
2015-04-25 18:29 - 2014-07-22 17:49 - 00000000 ____D () C:\windows\system32\MRT
2015-04-25 18:27 - 2014-07-22 17:49 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-06 00:13 - 2014-07-09 11:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-06 00:00 - 2014-10-13 20:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 13:53 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
==================== Files in the root of some directories =======
2014-07-10 17:34 - 2015-04-25 20:18 - 0026871 _____ () C:\ProgramData\hpzinstall.log
2013-01-23 23:27 - 2013-01-23 23:27 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-01-23 23:24 - 2013-01-23 23:25 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-01-23 23:25 - 2013-01-23 23:26 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-01-23 23:24 - 2013-01-23 23:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-01-23 23:26 - 2013-01-23 23:27 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Some content of TEMP:
====================
C:\Users\Rito\AppData\Local\Temp\ose00000.exe
C:\Users\Rito\AppData\Local\Temp\ose00001.exe
C:\Users\Rito\AppData\Local\Temp\ose00002.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-30 21:33
==================== End Of Log ============================
Addition results:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Rito at 2015-05-01 18:25:37
Running from C:\Users\Rito\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3433547100-3960895037-459998971-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3433547100-3960895037-459998971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3433547100-3960895037-459998971-1006 - Limited - Enabled)
Rito (S-1-5-21-3433547100-3960895037-459998971-1001 - Administrator - Enabled) => C:\Users\Rito
UpdatusUser (S-1-5-21-3433547100-3960895037-459998971-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Aventail Access Manager (HKU\S-1-5-21-3433547100-3960895037-459998971-1001\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.71.491 - SonicWALL Inc)
Aventail Access Manager (x32 Version: 10.71.491 - SonicWALL Inc) Hidden
Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 10.71.237 - SonicWALL Inc)
Aventail Webifiers (HKLM-x32\...\{54D44AD1-A083-48B9-BD6F-AFD517B7C775}) (Version: 10.71.237 - SonicWALL Inc)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C7200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Driver 305.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 305.29 - NVIDIA Corporation)
NVIDIA Graphics Driver 305.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.29 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skypeâ„¢ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
USB Control Center (HKLM\...\Belkin USB Control Center) (Version: 2.0.0 - Belkin International, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-04-2015 22:43:56 Windows Update
12-04-2015 15:59:06 Windows Update
25-04-2015 16:39:32 Windows Update
30-04-2015 21:34:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 22:26 - 2015-04-06 00:36 - 00450831 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {062EDFEA-C763-485B-8478-31FE353F215E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {0D3FF4F5-F517-4FF9-8925-42000C1976DA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {1CB06522-047B-4C3F-B8E7-65CAC5C469B6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {29BFEA1B-127A-48F0-873B-81234F714ED3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {3AC1EF5D-7E2E-4D08-8EBD-ED2AFF7CAFBD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4B49D4F7-F885-49CF-AED4-4D8765B8B0DF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6F6A09AD-A000-4899-BD25-EE77221DC195} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {8BC8B247-C2F2-4EED-A163-F7890E8F8B66} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A5F05D07-D620-4F0F-83D4-33CE0D441626} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {BDF3EA56-BE44-4BB5-B45D-1E9ED9D6BDA7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-25] (Microsoft Corporation)
Task: {D9E9D20D-EF81-474F-96B3-7DD3778A3E7A} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-11-11] ()
Task: {E8D1705E-2FE3-4B7A-A591-845FCB82F319} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
==================== Loaded Modules (whitelisted) ==============
2014-10-07 15:22 - 2014-10-07 15:22 - 00055296 ____N () C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
2013-01-23 23:26 - 2012-04-24 19:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-02 20:28 - 2012-07-02 20:28 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-06-28 16:39 - 2012-06-28 16:39 - 00262144 _____ () C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
2014-09-18 11:37 - 2014-07-02 19:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-07-09 10:52 - 2014-07-09 10:52 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-30 22:27 - 2015-04-30 22:27 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15043001\algo.dll
2015-05-01 18:11 - 2015-05-01 18:11 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050101\algo.dll
2014-07-09 11:08 - 2014-05-13 10:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-09 11:08 - 2014-05-13 10:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-09 11:08 - 2014-05-13 10:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-09 11:08 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-09 11:08 - 2012-04-03 15:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-05 18:45 - 2014-11-05 18:45 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b4c56431dc6618247d108efd4895d52a\PSIClient.ni.dll
2013-01-23 23:25 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-09 10:52 - 2014-07-09 10:52 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-23 23:19 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-18 11:37 - 2014-07-30 15:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-07-06 09:09 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 11:37 - 2012-11-25 21:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Rito\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3433547100-3960895037-459998971-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win CHROME 1920x1200.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3E4527D9-7B3E-4E2D-BF4A-DAE32D5E4A9E}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{CFECD4B8-C3FE-43BE-9228-F71CAC550824}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{23536418-5CD3-4F4C-8E48-FC759C90C850}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{4EAF1B49-2B35-46F3-B2EA-95C86636FD1F}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{FDD8F58D-F2A1-4C23-B82A-555EC1BBF1BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{DD24EEBD-64A4-4C49-9E4E-65900B0AEC98}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{EB8FA03E-2E84-45EC-8F5D-AABE8737019F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C944C2C3-BA0B-4A83-97ED-A8DF8FDCB254}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6465FB78-86B9-4F4E-A5A9-CCC770B89B22}] => (Allow) LPort=2869
