Hello,
I use Windows 7. A scan by Escan had 3 errors in the registry I believe:
03 Nov 2014 05:38:48 [13fc] - ERROR(l)!!! Invalid Entry AppInit_DLLs = c:\progra~1\optimi~1\optpro~1.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
03 Nov 2014 05:41:07 [13fc] - ERROR(2)!!! Invalid Entry \??\C:\Users\NELSON\AppData\Local\Temp\aswMBR.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\aswMBR.
03 Nov 2014 05:41:07 [13fc] - ERROR(2)!!! Invalid Entry \??\C:\Users\NELSON\AppData\Local\Temp\aswVmm.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\aswVmm.
I tried AswMBR quick scan but it was taking long. I was quite worried since I tried to find optpro~1.dll on the hard disk but could not do so. Googling it, I found that many people here have posted a same or similar file name.
I have tried system restore two times. Yet the same problem arises again.
Editing Post to paste the logs in here since I got time to do it.
ASWMBR Log:
aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software
Run date: 2014-11-03 15:07:49
-----------------------------
15:07:49.965 OS Version: Windows 6.1.7601 Service Pack 1
15:07:49.965 Number of processors: 2 586 0x170A
15:07:49.965 ComputerName: MYSUPERPC UserName: NELSON
15:08:31.867 Initialize success
15:08:32.585 VM: initialized successfully
15:08:32.585 VM: Intel CPU supported
15:08:36.168 VM: not used
15:08:36.183 supported disk I/O ataport.SYS
15:09:00.988 AVAST engine defs: 14110201
15:09:12.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:09:12.313 Disk 0 Vendor: WDC_WD3200AAKX-001CA0 15.01H15 Size: 305245MB BusType: 3
15:09:12.422 Disk 0 MBR read successfully I/O
15:09:12.422 Disk 0 MBR scan
15:09:12.516 Disk 0 Windows 7 default MBR code
15:09:12.547 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
15:09:12.563 Disk 0 Boot: NTFS code=2
15:09:12.563 Disk 0 Partition - 00 0F Extended LBA 205236 MB offset 204796620
15:09:12.594 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 205236 MB offset 204796683
15:09:12.610 Disk 0 scanning sectors +625121280
15:09:12.688 Disk 0 scanning C:\Windows\system32\drivers
15:09:22.484 Service scanning
15:09:27.539 Service econceal C:\Windows\system32\DRIVERS\econceal.sys **LOCKED** 32
15:09:41.813 Modules scanning
15:09:48.443 Disk 0 trace - called modules:
15:09:48.443
15:09:49.192 AVAST engine scan C:\Windows
15:09:51.844 AVAST engine scan C:\Windows\system32
15:12:44.598 AVAST engine scan C:\Windows\system32\drivers
15:13:08.432 AVAST engine scan C:\Users\NELSON
15:41:07.665 AVAST engine scan C:\ProgramData
15:47:18.880 Disk 0 statistics 3791097/275/0 @ 1.17 MB/s
15:47:18.896 Scan finished successfully
15:49:14.055 Disk 0 MBR has been saved successfully to "C:\Users\NELSON\Desktop\MBR.dat"
15:49:14.133 The log file has been saved successfully to "C:\Users\NELSON\Desktop\aswMBR Log.txt"
FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by NELSON (administrator) on MYSUPERPC on 03-11-2014 16:00:02
Running from C:\Users\NELSON\Desktop
Loaded Profile: NELSON (Available profiles: NELSON)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\TRAYICOS.EXE
(MicroWorld Technologies Inc.) C:\Program Files\eScan\maildisp.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\econser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\econceal.exe
(MicroWorld Technologies Inc.) C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\traysser.exe
( New Softwares.net) C:\Windows\System32\WinFLTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(New Softwares.net) C:\Windows\System32\WinFLService.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\consctl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\spooler.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files\Virtual Router\VirtualRouterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(MicroWorld Technologies Inc.) C:\Program Files\eScan\Vista\escanmon.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(MicroWorld Technologies Inc.) C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
(MicroWorld Technologies Inc.) C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2238098226-1804821945-1009031106-1001\...\Run: [WinFLTray] => C:\Windows\system32\WinFLTray.exe [321736 2013-06-07] ( New Softwares.net)
HKU\S-1-5-21-2238098226-1804821945-1009031106-1001\...\Run: [FLBackup] => C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2013-06-07] (New Softwares.net)
