Oops, I forgot the log files, here they are.
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-12 21:48:31
-----------------------------
21:48:31.724 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:31.724 Number of processors: 8 586 0x1E05
21:48:31.724 ComputerName: KEV1 UserName:
21:48:33.798 Initialize success
21:48:33.939 VM: initialized successfully
21:48:33.939 VM: Intel CPU supported
21:48:37.737 VM: not used
21:53:35.337 AVAST engine defs: 15021200
21:53:47.957 The log file has been saved successfully to "C:\Users\kevin\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by kevin (administrator) on KEV1 on 12-02-2015 21:57:26
Running from C:\Users\kevin\Downloads
Loaded Profiles: kevin (Available profiles: kevin & Emma 1 & Debbie 1 & Aaron 1 & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-12] (Bitdefender)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2252800 2009-08-28] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-12] (Bitdefender)
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\MountPoints2: {259057b3-8f2e-11df-b819-485b39ac2985} - I:\setup.exe
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\MountPoints2: {2a8cff83-4188-11e0-9267-485b39ac2985} - "J:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\...\MountPoints2: {c4a26ed8-4bb2-11e0-928f-485b39ac2985} - L:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1774651661-690261174-2104955694-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> DefaultScope {4E144F2C-4D98-4c71-B5ED-CD34011197C8} URL = https://au.search.ya...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> {4E144F2C-4D98-4c71-B5ED-CD34011197C8} URL = https://au.search.ya...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> {F894FC7A-6F8A-4a3e-8338-4DBF14A34C32} URL = http://www.google.co...&q={searchTerms}
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashFXP Helper for Internet Explorer -> {E5A1691B-D188-4419-AD02-90002030B8EE} -> C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-1774651661-690261174-2104955694-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{6910964C-D373-4ADB-83FB-0546BA7C3200}: [NameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://au.search.ya...2&type=994519=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-02-12]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\ae44639e-43f2-4cd1-aa80-39d5d2e18fa9@gmail.com [Not Found]
FF Extension: No Name - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\wmysdnwa.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [Not Found]
Chrome:
=======
CHR HomePage: Default -> B26648D4C1A6D5215477EE837E2315589A11DF42301D025DBAE05FA37B510C07
CHR StartupUrls: Default -> "hxxp://www.google.com/",
"https://au.search.ya...19&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSearchURL: Default -> https://au.search.ya...&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.ya...nd={searchTerms}
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitdefender Wallet) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-12-19]
CHR Extension: (Shopping Assistant) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjpmpailfmnokiabeoimelcgdglpff [2014-12-19]
CHR Extension: (New Tab Helper) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icfefgaiandjaieopcfbidalbebjlhjl [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR HKLM-x32\...\Chrome\Extension: [4651661-690261174-2104955694-1000] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-23] (Nalpeiron Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-12] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-10] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-10] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-12] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-12] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-02-12] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2015-02-12] (BitDefender S.R.L.)
U3 aswMBR; \??\C:\Users\kevin\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\kevin\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-12 21:57 - 2015-02-12 21:57 - 00016468 _____ () C:\Users\kevin\Downloads\FRST.txt
2015-02-12 21:56 - 2015-02-12 21:57 - 00000000 ____D () C:\FRST
2015-02-12 21:53 - 2015-02-12 21:53 - 00000586 _____ () C:\Users\kevin\Desktop\aswMBR.txt
2015-02-12 21:45 - 2015-02-12 21:46 - 00279184 _____ () C:\Windows\Minidump\021215-63227-01.dmp
2015-02-12 21:41 - 2015-02-12 21:41 - 02129920 _____ (Farbar) C:\Users\kevin\Downloads\FRST64.exe
2015-02-12 21:40 - 2015-02-12 21:40 - 01121280 _____ (Farbar) C:\Users\kevin\Downloads\FRST.exe
2015-02-12 21:39 - 2015-02-12 21:40 - 05198336 _____ (AVAST Software) C:\Users\kevin\Downloads\aswMBR.exe
2015-02-12 18:27 - 2015-02-12 18:27 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-12 17:54 - 2015-02-12 17:54 - 00670126 _____ () C:\ProgramData\1423734071.bdinstall.bin
2015-02-12 17:54 - 2015-02-12 17:54 - 00002154 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-02-12 17:54 - 2015-02-12 17:54 - 00000684 ____H () C:\bdr-cf01
