Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by SYSTEM on MINWINPC on 03-04-2015 14:30:04 Running from e:\ Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet008 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Matrox PowerDesk SE] => C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe [3907328 2008-09-19] (Matrox Graphics Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-25] (Avast Software s.r.o.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor) HKU\ron\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\ron\...\Winlogon: [Shell] C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj\cable_tv\a_weighted_db_levels.exe,explorer.exe <==== ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) S2 atashost; C:\Windows\system32\atashost.exe [136784 2012-11-16] (Cisco WebEx LLC) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-25] (Avast Software s.r.o.) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-06] (Avast Software) S4 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-12-03] (Coupons.com Inc.) S4 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87368 2011-09-19] (Nero AG) S4 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [94208 2009-10-16] (Lexmark International, Inc.) S4 lxdu_device; C:\Windows\system32\lxducoms.exe [594600 2008-05-23] ( ) S2 Matrox.Pdesk.ServicesHost; C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [343296 2008-09-19] (Matrox Graphics Inc) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 MGABGEXE; C:\Windows\system32\mgabg.exe [87560 2007-04-04] (Matrox Graphics Inc.) S4 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S4 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-25] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-25] (Avast Software s.r.o.) S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-25] (Avast Software s.r.o.) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49904 2015-03-25] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-25] (Avast Software s.r.o.) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-25] (Avast Software s.r.o.) S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-25] (Avast Software s.r.o.) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208024 2015-03-25] () S3 G400DH; C:\Windows\System32\DRIVERS\g400dhm.sys [350592 2008-07-11] (Matrox Graphics Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-06] (Avast Software) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-03 06:08 - 2015-04-03 08:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2015-04-03 04:49 - 2015-04-03 04:49 - 00002512 _____ () C:\Users\ron\Desktop\fixlist.txt 2015-04-03 04:24 - 2015-04-02 17:05 - 126310400 _____ () C:\Users\ron\Desktop\vista32 rc (1).iso 2015-04-03 04:24 - 2015-04-02 16:39 - 00806816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\ron\Desktop\rufus-2.1.exe 2015-04-03 04:23 - 2015-04-02 16:57 - 01135104 _____ (Farbar) C:\Users\ron\Desktop\FRST.exe 2015-04-02 12:27 - 2015-04-02 12:28 - 00806816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\ron\Downloads\rufus-2.1.exe 2015-04-02 11:43 - 2015-04-02 11:43 - 00033437 _____ () C:\Users\ron\Desktop\FRST.txt 2015-04-02 11:42 - 2015-04-02 11:42 - 00037629 _____ () C:\Users\ron\Desktop\Addition.txt 2015-04-02 11:39 - 2015-04-02 11:39 - 00033437 _____ () C:\Users\ron\Documents\FRST.txt 2015-04-02 09:02 - 2015-04-03 07:51 - 00000000 ____D () C:\FRST 2015-04-01 17:17 - 2014-06-26 14:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe 2015-04-01 17:17 - 2014-06-26 14:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll 2015-04-01 17:17 - 2014-06-26 14:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll 2015-04-01 17:17 - 2014-06-05 20:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe 2015-04-01 17:11 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll 2015-04-01 17:11 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll 2015-04-01 17:11 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll 2015-04-01 17:08 - 2014-10-09 17:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll 2015-04-01 17:08 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2015-04-01 17:08 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2015-04-01 17:07 - 2014-12-18 16:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2015-04-01 17:06 - 2014-11-03 16:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2015-04-01 17:04 - 2014-11-06 17:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2015-04-01 16:22 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2015-04-01 16:22 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2015-04-01 16:15 - 2014-10-23 17:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2015-04-01 16:14 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2015-04-01 16:10 - 2014-08-22 17:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2015-04-01 16:08 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL 2015-04-01 15:50 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2015-04-01 15:50 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2015-04-01 15:50 - 2014-10-02 17:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2015-04-01 15:50 - 2014-10-02 17:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2015-04-01 15:49 - 2014-12-05 19:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2015-04-01 15:49 - 2014-12-05 19:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2015-04-01 15:49 - 2014-12-05 