HKU\S-1-5-21-2238098226-1804821945-1009031106-1001\...\Run: [TBHostSupport] => "C:\Windows\system32\Rundll32.exe" "C:\Users\NELSON\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-2238098226-1804821945-1009031106-1001\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-09] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => c:\progra~1\optimi~1\optpro~1.dll File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x15CC3B68D4DACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
SearchScopes: HKLM - DefaultScope {853AA969-24F7-4F3B-8B71-C6F6EE9D03CC} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {853AA969-24F7-4F3B-8B71-C6F6EE9D03CC} URL = http://search.condui...4921191611&UM=2
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: savvEitokeep. -> {2184E0FB-6128-B15B-7CD2-B6BA637021A2} -> C:\ProgramData\savvEitokeep\b.dll ()
BHO: GetRight IE Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 09 %SystemRoot%\system32\mwnsp.dll [172776] (MicroWorld Technologies Inc.)
Winsock: Catalog9 01 %SystemRoot%\system32\mwtsp.dll [1359080] (MicroWorld Technologies Inc.)
Winsock: Catalog9 02 %SystemRoot%\system32\mwtsp.dll [1359080] (MicroWorld Technologies Inc.)
Winsock: Catalog9 03 %SystemRoot%\system32\mwtsp.dll [1359080] (MicroWorld Technologies Inc.)
Winsock: Catalog9 04 %SystemRoot%\system32\mwtsp.dll [1359080] (MicroWorld Technologies Inc.)
Winsock: Catalog9 35 %SystemRoot%\system32\mwtsp.dll [1359080] (MicroWorld Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\NELSON\AppData\Roaming\Mozilla\Firefox\Profiles\tdvrzepd.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN34198832483085513&UM=2&SearchSource=3&q={searchTerms}
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\NELSON\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\NELSON\AppData\Roaming\Mozilla\Firefox\Profiles\tdvrzepd.default\searchplugins\bingp.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-15]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-07]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/webhp?source=search_app"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/...=UP97DF&PC=UP97
CHR Profile: C:\Users\NELSON\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\NELSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\NELSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]
CHR Extension: (Skype Click to Call) - C:\Users\NELSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-29]
CHR Extension: (Connect DLC 5) - C:\Users\NELSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2014-02-13]
CHR Extension: (Google Wallet) - C:\Users\NELSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\NELSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\NELSON\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-01]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]
CHR HKCU\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\NELSON\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
R2 EconService; c:\Program Files\eScan\econser.exe [961032 2011-12-20] (MicroWorld Technologies Inc.)
R2 eScan Monitor Service; C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe [2141128 2014-08-26] (MicroWorld Technologies Inc.)
R2 eScan-trayicos; C:\Program Files\eScan\traysser.exe [140520 2014-06-19] (MicroWorld Technologies Inc.)
R2 MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [858632 2011-12-20] (MicroWorld Technologies Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-04-18] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2012-04-18] ()
R2 Virtual Router; C:\Program Files\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com)) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2013-06-28] (Atheros Communications, Inc.) [File not signed]
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2013-06-28] (Atheros Communications, Inc.)
R3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2011-03-24] (BitDefender)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-01] (BlueStack Systems)
R1 econceal; C:\Windows\System32\DRIVERS\econceal.sys [25608 2011-08-01] (MicroWorld Technologies Inc.)
R2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2013-06-07] ()
R3 ProcObsrv; c:\Program Files\eScan\ProcObsrv.sys [14848 2011-12-20] (MicroWorld Technologies Inc.)
R3 ProcObsrves; C:\Program Files\eScan\ProcObsrves.sys [32104 2014-06-19] (MicroWorld Technologies Inc.)
