Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD when cleaning temp files, keep losing hdd space


  • This topic is locked This topic is locked
26 replies to this topic

#1 Travis Wayne

Travis Wayne

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa
  • Local time:09:48 AM

Posted 19 February 2015 - 05:03 PM

Ok, so I was told to make a new topic after running the Farbar tool...Here is the link to the first topic:

 

http://www.bleepingcomputer.com/forums/t/567156/bsod-when-cleaning-temp-files-keep-losing-hdd-space/#entry3631243 

 

And I'm not seeing where to attach a file when creating a new topic? So I'm just going to copy/past the addition log also....

 

Farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01

Ran by Travis (administrator) on TRAVIS-PC on 19-02-2015 15:54:48
Running from C:\Users\Travis\Desktop
Loaded Profiles: Travis (Available profiles: Travis)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Users\Travis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\HMService\aaHM.exe
(Google Inc.) C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11048040 2011-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\c517eadd-7de6-4be9-ae8c-3c703ba3a8b1.exe [183232 2015-02-18] (AVAST Software)
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Run: [Google Update] => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Run: [Amazon Cloud Player] => C:\Users\Travis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Run: [DU Meter] => "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3227071784-2484793637-3475646672-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3227071784-2484793637-3475646672-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-31]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-31]
CHR Extension: (Google Search) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-31]
CHR Extension: (AdBlock) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-27]
StartMenuInternet: Google Chrome - C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2011-12-31] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-27] (Avast Software)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-02-07] (Macrovision Europe Ltd.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2011-12-31] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2011-12-31] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-27] (Avast Software)
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 15:54 - 2015-02-19 15:54 - 00012628 _____ () C:\Users\Travis\Desktop\FRST.txt
2015-02-19 15:52 - 2015-02-19 15:54 - 00000000 ____D () C:\FRST
2015-02-19 15:51 - 2015-02-19 15:51 - 02086912 _____ (Farbar) C:\Users\Travis\Desktop\FRST64.exe
2015-02-18 17:46 - 2015-02-18 17:46 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\19553
2015-02-18 17:39 - 2015-02-18 17:39 - 00000197 _____ () C:\Windows\system32\2015-02-18-23-39-13.049-AvastVBoxSVC.exe-2424.log
2015-02-17 16:13 - 2015-02-17 16:14 - 00000197 _____ () C:\Windows\system32\2015-02-17-22-13-55.090-AvastVBoxSVC.exe-2864.log
2015-02-17 16:13 - 2015-02-17 16:13 - 00276432 _____ () C:\Windows\Minidump\021715-28267-01.dmp
2015-02-17 13:31 - 2015-02-17 13:31 - 00000197 _____ () C:\Windows\system32\2015-02-17-19-31-39.051-AvastVBoxSVC.exe-3000.log
2015-02-17 12:02 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 12:02 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 12:02 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 12:02 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 11:58 - 2015-02-17 11:58 - 00000197 _____ () C:\Windows\system32\2015-02-17-17-58-23.036-AvastVBoxSVC.exe-3424.log
2015-02-16 17:18 - 2015-02-16 17:19 - 00000197 _____ () C:\Windows\system32\2015-02-16-23-18-52.040-AvastVBoxSVC.exe-2908.log
2015-02-16 17:03 - 2015-02-16 17:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 17:03 - 2015-02-16 17:03 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 17:03 - 2015-02-16 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 17:03 - 2015-02-16 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 17:03 - 2015-02-16 17:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 17:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 17:03 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 17:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-16 17:02 - 2015-02-16 17:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Travis\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-16 17:02 - 2015-02-16 17:02 - 00001276 _____ () C:\Users\Travis\Desktop\ESETscan.txt
2015-02-16 14:27 - 2015-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-16 14:26 - 2015-02-16 14:26 - 02347384 _____ (ESET) C:\Users\Travis\Desktop\esetsmartinstaller_enu.exe
2015-02-16 14:25 - 2015-02-16 14:25 - 01388274 _____ (Thisisu) C:\Users\Travis\Downloads\JRT.exe
2015-02-16 14:15 - 2015-02-16 14:15 - 00001728 _____ () C:\Users\Travis\Desktop\JRT.txt
2015-02-16 14:11 - 2015-02-16 14:11 - 01388274 _____ (Thisisu) C:\Users\Travis\Desktop\JRT.exe
2015-02-16 14:10 - 2015-02-16 14:10 - 00001621 _____ () C:\Users\Travis\Desktop\AdwCleaner[R0].txt
2015-02-16 13:31 - 2015-02-17 13:28 - 00000000 ____D () C:\AdwCleaner
2015-02-16 13:31 - 2015-02-16 13:31 - 02112512 _____ () C:\Users\Travis\Desktop\AdwCleaner.exe
2015-02-16 13:31 - 2015-02-16 13:31 - 00099812 _____ () C:\Users\Travis\Desktop\TDSSKILLER REPORT.txt
2015-02-16 13:03 - 2015-02-16 13:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Travis\Desktop\tdsskiller.exe
2015-02-16 13:02 - 2015-02-16 13:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Travis\Downloads\tdsskiller.exe
2015-02-16 13:00 - 2015-02-16 13:00 - 00033419 _____ () C:\Users\Travis\Desktop\Result Mini ToolBox.txt
2015-02-16 12:46 - 2015-02-16 12:47 - 00033419 _____ () C:\Users\Travis\Desktop\Result.txt
2015-02-16 12:45 - 2015-02-16 12:45 - 00401920 _____ (Farbar) C:\Users\Travis\Desktop\MiniToolBox.exe