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2015-04-01 15:48 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2015-04-01 15:39 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys 2015-04-01 15:30 - 2014-12-02 18:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2015-04-01 15:30 - 2014-10-09 17:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2015-04-01 15:12 - 2014-12-05 19:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2015-04-01 15:11 - 2014-10-12 15:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2015-04-01 14:34 - 2014-06-06 00:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2015-04-01 14:34 - 2014-05-29 22:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2015-04-01 14:34 - 2014-04-04 18:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2015-04-01 14:33 - 2014-06-13 16:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2015-04-01 14:33 - 2014-06-13 16:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll 2015-04-01 14:33 - 2014-03-09 17:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2015-04-01 14:26 - 2014-06-02 02:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2015-04-01 14:26 - 2014-06-02 02:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll 2015-04-01 14:26 - 2014-06-02 02:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2015-04-01 14:26 - 2014-06-02 02:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2015-04-01 14:26 - 2014-06-02 00:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe 2015-04-01 14:24 - 2014-04-26 08:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll 2015-04-01 14:20 - 2014-11-24 12:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2015-04-01 14:20 - 2014-11-24 12:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-04-01 14:20 - 2014-11-24 12:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-04-01 14:20 - 2014-11-24 12:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-04-01 14:20 - 2014-11-24 12:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-04-01 14:20 - 2014-11-24 12:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-04-01 14:20 - 2014-11-24 12:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2015-04-01 14:20 - 2014-11-24 12:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2015-04-01 14:20 - 2014-11-24 12:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-04-01 14:20 - 2014-11-24 12:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2015-04-01 14:20 - 2014-11-24 12:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-04-01 14:20 - 2014-11-24 12:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-04-01 14:20 - 2014-11-24 12:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2015-04-01 14:20 - 2014-11-24 12:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2015-04-01 14:20 - 2014-11-24 12:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2015-04-01 14:20 - 2014-11-24 12:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2015-04-01 14:20 - 2014-11-24 12:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2015-04-01 14:20 - 2014-11-24 12:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2015-04-01 14:20 - 2014-11-24 12:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2015-04-01 14:20 - 2014-11-24 12:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2015-04-01 14:20 - 2014-11-24 12:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe 2015-04-01 14:20 - 2014-11-24 12:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2015-04-01 13:52 - 2015-04-01 13:53 - 00000000 ____D () C:\Users\ron\Downloads\backups 2015-04-01 12:58 - 2015-04-01 12:58 - 00004126 _____ () C:\Users\ron\Desktop\hijackthis2.log 2015-04-01 12:44 - 2015-04-01 12:46 - 00004126 _____ () C:\Users\ron\Downloads\hijackthis.log 2015-04-01 12:41 - 2015-04-03 04:20 - 00000000 ___HD () C:\Users\ron\AppData\Roaming\B4563337 2015-04-01 12:41 - 2015-04-01 12:41 - 00000000 _____ () C:\Users\ron\Desktop\HijackThis.exe.imk0clb.partial 2015-04-01 12:37 - 2015-04-01 12:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\ron\Downloads\HijackThis.exe 2015-04-01 10:40 - 2015-04-01 10:40 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-31 11:47 - 2015-04-03 10:06 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C} 2015-03-27 08:27 - 2015-04-03 10:06 - 00001356 _____ () C:\Users\ron\AppData\Local\d3d9caps.dat 2015-03-27 04:59 - 2015-03-27 04:59 - 00006024 _____ () C:\Users\ron\Desktop\hijackthis.log 2015-03-26 05:52 - 2015-03-26 05:52 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-03-25 04:46 - 2015-03-25 04:45 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe 2015-03-25 04:45 - 2015-03-25 04:45 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-03-23 06:53 - 2015-03-23 06:53 - 00005082 _____ () C:\Windows\System32\out.bin 2015-03-23 06:31 - 2015-03-27 06:43 - 00000000 ____D () C:\ProgramData\xkbhv 2015-03-19 09:18 - 2015-03-19 09:18 - 00000000 ____D () C:\Program Files\Coupons 2015-03-10 04:15 - 2015-03-10 04:15 - 00139040 _____ () C:\Windows\Minidump\Mini031015-01.dmp 2015-03-10 04:14 - 2015-03-10 04:14 - 182079254 _____ () C:\Windows\MEMORY.DMP 2015-03-09 04:22 - 2015-03-09 04:23 - 00000000 ____D () C:\Windows\System32\vbox 2015-03-04 07:45 - 2015-03-04 07:45 - 00000000 ____D () C:\Program Files\Common Files\Java(7) ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-03 10:22 - 2008-01-20 17:35 - 01349124 _____ () C:\Windows\WindowsUpdate.log 2015-04-03 10:12 - 2006-11-02 02:33 - 00759368 