FirewallRules: [{395A58D3-6445-416E-9E75-E9A165279510}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A0467417-98B7-4C3D-8922-F1EB3122EACB}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [UDP Query User{248365A6-A0DF-400D-956D-1F9B84C251FD}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{2675B85D-7DBC-4711-9B09-D586290D1A94}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{1FDDB922-1BBE-474C-A364-2A3CF2A5BF0F}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [{289164AD-F659-48CA-AB98-CC7C3F7BBA4A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{2A9C2E4B-A29A-4785-883E-5F7F056D71E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{557C2C82-537A-43D4-9F34-B348833BA5D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{11090A68-52A3-444C-A91C-542332C94EE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{F0AE9076-F09D-4D57-A043-B5134DB05379}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{130B4663-76B9-4840-8834-8B9976B65B49}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS5B3F\hppiw.exe
FirewallRules: [{0A61684E-287A-472E-B86F-8C3980450331}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS5B3F\hppiw.exe
FirewallRules: [{A3816DFC-A7FD-4A29-BFD3-EB2DA9C0B637}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS7D2A\hppiw.exe
FirewallRules: [{8C8600D1-DD39-4442-AE16-56E9BFD35C41}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS7D2A\hppiw.exe
FirewallRules: [{990D7052-F8B0-4468-8329-2A80F0B8383A}] => (Allow) C:\Users\Rito\AppData\Local\Temp\7zS0146\setup\hpznui40.exe
FirewallRules: [{1B0FC33E-BC5B-46E6-955F-77C94C036C6F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{BAB27DB5-387B-405A-B350-199737B12C02}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3A52AE47-0252-4D34-8D7C-8E5B756058DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2D0AAF64-061D-423E-9AC9-1D12F126EF80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{8D1B1895-024A-42CB-8470-144E1CB4ECCC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{548208BF-D1D2-4F0F-A81C-D5EF5A9A83E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{AC6328E6-0FE5-475C-94B0-2D1DF777BA9B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{713796C7-9F75-44FE-B158-FF471BA5890A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{65B7E6EC-BAC2-4E86-B0AC-C805911F754D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{02B278E7-A22F-417A-9ECC-F663B9EDB6BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{FB85F515-2840-46D7-A2DC-3F0008CBFF34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{1EAC1B83-797E-41E8-9766-DFAA0F86175D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{96EC0412-30F4-48F1-A979-10EB9DCA1F89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{DA2309A6-BF7B-4934-8CB9-8568ADD44064}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{8DF0CBBF-B18D-49A6-807D-64E74AB2F19A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FB7D5B5-BF1F-4836-A3DA-EC775519CC79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E385B561-1830-44C1-B79A-F5D658CE6CF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A5CE6843-3CAC-42EC-88FC-F23D1202A43B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{32A64BB8-C868-4300-A1B9-E23E38965C0B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{57881774-B74E-4110-92C3-D68DBE846030}] => (Allow) C:\Program Files\Belkin\USB Control Center\Connect.exe
FirewallRules: [{8A858749-8E30-4198-AE7C-6D6C30BD0CDB}] => (Allow) LPort=19540
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2015 06:23:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x00056b0d
Faulting process id: 0x1848
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5
Error: (05/01/2015 06:17:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (05/01/2015 06:17:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (05/01/2015 06:14:04 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-04-08T01:14:03Z. Error Code: 0x80071A2D.
Error: (04/30/2015 09:35:56 PM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
copy. Check the Application and System event logs for any related errors.
Operation:
OnFreeze event
Freeze Event
Context:
Execution Context: Registry Writer
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {3ef130cc-d725-4a71-b0b7-b15ea70dc9e9}
Error: (04/30/2015 10:33:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/30/2015 10:33:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/28/2015 10:07:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/28/2015 10:07:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/27/2015 08:06:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
System errors:
=============
Error: (05/01/2015 06:22:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:20:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (05/01/2015 06:20:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:18:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (05/01/2015 06:17:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:15:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (05/01/2015 06:15:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (05/01/2015 06:13:57 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x3000000054324. The name of the file is "\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1".
Error: (05/01/2015 06:13:57 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x10000000562e4. The name of the file is "\Windows\System32\config\SECURITY.LOG1".
Error: (05/01/2015 06:13:57 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x10000000562e2. The name of the file is "\Windows\System32\config\SAM.LOG1".
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 8153.01 MB
Available physical RAM: 6054.95 MB
Total Pagefile: 9689.02 MB
Available Pagefile: 7370.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.79 GB) (Free:830.31 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:12.24 GB) (Free:0.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 13F0DBA2)
Partition: GPT Partition Type.
==================== End Of Log ============================