R3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2013-02-28] (BitDefender S.R.L.)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-06-07] ()
U3 aswMBR; \??\C:\Users\NELSON\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\NELSON\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 16:00 - 2014-11-03 16:00 - 00017491 _____ () C:\Users\NELSON\Desktop\FRST.txt
2014-11-03 15:59 - 2014-11-03 16:00 - 00000000 ____D () C:\FRST
2014-11-03 15:49 - 2014-11-03 15:49 - 00000512 _____ () C:\Users\NELSON\Desktop\MBR.dat
2014-11-03 05:21 - 2014-11-03 05:21 - 01106432 _____ (Farbar) C:\Users\NELSON\Desktop\FRST.exe
2014-11-03 04:39 - 2014-11-03 04:39 - 00000000 ____D () C:\Program Files\QS
2014-11-03 04:38 - 2014-11-03 04:38 - 00000000 ____D () C:\Users\NELSON\temp
2014-10-29 01:56 - 2014-10-29 01:56 - 00000000 ____D () C:\Program Files\Zeallsoft
2014-10-24 23:28 - 2014-10-24 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-24 23:28 - 2014-10-24 23:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-15 23:24 - 2014-11-03 04:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-12 20:52 - 2014-10-12 21:14 - 00000000 ____D () C:\Users\NELSON\Documents\fIXED
2014-10-12 20:48 - 2014-10-12 20:50 - 00024576 _____ () C:\Users\NELSON\Desktop\OpTransactionHistory12-10-2014 YASHU.xls
2014-10-12 20:41 - 2014-10-12 20:43 - 00062464 _____ () C:\Users\NELSON\Desktop\OpTransactionHistory12-10-2014.xls
2014-10-11 20:31 - 2014-11-03 15:20 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2238098226-1804821945-1009031106-1001.job
2014-10-11 20:31 - 2014-10-11 20:31 - 00000000 ____D () C:\Users\NELSON\AppData\Local\Citrix
2014-10-07 21:12 - 2014-10-07 21:12 - 00002044 _____ () C:\Users\Public\Desktop\SDFormatter.lnk
2014-10-07 21:12 - 2014-10-07 21:12 - 00000000 ____D () C:\Users\NELSON\AppData\Local\Downloaded Installations
2014-10-07 21:12 - 2014-10-07 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2014-10-07 21:12 - 2014-10-07 21:12 - 00000000 ____D () C:\Program Files\SDA
2014-10-07 21:09 - 2014-10-07 21:09 - 00000796 _____ () C:\Windows\KB955704.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 15:51 - 2012-04-14 18:36 - 02262824 _____ () C:\Windows\ESCAN.LOG
2014-11-03 15:38 - 2014-02-15 00:33 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 15:14 - 2012-04-14 18:35 - 00000000 ____D () C:\Program Files\eScan
2014-11-03 15:14 - 2009-07-14 07:34 - 00003725 ____N () C:\Windows\win.ini
2014-11-03 15:11 - 2009-07-14 10:04 - 00023504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 15:11 - 2009-07-14 10:04 - 00023504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 15:10 - 2012-04-14 18:33 - 01175402 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 14:59 - 2014-02-15 00:33 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 14:59 - 2012-04-14 18:36 - 00124146 _____ () C:\Windows\frights.log
2014-11-03 14:59 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 14:59 - 2009-07-14 10:09 - 00996040 _____ () C:\Windows\setupact.log
2014-11-03 07:55 - 2013-03-04 03:29 - 00000000 ____D () C:\Users\NELSON\AppData\Roaming\Skype
2014-11-03 04:38 - 2012-04-14 18:31 - 00000000 ____D () C:\Users\NELSON
2014-11-03 04:28 - 2012-04-14 18:37 - 00000000 ____D () C:\FBackup
2014-11-03 04:20 - 2014-08-17 02:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-03 04:20 - 2014-02-15 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-03 04:20 - 2012-05-06 02:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-03 04:20 - 2012-04-16 09:56 - 00000000 ____D () C:\Users\NELSON\AppData\Roaming\vlc
2014-11-03 04:20 - 2012-04-14 18:51 - 00000000 ____D () C:\Users\NELSON\AppData\Roaming\uTorrent
2014-11-03 04:20 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-03 04:19 - 2014-08-17 02:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-03 04:19 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\registration