2015-02-12 17:54 - 2015-02-12 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-02-12 17:44 - 2015-02-12 17:54 - 00253404 ____H () C:\bdr-ld01
2015-02-12 17:44 - 2015-02-12 17:54 - 00009216 ____H () C:\bdr-ld01.mbr
2015-02-12 17:44 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2015-02-12 17:44 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2015-02-12 17:41 - 2015-02-12 18:27 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-02-12 17:41 - 2015-02-12 18:27 - 00155912 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-02-12 17:41 - 2015-02-12 17:41 - 00094722 _____ () C:\ProgramData\1423734069.bdinstall.bin
2015-02-10 21:09 - 2015-02-10 21:09 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-10 21:09 - 2015-02-10 21:09 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-10 21:09 - 2015-02-10 21:09 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-01-21 21:17 - 2015-01-21 21:20 - 00000000 ____D () C:\Users\kevin\Desktop\landcruiser pics
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-12 21:53 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 21:53 - 2009-07-14 12:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 21:49 - 2010-06-22 04:04 - 01310457 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 21:47 - 2009-07-14 12:51 - 05509372 _____ () C:\Windows\setupact.log
2015-02-12 21:46 - 2014-12-11 19:26 - 00001340 _____ () C:\Windows\Tasks\DULKYQV.job
2015-02-12 21:46 - 2014-12-11 19:25 - 00001338 _____ () C:\Windows\Tasks\NTJYJK.job
2015-02-12 21:46 - 2014-12-11 19:23 - 00001334 _____ () C:\Windows\Tasks\ZOQZ.job
2015-02-12 21:46 - 2014-12-11 19:22 - 00001334 _____ () C:\Windows\Tasks\JMFF.job
2015-02-12 21:46 - 2013-11-25 17:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 21:46 - 2010-07-07 06:54 - 00000000 ____D () C:\Users\kevin\Tracing
2015-02-12 21:46 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 21:45 - 2013-10-09 19:05 - 778481359 _____ () C:\Windows\MEMORY.DMP
2015-02-12 21:45 - 2013-10-09 19:05 - 00000000 ____D () C:\Windows\Minidump
2015-02-12 21:45 - 2010-07-03 14:12 - 00956234 _____ () C:\Windows\PFRO.log
2015-02-12 21:01 - 2009-07-14 13:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-12 19:10 - 2014-06-29 17:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 18:49 - 2010-07-06 20:26 - 00000000 ____D () C:\Users\Emma 1\Tracing
2015-02-12 18:27 - 2014-09-12 19:23 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-12 18:26 - 2014-12-18 00:44 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-12 18:00 - 2014-07-20 15:00 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {725D49A3-BE6C-4949-919A-42486F8751B9}.job
2015-02-12 18:00 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-12 17:54 - 2013-09-14 11:27 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-02-12 17:53 - 2014-09-12 19:16 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Bitdefender
2015-02-12 17:41 - 2010-07-03 16:05 - 00000000 ____D () C:\Program Files\Common Files\BitDefender
2015-02-12 17:32 - 2013-07-15 19:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 17:21 - 2013-11-25 17:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 17:01 - 2014-07-20 15:01 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {725D49A3-BE6C-4949-919A-42486F8751B9}.job
2015-02-12 06:30 - 2010-07-03 13:55 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Azureus
2015-02-10 21:08 - 2014-09-12 19:23 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-09 06:30 - 2013-12-23 17:17 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\vlc
2015-02-06 11:22 - 2013-11-25 17:19 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 23:32 - 2013-07-15 19:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 23:32 - 2012-04-02 18:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 23:32 - 2011-07-11 17:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 23:16 - 2013-11-25 17:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 23:16 - 2013-11-25 17:18 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 17:57 - 2013-10-17 19:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 17:57 - 2013-06-25 19:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 17:56 - 2014-11-24 19:40 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 17:56 - 2014-11-24 19:40 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 17:56 - 2014-11-24 19:40 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 17:56 - 2014-11-24 19:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 21:20 - 2014-07-20 15:13 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\EPSON
2015-01-20 21:20 - 2014-07-20 14:47 - 00000000 ____D () C:\ProgramData\Epson
2015-01-20 14:12 - 2014-10-05 19:32 - 00000000 ____D () C:\Users\kevin\Desktop\ethel street roof
==================== Files in the root of some directories =======
2011-06-11 13:51 - 2011-06-11 13:52 - 0000132 _____ () C:\Users\kevin\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-07-03 19:27 - 2010-07-03 19:27 - 0000025 _____ () C:\Users\kevin\AppData\Roaming\bdfvconp.ini