2015-02-16 11:25 - 2015-02-16 11:26 - 00000247 _____ () C:\Windows\system32\2015-02-16-17-25-52.042-aswFe.exe-5788.log
2015-02-16 11:22 - 2015-02-16 11:25 - 00000247 _____ () C:\Windows\system32\2015-02-16-17-22-40.011-aswFe.exe-4916.log
2015-02-16 11:22 - 2015-02-16 11:22 - 00000197 _____ () C:\Windows\system32\2015-02-16-17-22-37.036-AvastVBoxSVC.exe-3856.log
2015-02-15 12:47 - 2015-02-15 12:47 - 00141864 _____ () C:\Users\Travis\Downloads\bluescreenview_setup.exe
2015-02-15 12:47 - 2015-02-15 12:47 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2015-02-15 12:47 - 2015-02-15 12:47 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2015-02-15 12:45 - 2015-02-15 12:45 - 00000796 _____ () C:\Users\Travis\Desktop\WhoCrashed.lnk
2015-02-15 12:45 - 2015-02-15 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-02-15 12:45 - 2015-02-15 12:45 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-02-15 12:44 - 2015-02-15 12:45 - 02727584 _____ (Resplendence Software Projects Sp. ) C:\Users\Travis\Downloads\whocrashedSetup.exe
2015-02-15 12:42 - 2015-02-15 12:42 - 00000197 _____ () C:\Windows\system32\2015-02-15-18-42-33.032-AvastVBoxSVC.exe-3080.log
2015-02-15 12:40 - 2015-02-15 12:40 - 00276432 _____ () C:\Windows\Minidump\021515-20732-01.dmp
2015-02-15 12:37 - 2015-02-15 12:37 - 00276432 _____ () C:\Windows\Minidump\021515-22448-01.dmp
2015-02-15 12:37 - 2015-02-15 12:37 - 00000197 _____ () C:\Windows\system32\2015-02-15-18-37-37.004-AvastVBoxSVC.exe-1128.log
2015-02-15 12:35 - 2015-02-15 12:35 - 00448512 _____ (OldTimer Tools) C:\Users\Travis\Desktop\TFC.exe
2015-02-15 12:30 - 2015-02-15 12:31 - 00000197 _____ () C:\Windows\system32\2015-02-15-18-30-45.012-AvastVBoxSVC.exe-3588.log
2015-02-14 14:56 - 2015-02-14 14:56 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\4491
2015-02-14 13:34 - 2015-01-22 23:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 13:34 - 2015-01-22 22:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-14 13:25 - 2015-02-14 13:26 - 00000197 _____ () C:\Windows\system32\2015-02-14-19-25-52.058-AvastVBoxSVC.exe-2684.log
2015-02-12 18:37 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 18:37 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 18:37 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 18:37 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 18:37 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 18:37 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 18:37 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 18:37 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 18:37 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 18:37 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 18:37 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 18:37 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 18:37 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 18:37 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 18:37 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 18:37 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 18:37 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 18:37 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 18:37 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 18:37 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 18:37 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 18:37 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 18:37 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 18:37 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 18:37 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 18:37 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 18:37 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 18:37 - 2014-10-03 20:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 18:37 - 2014-10-03 19:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 18:37 - 2014-10-03 19:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 18:37 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 18:37 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 18:37 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 18:37 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 18:36 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 18:36 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 18:36 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 18:36 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 18:36 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 18:36 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 18:36 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 18:36 - 2015-01-13 00:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 18:36 - 2015-01-13 00:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 18:36 - 2015-01-13 00:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 18:36 - 2015-01-13 00:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 18:36 - 2015-01-13 00:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 18:36 - 2015-01-12 23:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 18:36 - 2015-01-12 23:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 18:36 - 2015-01-12 23:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 18:36 - 2015-01-12 23:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 18:36 - 2015-01-12 22:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 18:36 - 2015-01-12 22:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 18:36 - 2015-01-12 22:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 18:36 - 2015-01-12 21:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-12 18:36 - 2015-01-12 21:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 18:36 - 2015-01-12 21:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-12 18:36 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 18:36 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 18:36 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 18:27 - 2015-02-12 18:27 - 00000197 _____ () C:\Windows\system32\2015-02-13-00-27-07.058-AvastVBoxSVC.exe-3712.log