2014-11-01 21:48 - 2014-09-16 23:27 - 00017408 _____ () C:\Users\NELSON\Documents\Mobile Credits.xls
2014-10-31 21:25 - 2013-09-30 13:36 - 00000202 _____ () C:\Users\NELSON\Desktop\5 stocks.txt
2014-10-30 19:56 - 2014-10-01 19:31 - 00000032 _____ () C:\Users\NELSON\Documents\hathway password.txt
2014-10-29 00:40 - 2013-11-27 01:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-28 06:35 - 2012-04-17 15:26 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 15:21 - 2012-04-14 18:36 - 00802676 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-26 00:40 - 2012-04-15 19:30 - 01083183 _____ () C:\Windows\general.log
2014-10-24 23:28 - 2013-03-04 03:29 - 00000000 ___RD () C:\Program Files\Skype
2014-10-24 23:28 - 2013-03-04 03:29 - 00000000 ____D () C:\ProgramData\Skype
2014-10-24 20:55 - 2013-06-05 15:04 - 00000700 ___SH () C:\Users\NELSON\AppData\Local\systemFL7.dat
2014-10-24 20:54 - 2013-06-07 10:28 - 00001213 ___SH () C:\Users\NELSON\AppData\Local\win_fldb_sys.dat
2014-10-24 20:54 - 2013-06-07 10:28 - 00000693 ___SH () C:\Windows\system32\win_fldb_sys.dat
2014-10-24 20:54 - 2013-06-07 10:16 - 00003465 ___SH () C:\Windows\system32\win_stlthdb_sys.dat
2014-10-24 20:54 - 2013-06-07 10:16 - 00003465 ___SH () C:\Users\NELSON\AppData\Local\win_stlthdb_sys.dat
2014-10-23 18:36 - 2014-09-13 16:22 - 00000354 _____ () C:\Users\NELSON\Desktop\REDMI HELP.txt
2014-10-23 14:11 - 2014-09-29 21:06 - 00000000 ____D () C:\Users\NELSON\Documents\My Kindle Content
2014-10-18 03:26 - 2012-11-01 04:07 - 00225280 ___SH () C:\Users\NELSON\Thumbs.db
2014-10-16 15:51 - 2014-08-21 19:00 - 00000000 ____D () C:\Users\NELSON\AppData\Local\Adobe
2014-10-16 15:51 - 2012-04-15 19:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-16 15:51 - 2012-04-15 19:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-16 02:20 - 2014-08-12 13:53 - 00023552 _____ () C:\Users\NELSON\Documents\DIVIDEND TOTAL PAID TILL DATE.xls
2014-10-15 22:39 - 2014-09-18 18:54 - 00000036 _____ () C:\Users\NELSON\Desktop\Links.txt
2014-10-15 13:14 - 2013-07-29 16:09 - 00000000 ____D () C:\Users\NELSON\Desktop\SOLO TAX
2014-10-10 20:22 - 2012-04-14 19:54 - 00213590 _____ () C:\Windows\UPDLL.LOG
2014-10-10 16:51 - 2009-07-14 10:23 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 14:24
==================== End Of Log ============================
ADDITION LOG:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by NELSON at 2014-11-03 16:00:46
Running from C:\Users\NELSON\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: eScan Internet Security for Windows (Enabled - Up to date) {BCDBC2EE-EFD9-33B4-FA81-487C1275AEA6}
AS: eScan Internet Security for Windows (Enabled - Up to date) {07BA230A-C9E3-3C3A-C031-730E69F2E41B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: eScan Internet Security for Windows (Enabled) {84E043CB-A5B6-32EC-D1DE-E149ECA6E9DD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
µTorrent (HKLM\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.21 (HKLM\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Any Video Converter Professional 5.0.7 (HKLM\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 11.6.0.10309 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{7638AC61-8AEE-9983-D681-BA48EE41A8FE}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
Boilsoft Video Splitter 6.33 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
ChartNexus version 3.3.5 (HKLM\...\{F8F74455-1B4F-4CFC-A580-070297547BB0}_is1) (Version: 3.3.5 - ChartNexus Sdn Bhd)
Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.28 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
eScan Internet Security for Windows (HKLM\...\eScan Internet Security for Windows_is1) (Version: 11.0.1139.1640 - MicroWorld Technologies Inc.)