2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\kevin\AppData\Roaming\DULKYQV
2011-05-27 21:58 - 2011-05-27 21:58 - 0099384 _____ () C:\Users\kevin\AppData\Roaming\inst.exe
2014-09-04 05:36 - 2014-09-04 05:36 - 0001248 _____ () C:\Users\kevin\AppData\Roaming\JMFF
2014-09-04 05:36 - 2014-09-04 05:36 - 0002086 _____ () C:\Users\kevin\AppData\Roaming\NTJYJK
2011-05-27 21:58 - 2011-05-27 21:58 - 0007859 _____ () C:\Users\kevin\AppData\Roaming\pcouffin.cat
2011-05-27 21:58 - 2011-05-27 21:58 - 0001167 _____ () C:\Users\kevin\AppData\Roaming\pcouffin.inf
2011-05-27 21:59 - 2011-05-27 21:59 - 0000034 _____ () C:\Users\kevin\AppData\Roaming\pcouffin.log
2011-05-27 21:58 - 2011-05-27 21:58 - 0082816 _____ (VSO Software) C:\Users\kevin\AppData\Roaming\pcouffin.sys
2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\kevin\AppData\Roaming\ZOQZ
2014-09-12 19:24 - 2014-09-12 19:24 - 0668796 _____ () C:\ProgramData\1410520414.bdinstall.bin
2015-02-12 17:41 - 2015-02-12 17:41 - 0094722 _____ () C:\ProgramData\1423734069.bdinstall.bin
2015-02-12 17:54 - 2015-02-12 17:54 - 0670126 _____ () C:\ProgramData\1423734071.bdinstall.bin
Some content of TEMP:
====================
C:\Users\Emma 1\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\bcbbcabecibba.exe
C:\Users\kevin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\kevin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kevin\AppData\Local\Temp\GLF288B.tmp.ConduitEngineSetup.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kevin\AppData\Local\Temp\i4jdel1.exe
C:\Users\kevin\AppData\Local\Temp\install_flashplayer12x32axau_mssd_awe_aih.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\kevin\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\kevin\AppData\Local\Temp\MSN570.exe
C:\Users\kevin\AppData\Local\Temp\ose00000.exe
C:\Users\kevin\AppData\Local\Temp\ose00002.exe
C:\Users\kevin\AppData\Local\Temp\prxGLF288B.tmp.tbVuze.dll
C:\Users\kevin\AppData\Local\Temp\scs.exe
C:\Users\kevin\AppData\Local\Temp\tu17p84.exe
C:\Users\kevin\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\kevin\AppData\Local\Temp\vzf-3517992137710265388.dll
C:\Users\kevin\AppData\Local\Temp\vzf-4586572050950761319.dll
C:\Users\kevin\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
C:\Users\kevin\AppData\Local\Temp\{AE830A85-8FCC-4D9F-BD37-EDB8396658D5}-GoogleUpdateSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 20:03
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by kevin at 2015-02-12 21:57:56
Running from C:\Users\kevin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Click DVD Copy 5.6.6.0 (HKLM-x32\...\1Click DVD Copy 5_is1) (Version: - LG Software Innovations)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.0.610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.14.0.1088 - Bitdefender)
Browser Configuration Utility (HKLM-x32\...\{125BA25B-8D21-4029-AA06-47C3AA327AA7}) (Version: 1.0.2.0 - DeviceVM) <==== ATTENTION
ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD-CLONER V6.00 Build 978 (HKLM-x32\...\DVD-CLONER VI_is1) (Version: 6.00.0.977 - DVD Cloner Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.33.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version: - SEIKO EPSON Corporation)
e-tax 2010 (HKLM-x32\...\{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}) (Version: 1.0.682 - DWS)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
FlashFXP v3 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 3.6.0.1240.4 - IniCom Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version: - )
Imagenomic Noiseware 5.0 Plug-in (build 5006) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
ImTOO Video Converter Ultimate 6 (HKLM-x32\...\ImTOO Video Converter Ultimate 6) (Version: 6.5.2.0216 - ImTOO)
InfraRecorder 0.50 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0050-000001000000}) (Version: 0.50.00.00 - Christian Kindahl)
IsoBuster 2.8.5 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Max Uninstaller version 2.0 (HKLM-x32\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 2.0 - http://www.maxuninstaller.com/)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Photomatix Pro version 4.2.4 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.4 - HDRsoft Sarl)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version: - Password Unlocker Studio)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs)
Topaz B&W Effects (64-bit) (HKLM-x32\...\Topaz B&W Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz B&W Effects (HKLM-x32\...\Topaz B&W Effects) (Version: 1.1.0 - Topaz Labs)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz DeJpeg 4 (64-bit) (HKLM-x32\...\Topaz DeJpeg 4 (64-bit)) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeNoise 5 (64-bit) (HKLM-x32\...\Topaz DeNoise 5 (64-bit)) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz Detail 2 (64-bit) (HKLM-x32\...\Topaz Detail 2 (64-bit)) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Lens Effects (64-bit) (HKLM-x32\...\Topaz Lens Effects (64-bit)) (Version: 1.2.0 - Topaz Labs)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.2.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (Version: 3.2.0 - Topaz Labs) Hidden
