Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by SYSTEM on MININT-RKU2GS9 on 19-03-2015 17:26:40 Running from h:\ Platform: Windows 7 Home Premium (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-17] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-07] () HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-30] (SEIKO EPSON CORPORATION) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Default\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] () ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-13] (ABBYY) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-17] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-17] (AVG Technologies CZ, s.r.o.) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] () S2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-07] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-17] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-09] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-07] (AVG Technologies) S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235520 2010-06-09] (ZTE Incorporated) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-16 00:16 - 2015-03-16 00:16 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\martin\Desktop\geek.exe 2015-03-16 00:14 - 2015-03-16 00:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\martin\Desktop\tdsskiller.exe 2015-03-16 00:11 - 2015-03-16 00:11 - 212463723 _____ () C:\Windows\MEMORY.DMP 2015-03-16 00:11 - 2015-03-16 00:11 - 00270440 _____ () C:\Windows\Minidump\031615-21325-01.dmp 2015-03-15 22:53 - 2015-03-15 22:54 - 00000000 ____D () C:\Users\martin\Desktop\New folder (3) 2015-03-15 22:48 - 2015-03-15 22:49 - 00000000 ____D () C:\Users\martin\Desktop\New folder (2) 2015-03-15 22:21 - 2015-03-15 22:21 - 00000204 _____ () C:\Windows\PFRO.log 2015-03-14 14:21 - 2015-03-14 14:21 - 02095616 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe 2015-03-14 13:56 - 2015-03-18 22:14 - 00000952 _____ () C:\Windows\setupact.log 2015-03-14 13:56 - 2015-03-14 13:56 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-11 21:53 - 2015-03-18 22:00 - 01124868 _____ () C:\Windows\System32\CFG3222717847 2015-03-07 00:31 - 2015-03-14 14:27 - 00030815 _____ () C:\Users\martin\Desktop\Addition.txt 2015-03-07 00:30 - 2015-03-14 14:27 - 00033036 _____ () C:\Users\martin\Desktop\FRST.txt 2015-03-07 00:26 - 2015-03-19 17:26 - 00000000 ____D () C:\FRST 2015-03-06 22:00 - 2015-03-12 16:42 - 00000000 ____D () C:\VIPRERESCUE 2015-03-06 16:20 - 2015-03-06 16:20 - 00004760 _____ () C:\Users\martin\Desktop\Statement_of_Account_20150306.html 2015-03-05 23:30 - 2015-03-05 23:30 - 00004002 _____ () C:\Windows\System32\Tasks\RegCure Pro_sch_994948B8-C3D2-11E4-839F-60EB69516051 2015-03-05 15:22 - 2015-03-05 15:23 - 00000000 ____D () C:\Users\martin\AppData\Roaming\QuickScan 2015-03-05 15:18 - 2015-03-05 15:18 - 00237870 _____ () C:\Users\martin\AppData\Local\census.cache 2015-03-05 15:18 - 2015-03-05 15:18 - 00118612 _____ () C:\Users\martin\AppData\Local\ars.cache 2015-03-05 14:53 - 2015-03-05 14:53 - 00000036 _____ () C:\Users\martin\AppData\Local\housecall.guid.cache 2015-03-05 14:41 - 2015-03-05 14:41 - 00000143 _____ () C:\Users\martin\Desktop\fault.txt 2015-03-05 03:52 - 2015-03-05 14:12 - 00000000 ____D () C:\8317c0f12b01bd55efee8d88 2015-03-05 01:47 - 2015-03-05 01:47 - 00003544 ____N () C:\bootsqm.dat 2015-03-04 20:21 - 2015-03-04 20:21 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices 2015-03-04 20:21 - 2015-03-04 20:21 - 00000000 ____D () C:\inetpub 2015-02-23 23:12 - 2015-02-23 23:12 - 00004515 _____ () C:\Users\martin\Desktop\Statement_of_Account phone.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-18 22:14 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-18 22:12 - 2013-07-05 17:52 - 01836393 _____ () C:\Windows\WindowsUpdate.log 2015-03-18 22:07 - 2009-07-13 21:13 - 00714754 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-03-18 22:06 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-18 22:06 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-18 22:00 - 2014-03-02 22:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-16 00:11 - 2010-12-27 08:09 - 00000000 ____D () C:\Windows\Minidump 2015-03-15 22:48 - 2011-12-02 20:21 - 00000000 ____D () C:\Users\martin\Desktop\New folder 2015-03-15 22:20 - 2010-12-21 02:18 - 00000000 ____D () C:\users\martin 2015-03-15 08:00 - 2010-12-21 22:13 - 00000000 ____D () C:\ProgramData\Recovery 2015-03-14 14:01 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp 2015-03-12 16:43 - 2012-06-10 21:20 - 00000000 ____D () C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ] 2015-03-12 16:43 - 2012-06-10 05:17 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe 2015-03-12 16:43 - 2011-07-13 01:11 - 00000000 ____D () C:\Users\martin\AppData\Roaming\vlc 2015-03-12 16:43 - 2010-12-21 03:42 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-12 16:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF 2015-03-12 16:42 - 2011-11-10 13:33 - 00000000 ____D () C:\Windows\System32\Macromed 2015-03-12 16:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration 2015-03-12 16:41 - 2011-01-16 01:54 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SoftGrid Client 2015-03-12 16:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat 2015-03-12 16:39 - 2011-11-11 14:59 - 00000000 ____D () C:\Program Files (x86)\Conduit 2015-03-06 16:39 - 2011-03-01 21:09 - 00120832 ___SH () C:\Users\martin\Thumbs.db 2015-03-05 14:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv 2015-03-05 14:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\inetsrv 2015-03-05 03:52 - 2014-05-24 15:21 - 00000000 ____D () C:\Windows\System32\MRT 2015-02-27 12:20 - 2012-03-05 05:06 - 00000000 ____D () C:\Users\martin\AppData\Local\Spotify ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-02-02 08:37:36 Restore point made on: 2015-02-11 03:18:56 Restore point made on: 2015-03-04 20:21:14 Restore point made on: 2015-03-05 03:52:16 Restore point made on: 2015-03-07 12:56:38 Restore point made on: 2015-03-15 22:20:25 ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 1978.92 MB Available physical RAM: 1393.86 MB Total Pagefile: 1978.92 MB Available Pagefile: 1386.76 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:282.5 GB) (Free:65.9 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive h: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 1B0FDEFE) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=282.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 5DDB0A76) Partition 1: (Active) - (Size=7.5 GB) - (Type=0B) LastRegBack: 2015-02-24 01:23 ==================== End Of Log ============================