File Shredder 2.0 (HKLM\...\File Shredder_is1) (Version: - WipeSoft)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.5.114 - Foxit Corporation)
GetRight (HKLM\...\GetRight_is1) (Version: - Headlight Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
HydraVision (Version: 4.2.188.0 - ATI Technologies Inc.) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA PhysX (HKLM\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
OptionsOracle (HKLM\...\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}) (Version: 1.502 - SamoaSky)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Philips Songbird (HKLM\...\Philips Songbird) (Version: 3.2.1667 (1667) - Koninklijke Philips Electronics N.V.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Remove Logo Now! 1.0 (HKLM\...\Remove Logo Now!_is1) (Version: 1.0 - SoftOrbits)
savvEitokeep. (HKLM\...\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}) (Version: - saveitkeep.)
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SolveigMM Video Splitter (HKLM\...\SolveigMM Video Splitter 3.6.1308.22) (Version: 3.6.1308.22 - Solveig Multimedia)
Stock Market Yearbook 2013 (HKLM\...\{8E8A3EB8-44AD-442B-BCA3-4ED4D76522FA}) (Version: 1.0.4 - Equitymaster)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Router v1.0 (HKLM\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.1.2.6.MultiLanguage - )
WinAVI Video Converter (HKLM\...\WinAVI Video Converter) (Version: 11.4.0.4147 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Winhotspot version 2.0 (HKLM\...\Winhotspot_is1) (Version: 2.0 - )
WinISO 5.3 (HKLM\...\WinISO_is1) (Version: - WinISO Computing Inc.)
WinZip (HKLM\...\WinZip) (Version: 9.0 SR-1 (6224) - WinZip Computing, Inc.)
WMV9/VC-1 Video Playback (Version: 1.0.60309.2155 - ATI Technologies Inc.) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zyzzyva (HKLM\...\Zyzzyva 2.1.5) (Version: 2.1.5 - Boshvark Software, LLC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2238098226-1804821945-1009031106-1001_Classes\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}\InprocServer32 -> C:\Users\NELSON\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll (Ask.com)
CustomCLSID: HKU\S-1-5-21-2238098226-1804821945-1009031106-1001_Classes\CLSID\{736AF091-C361-49B4-A928-87C586130D33}\InprocServer32 -> C:\Program Files\File Shredder\fsshell.dll ()
CustomCLSID: HKU\S-1-5-21-2238098226-1804821945-1009031106-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\NELSON\AppData\Local\Citrix\GoToMeeting\1669\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
27-10-2014 16:04:38 Windows Update
28-10-2014 19:09:50 Installed Java 7 Update 71
02-11-2014 22:38:16 Restore Operation
02-11-2014 22:57:51 Windows Update
02-11-2014 23:01:18 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 07:34 - 2013-10-07 17:33 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1F7F742E-B06E-491A-B0F2-68FF0584809B} - System32\Tasks\{5E1D6F55-0A82-4C5A-9A08-2582117500FA} => C:\Program Files\Trillian\trillian.exe
Task: {2F310882-28D5-4D47-AF8B-F703396B1CCD} - System32\Tasks\MailScan Dispatcher => C:\Program Files\eScan\launch.exe [2014-06-19] (MicroWorld Technologies Inc.)