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.0 - Topaz Labs)
Topaz ReMask 3 (x32 Version: 3.2.0 - Topaz Labs) Hidden
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.2 (HKLM-x32\...\{B1467544-8482-4A0D-AFE6-DCC12734836F}) (Version: 9.2 - Spigot, Inc.) <==== ATTENTION
Westnet Internet Easy Online Signup 3.0 (HKLM-x32\...\Westnet Internet Easy Online Signup) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-01-2015 11:47:00 Scheduled Checkpoint
23-01-2015 13:22:25 Scheduled Checkpoint
31-01-2015 12:05:22 Scheduled Checkpoint
07-02-2015 12:24:33 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-10-12 18:07 - 2013-10-12 19:44 - 00005728 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.ipp
There are 106 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04D73C50-4179-4483-9C3B-7F3DE1D75C1D} - System32\Tasks\AdobeAAMUpdater-1.0-kev1-kevin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {0F3F0D8C-061F-4F36-916F-F47975306BA6} - System32\Tasks\DULKYQV => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: {1525BB69-2ACC-4FA9-91BF-8E2B756FF098} - System32\Tasks\EPSON XP-610 Series Invitation {725D49A3-BE6C-4949-919A-42486F8751B9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {21CC235B-54DC-4AB0-BA11-336B34F6C5BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33DCBCCD-ED82-40FA-80DB-8021CF02988C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-22] (Piriform Ltd)
Task: {418BC4B3-9017-4EB6-9946-1C3B139C16B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {5C1FD12A-1336-4164-874B-409A5C294CD1} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {5E9B0277-4F19-4FBC-921E-49E63BC4EA86} - System32\Tasks\AdobeAAMUpdater-1.0-kev1-Emma 1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {631FEF3C-FED1-41A2-ABED-3D95F86F831A} - System32\Tasks\ZOQZ => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION
Task: {68B4FD14-B242-4A6A-92D6-9F32189FC18C} - System32\Tasks\NTJYJK => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
Task: {7257F521-0604-493A-BF34-783B656B9DA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {96D9184F-A3CC-412D-BC3B-E22037F0CDDA} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {A2E058C5-5E08-44CB-A2AF-70222278FF3D} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {CC597860-81D7-4B86-94FF-42FEAC3481E9} - System32\Tasks\JMFF => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: {F019261C-8863-499A-9D93-E0DE16DC1777} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {F1BD7772-57B2-4C7E-84C6-52F9048ADA95} - System32\Tasks\EPSON XP-610 Series Update {725D49A3-BE6C-4949-919A-42486F8751B9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DULKYQV.job => C:\Users\kevin\AppData\Roaming\DULKYQV.exe <==== ATTENTION
Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {725D49A3-BE6C-4949-919A-42486F8751B9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {725D49A3-BE6C-4949-919A-42486F8751B9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JMFF.job => C:\Users\kevin\AppData\Roaming\JMFF.exe <==== ATTENTION
Task: C:\Windows\Tasks\NTJYJK.job => C:\Users\kevin\AppData\Roaming\NTJYJK.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZOQZ.job => C:\Users\kevin\AppData\Roaming\ZOQZ.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2015-02-12 17:53 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2010-07-08 18:39 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-02-12 17:53 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2010-06-22 16:19 - 2009-05-07 16:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-06-22 16:19 - 2009-05-07 16:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-06-22 16:19 - 2008-01-18 14:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-06-22 16:19 - 2009-08-28 11:31 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-22 16:38 - 2010-06-22 16:38 - 00270336 ____N () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Debbie 1\Downloads\install_flashplayer11x32_mssd_aaa_aih(1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\bitdefender_isecurity_2013.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\DNGConverter_6_6.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\Firefox Setup 21.0.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\MicrosoftFixit.wu.LB.159298615901705099.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Desktop\vlc-1.1.11-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\ccsetup405.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\emnl-win-mg6300-1_00-mcd-en.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\jre-7u51-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mame0154b_64bit.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\mameuifx64_0154.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MaxUninstaller_Setup.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.159298615901705099.3.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\MicrosoftFixit.wu.LB.162298613157565455.1.1.Run.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\setup Project64 2.1.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\uninstall_flash_player.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32 (1).exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.1-win32.exe:BDU