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-04-03 10:06 - 2006-11-02 04:47 - 00003712 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-03 10:06 - 2006-11-02 04:47 - 00003712 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-03 06:08 - 2006-11-02 03:18 - 00000000 ___HD () C:\Windows\System32\GroupPolicy 2015-04-02 13:29 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-02 09:07 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache 2015-04-02 04:12 - 2006-11-02 04:47 - 00373808 _____ () C:\Windows\System32\FNTCACHE.DAT 2015-04-02 04:11 - 2009-10-09 10:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-04-02 04:07 - 2006-11-02 04:37 - 00000000 ____D () C:\Program Files\Windows Journal 2015-04-01 17:04 - 2014-05-14 14:17 - 00000000 ____D () C:\Windows\System32\MRT 2015-04-01 11:21 - 2009-11-16 05:55 - 00000000 ____D () C:\Users\ron\AppData\Roaming\Skype 2015-04-01 11:04 - 2008-01-20 18:47 - 02502306 _____ () C:\Windows\PFRO.log 2015-04-01 10:39 - 2010-02-22 09:15 - 00000000 ____D () C:\Program Files\Google 2015-04-01 10:33 - 2009-12-09 09:00 - 00000000 ____D () C:\Users\ron\AppData\Local\Deployment 2015-03-31 12:07 - 2013-12-13 08:04 - 00000000 ____D () C:\Program Files\thinkTDAL 2015-03-31 12:07 - 2013-04-15 04:21 - 00000000 ____D () C:\Users\ron\.thinkorswim 2015-03-31 04:50 - 2014-12-15 09:02 - 00030208 _____ () C:\Users\ron\Desktop\ua and refulls.xls 2015-03-30 07:55 - 2010-08-09 05:35 - 00000000 ____D () C:\Users\ron\Desktop\hanlon 2015-03-26 05:52 - 2013-10-16 10:13 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-26 05:51 - 2014-10-21 04:33 - 00096680 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2015-03-25 04:46 - 2014-06-06 04:49 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys 2015-03-25 04:46 - 2014-06-06 04:49 - 00208024 _____ () C:\Windows\System32\Drivers\aswVmm.sys 2015-03-25 04:46 - 2014-06-06 04:49 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys 2015-03-25 04:46 - 2014-06-06 04:49 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswTdi.sys 2015-03-25 04:46 - 2014-06-06 04:49 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr.sys 2015-03-25 04:46 - 2014-06-06 04:49 - 00049904 _____ () C:\Windows\System32\Drivers\aswRvrt.sys 2015-03-25 04:46 - 2014-06-06 04:49 - 00024144 _____ () C:\Windows\System32\Drivers\aswHwid.sys 2015-03-25 04:45 - 2014-06-06 04:49 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys 2015-03-13 08:40 - 2014-08-27 07:03 - 00000000 ____D () C:\Users\ron\AppData\Local\Adobe 2015-03-13 08:40 - 2012-04-11 04:12 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2015-03-13 08:40 - 2011-06-21 09:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2015-03-10 04:15 - 2010-02-23 10:38 - 00000000 ____D () C:\Windows\Minidump 2015-03-06 12:00 - 2014-11-26 09:28 - 00001787 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-03-06 11:55 - 2015-02-12 07:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2015-03-06 11:54 - 2009-08-16 10:28 - 00000000 ____D () C:\temp 2015-03-06 11:53 - 2009-06-30 10:12 - 00000000 ____D () C:\users\ron 2015-03-06 11:53 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc 2015-03-06 11:52 - 2006-11-02 02:22 - 49807360 _____ () C:\Windows\System32\config\software_previous 2015-03-06 11:52 - 2006-11-02 02:22 - 35651584 _____ () C:\Windows\System32\config\components_previous 2015-03-06 11:52 - 2006-11-02 02:22 - 32505856 _____ () C:\Windows\System32\config\system_previous 2015-03-06 11:52 - 2006-11-02 02:22 - 00524288 _____ () C:\Windows\System32\config\default_previous 2015-03-06 11:52 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous 2015-03-06 11:52 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous 2015-03-06 11:51 - 2012-05-14 13:09 - 00000000 ____D () C:\Program Files\PCPitstop 2015-03-06 11:51 - 2009-10-08 11:31 - 00000000 ____D () C:\Windows\pss 2015-03-06 11:51 - 2009-08-17 13:14 - 00000000 ____D () C:\Program Files\Java 2015-03-06 11:51 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool 2015-03-06 11:51 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-02-10 10:45:07 Restore point made on: 2015-02-12 06:57:08 Restore point made on: 2015-02-12 07:10:05 Restore point made on: 2015-02-12 09:24:23 Restore point made on: 2015-02-13 06:20:09 Restore point made on: 2015-02-20 10:39:48 Restore point made on: 2015-03-06 11:44:16 Restore point made on: 2015-03-06 11:56:29 Restore point made on: 2015-03-06 13:11:39 Restore point made on: 2015-03-09 04:23:38 Restore point made on: 2015-03-18 10:10:27 Restore point made on: 2015-03-25 04:43:07 Restore point made on: 2015-03-26 04:22:20 Restore point made on: 2015-03-31 13:01:10 Restore point made on: 2015-04-01 14:43:49 Restore point made on: 2015-04-03 04:57:14 Restore point made on: 2015-04-03 07:46:29 ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 2036.56 MB Available physical RAM: 1614.8 MB Total Pagefile: 1852.88 MB Available Pagefile: 1686.91 MB Total Virtual: 2047.88 MB Available Virtual: 1977.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:207.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (2007_11_03_2329) (Removable) (Total:0.99 GB) (Free:0.83 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 436A7ED9) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1010.3 MB) (Disk ID: 00063EF3) Partition 1: (Active) - (Size=1009 MB) - (Type=07 NTFS) LastRegBack: 2015-04-03 10:12 ==================== End Of Log ============================