Task: {4E00BCCA-63F9-4742-9687-0BEEBEC10FBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {89A2EB49-CBFF-4145-89F4-9965E4D0EEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {B4632AF1-535E-4A1F-83A1-C74D03926D0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {B481830A-4836-4423-B7CF-51F41AA8B2B6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D63873E5-C72D-461B-B316-4AB8AFA88492} - System32\Tasks\G2MUpdateTask-S-1-5-21-2238098226-1804821945-1009031106-1001 => C:\Users\NELSON\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-11-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DE680CE0-977A-4C09-A2B8-5A453026DC4C} - System32\Tasks\{73DC7E2C-A42D-45CD-ABF2-D11E180242CF} => C:\Program Files\Trillian\trillian.exe
Task: {F5236B55-35A5-443E-B99C-C8C5CB19A599} - System32\Tasks\eScan Updater => C:\Program Files\eScan\TRAYICOS.EXE [2011-12-20] (MicroWorld Technologies Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2238098226-1804821945-1009031106-1001.job => C:\Users\NELSON\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-04-14 18:58 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2012-06-19 23:34 - 2007-03-01 23:54 - 00657920 _____ () C:\Program Files\File Shredder\fsshell.dll
2009-07-14 02:33 - 2009-07-14 06:45 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2012-04-14 18:35 - 2010-05-07 16:53 - 00172040 _____ () C:\Windows\system32\unrar.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
2011-03-09 23:05 - 2011-03-09 23:05 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-04-18 00:01 - 2012-04-18 00:01 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2012-04-18 00:01 - 2012-04-18 00:01 - 00107832 _____ () C:\Windows\system32\PnkBstrB.exe
2014-10-15 23:24 - 2014-10-15 23:24 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2CFDCA54
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files\WebcamMax\WebcamMax.exe" -a
========================= Accounts: ==========================
Administrator (S-1-5-21-2238098226-1804821945-1009031106-500 - Administrator - Disabled)
Guest (S-1-5-21-2238098226-1804821945-1009031106-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2238098226-1804821945-1009031106-1002 - Limited - Enabled)
NELSON (S-1-5-21-2238098226-1804821945-1009031106-1001 - Administrator - Enabled) => C:\Users\NELSON
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2014 03:00:01 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/03/2014 06:33:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/03/2014 06:25:23 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/03/2014 05:15:31 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).
Error: (11/03/2014 04:21:25 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/03/2014 04:12:39 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed Java 7 Update 71). Additional information: 0x80070005.
Error: (10/27/2014 02:22:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 33.0.0.5397 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1780
Start Time: 01cff14d4af47718
Termination Time: 74
Application Path: C:\Program Files\Mozilla Firefox\firefox.exe
Report Id: 07ff47d0-5d52-11e4-812c-7071bcce71fc
Error: (10/27/2014 02:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.0.0.5397, time stamp: 0x543924b1
Faulting module name: mozalloc.dll, version: 33.0.0.5397, time stamp: 0x5438ffbb
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x15f0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (10/19/2014 08:36:05 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).
Error: (10/12/2014 11:51:15 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description: ATI EEU failed to create a QNode
System errors:
=============
Error: (11/03/2014 03:06:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056
Error: (11/03/2014 03:06:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/03/2014 03:06:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056
Error: (11/03/2014 03:06:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/03/2014 03:06:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056
Error: (11/03/2014 03:06:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/03/2014 03:00:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064
Error: (11/03/2014 08:01:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/03/2014 06:53:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (11/03/2014 06:33:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-05 17:59:42.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-05 17:59:42.253
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-05 17:59:42.206
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-05 17:59:42.143
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-05 17:59:42.081
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-05 17:59:42.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-27 14:26:58.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-27 14:26:58.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-27 14:26:57.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-27 14:26:57.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3327.24 MB
Available physical RAM: 1609.21 MB
Total Pagefile: 6652.77 MB
Available Pagefile: 4509.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.65 GB) (Free:36.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HCL DISK) (Fixed) (Total:200.43 GB) (Free:12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 567DE008)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
Please help me with what to do as I am stumped and extremely confused.
Edited by nelsonite, 03 November 2014 - 05:05 AM.