2015-02-09 14:15 - 2015-02-09 14:16 - 00000197 _____ () C:\Windows\system32\2015-02-09-20-15-59.079-AvastVBoxSVC.exe-3648.log
2015-02-06 20:37 - 2015-02-06 20:37 - 00001225 _____ () C:\Users\Travis\Desktop\TreeSize Free.lnk
2015-02-06 20:37 - 2015-02-06 20:37 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\JAM Software
2015-02-06 20:37 - 2015-02-06 20:37 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2015-02-06 20:36 - 2015-02-06 20:36 - 05096104 _____ (JAM Software ) C:\Users\Travis\Downloads\TreeSizeFreeSetup.exe
2015-02-06 20:02 - 2015-02-06 20:02 - 00000197 _____ () C:\Windows\system32\2015-02-07-02-02-26.095-AvastVBoxSVC.exe-3652.log
2015-02-03 00:44 - 2015-02-03 00:44 - 00000197 _____ () C:\Windows\system32\2015-02-03-06-44-34.010-AvastVBoxSVC.exe-3560.log
2015-02-02 13:44 - 2015-02-02 13:44 - 00000197 _____ () C:\Windows\system32\2015-02-02-19-44-20.045-AvastVBoxSVC.exe-3492.log
2015-01-28 17:14 - 2015-01-28 17:14 - 00000197 _____ () C:\Windows\system32\2015-01-28-23-14-00.057-AvastVBoxSVC.exe-3480.log
2015-01-27 14:33 - 2015-01-27 14:33 - 00000197 _____ () C:\Windows\system32\2015-01-27-20-33-33.030-AvastVBoxSVC.exe-3464.log
2015-01-27 14:26 - 2015-01-27 14:26 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\31844
2015-01-27 14:19 - 2015-01-27 14:19 - 03587659 _____ () C:\Users\Travis\MartinLogo.eps
2015-01-27 14:00 - 2015-01-27 14:00 - 00000017 _____ () C:\Users\Travis\Documents\Harman Graphics e-mail.txt
2015-01-27 13:30 - 2015-01-27 13:30 - 00000197 _____ () C:\Windows\system32\2015-01-27-19-30-06.024-AvastVBoxSVC.exe-3276.log
2015-01-25 15:24 - 2015-01-25 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-25-21-24-42.020-AvastVBoxSVC.exe-1564.log
2015-01-20 16:12 - 2015-01-20 16:12 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\10736
2015-01-20 16:10 - 2015-01-20 16:11 - 00000197 _____ () C:\Windows\system32\2015-01-20-22-10-59.060-AvastVBoxSVC.exe-3556.log
2015-01-20 00:13 - 2015-01-20 00:13 - 00000197 _____ () C:\Windows\system32\2015-01-20-06-13-11.011-AvastVBoxSVC.exe-3500.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 15:46 - 2011-12-31 21:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA.job
2015-02-19 15:43 - 2012-05-08 20:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-19 15:25 - 2011-12-29 19:56 - 01274137 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 15:02 - 2013-05-12 14:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 15:02 - 2013-05-12 14:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 17:44 - 2009-07-13 22:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 17:44 - 2009-07-13 22:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 17:38 - 2012-07-06 18:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-18 17:37 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 17:37 - 2009-07-13 22:51 - 00077171 _____ () C:\Windows\setupact.log
2015-02-18 17:37 - 2009-07-13 22:45 - 02340616 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-18 17:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 16:46 - 2011-12-31 21:04 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core.job
2015-02-17 16:16 - 2012-01-02 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-17 16:13 - 2014-12-30 19:53 - 00000000 ____D () C:\Windows\Minidump
2015-02-17 16:12 - 2014-12-30 19:53 - 800952848 _____ () C:\Windows\MEMORY.DMP
2015-02-17 16:12 - 2011-12-31 22:02 - 00270776 _____ () C:\Windows\PFRO.log
2015-02-17 15:08 - 2012-02-05 17:09 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-17 15:08 - 2012-02-05 17:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-17 13:16 - 2011-12-29 22:16 - 00109296 _____ () C:\Users\Travis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-17 12:03 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 17:10 - 2012-12-23 21:18 - 00000000 ____D () C:\Users\Travis\XP Fix
2015-02-16 17:10 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Branding
2015-02-16 12:35 - 2014-08-24 08:55 - 00000000 ____D () C:\Users\Travis\Documents\Martin Logo
2015-02-15 12:24 - 2013-05-16 18:54 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-15 00:10 - 2012-02-27 22:18 - 00138752 _____ () C:\Users\Travis\Documents\New DVD List.xls
2015-02-14 14:58 - 2014-06-14 07:53 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 US
2015-02-14 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 13:23 - 2014-12-17 03:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 13:23 - 2014-05-02 21:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-14 13:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-13 00:29 - 2013-08-04 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 00:27 - 2012-01-02 19:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 14:57 - 2013-05-12 14:54 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 14:57 - 2013-05-12 14:54 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-09 14:50 - 2013-03-18 18:29 - 00013895 _____ () C:\Users\Travis\Documents\Deposits.xlsx
2015-02-09 14:48 - 2011-12-31 21:04 - 00002374 _____ () C:\Users\Travis\Desktop\Google Chrome.lnk
2015-02-06 20:43 - 2012-05-08 20:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 20:43 - 2012-05-08 20:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 20:43 - 2011-12-29 20:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 09:37 - 2011-12-31 21:39 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-02-03 16:41 - 2011-12-31 21:04 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA
2015-02-03 16:41 - 2011-12-31 21:04 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core
2015-01-28 17:20 - 2011-12-29 19:57 - 00000000 ____D () C:\Users\Travis
2015-01-27 13:57 - 2013-05-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-20 16:13 - 2014-06-14 07:53 - 00001128 _____ () C:\Users\Public\Desktop\DVDFab 9 US.lnk
2015-01-20 16:13 - 2014-06-14 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 US
 