AlternateDataStreams: C:\Users\kevin\Downloads\vlc-2.1.2-win32.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Aaron 1 (S-1-5-21-1774651661-690261174-2104955694-1005 - Limited - Enabled) => C:\Users\Aaron 1
Administrator (S-1-5-21-1774651661-690261174-2104955694-500 - Administrator - Disabled)
Debbie 1 (S-1-5-21-1774651661-690261174-2104955694-1004 - Limited - Enabled) => C:\Users\Debbie 1
Emma 1 (S-1-5-21-1774651661-690261174-2104955694-1003 - Limited - Enabled) => C:\Users\Emma 1
Guest (S-1-5-21-1774651661-690261174-2104955694-501 - Limited - Enabled) => C:\Users\Guest
kevin (S-1-5-21-1774651661-690261174-2104955694-1000 - Administrator - Enabled) => C:\Users\kevin
==================== Faulty Device Manager Devices =============
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: BitDefender AVC HV
Description: BitDefender AVC HV
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: avchv
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/07/2015 00:24:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {f23f119b-5411-40bc-9dca-401167c0489f}
Error: (01/31/2015 00:05:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {91ad049b-e3f3-40ba-b3ed-3ed2719e53ee}
Error: (01/29/2015 09:45:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 290
Start Time: 01d03bab87295eaa
Termination Time: 7
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/23/2015 01:22:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {cd036795-e430-4729-8662-bb2c10e89314}
Error: (01/19/2015 08:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: MSHTML.dll, version: 10.0.9200.17148, time stamp: 0x544c2aa1
Exception code: 0xc0000005
Fault offset: 0x00280723
Faulting process id: 0xe38
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (01/19/2015 08:20:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: bc8
Start Time: 01d033b835d681d7
Termination Time: 7
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/19/2015 07:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: MSHTML.dll, version: 10.0.9200.17148, time stamp: 0x544c2aa1
Exception code: 0xc0000005
Fault offset: 0x00052afe
Faulting process id: 0x5b8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (01/16/2015 11:47:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {d95c2082-bcdf-4701-90d6-66a6fcc70782}
Error: (01/09/2015 00:00:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1774651661-690261174-2104955694-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8f55109b-cf63-4c15-8c4f-daf554808526}
Error: (01/06/2015 04:42:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13a8
Start Time: 01d0298c6666a75c
Termination Time: 5
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
System errors:
=============
Error: (02/12/2015 09:54:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 4 time(s).
Error: (02/12/2015 09:54:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).
Error: (02/12/2015 09:52:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
Error: (02/12/2015 09:46:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
Error: (02/12/2015 09:46:17 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003386180, 0x0000000000000007)C:\Windows\MEMORY.DMP021215-63227-01
Error: (02/12/2015 09:45:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:42:18 PM on 12/02/2015 was unexpected.
Error: (02/12/2015 05:39:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 5 time(s).
Error: (02/12/2015 05:38:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 4 time(s).
Error: (02/12/2015 05:35:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).
Error: (02/12/2015 05:30:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2010-07-04 21:43:19.819
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-07-04 21:43:19.811
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-07-04 21:42:15.329
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-07-04 21:42:15.321
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-07-04 21:41:58.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2010-07-04 21:41:58.552
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 8183.05 MB
Available physical RAM: 6636.2 MB
Total Pagefile: 16364.29 MB
Available Pagefile: 14658.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:105.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:879.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 1E6E64BC)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11D95F10)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================