==================== Files in the root of some directories =======
 
2012-12-06 23:44 - 2012-12-05 11:44 - 0000044 ____H () C:\Program Files (x86)\541b9a0f.tmp
2014-05-17 20:49 - 2014-05-17 21:00 - 0000092 _____ () C:\Users\Travis\AppData\Roaming\burnaware.ini
2014-05-17 20:59 - 2014-05-17 20:59 - 0000031 _____ () C:\Users\Travis\AppData\Local\burnaware.ini
2012-01-01 00:32 - 2014-01-23 20:09 - 0007597 _____ () C:\Users\Travis\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Travis\AppData\Local\setup.txt
2012-06-28 06:01 - 2012-11-30 20:59 - 0000040 ___SH () C:\ProgramData\.zreglib
 
Some content of TEMP:
====================
C:\Users\Travis\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\ose00000.exe
C:\Users\Travis\AppData\Local\Temp\Quarantine.exe
C:\Users\Travis\AppData\Local\Temp\sqlite3.dll
C:\Users\Travis\AppData\Local\Temp\tmp22EA.exe
C:\Users\Travis\AppData\Local\Temp\tmp2C9B.exe
C:\Users\Travis\AppData\Local\Temp\tmpC10D.exe
C:\Users\Travis\AppData\Local\Temp\x264enc5.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 00:23
 
==================== End Of Log ============================
 
 
 
Farbar Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Travis at 2015-02-19 15:55:17
Running from C:\Users\Travis\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.00.27 - ASUSTeK)
Amazon Cloud Player (HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
BluFab 9.1.3.5 (17/03/2014) (HKLM-x32\...\BluFab 9_is1) (Version:  - BluFab Software Inc.)
BurnAware Free 7.0 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.2.0.1 (17/08/2012) Qt Beta (HKLM-x32\...\DVDFab 8 Qt Beta_is1) (Version:  - Fengtao Software Inc.)
DVDFab 8.2.2.6 (25/12/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.4.6 (22/05/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.8.3 (07/01/2015) (HKLM-x32\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero 7 Premium (HKLM-x32\...\{847CAE64-4CD2-4B2D-AF00-978FF5431033}) (Version: 7.02.9755 - Nero AG)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PFPortChecker 1.0.40 (HKLM-x32\...\PFPortChecker) (Version: 1.0.40 - Portforward.com)
PingPlotter Standard 3.40.2s (HKLM-x32\...\{D8A50F0B-791E-43E6-8F22-AEC2D3FBEB84}) (Version: 3.40.2.5 - Nessoft, LLC)
Portforward Static IP Address 1.0.47 (HKLM-x32\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6161 - Realtek Semiconductor Corp.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
zMUD 7.21.0.0 (HKLM-x32\...\zMUD) (Version: 7.21.0.0 - Zugg Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
05-12-2014 19:07:20 Windows Update
16-12-2014 20:56:13 Windows Update
17-12-2014 03:00:14 Windows Update
20-12-2014 11:17:27 Windows Update
27-12-2014 14:48:57 avast! antivirus system restore point
27-12-2014 14:50:46 Windows Update
03-01-2015 12:53:15 Windows Update
06-01-2015 16:54:31 Windows Update
13-01-2015 17:13:06 Windows Update
14-01-2015 03:00:11 Windows Update
20-01-2015 00:17:30 Windows Update
25-01-2015 15:28:31 Windows Update
02-02-2015 13:48:01 Windows Update
06-02-2015 20:05:59 Windows Update
12-02-2015 18:35:54 Windows Update
13-02-2015 00:25:05 Windows Update
15-02-2015 03:00:12 Windows Update
17-02-2015 15:08:33 Removed Adobe Reader X (10.1.8).
17-02-2015 15:09:11 Removed Java 7 Update 60
17-02-2015 17:03:29 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09582473-2EC4-466E-9410-614E20ADB69A} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-06-28] (ASUSTeK Computer Inc.)
Task: {433650E5-38C0-4399-8E29-E7573862CDAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
Task: {5E04915B-CA10-4419-8F26-451A9BCC717D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
Task: {68868783-583C-4DE1-9FFE-4FB0A1F35A88} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-27] (AVAST Software)
Task: {74054B66-D9A9-46A7-8AA3-1E5122350C0E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {C4CEB21D-E58F-4098-A1C0-292AEA78EABD} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2011-12-31] (ASUSTeK Computer Inc.)
Task: {C8874834-EE5B-4CB3-A4B3-D7BFC6CD71AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F02B7A86-7286-4428-BCB6-F5ABF86CC44B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core.job => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA.job => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-27 14:50 - 2014-12-27 14:50 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-27 14:50 - 2014-12-27 14:50 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-09-13 18:33 - 2014-03-07 14:39 - 03168576 _____ () C:\Users\Travis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2015-02-17 16:13 - 2015-02-17 16:13 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021702\algo.dll
2014-12-27 14:50 - 2014-12-27 14:50 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-18 17:38 - 2015-02-18 17:38 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021802\algo.dll
2015-02-19 13:43 - 2015-02-19 13:43 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021901\algo.dll
2014-12-27 14:50 - 2014-12-27 14:50 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-12-31 21:25 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2011-12-31 21:25 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2011-12-31 21:25 - 2010-06-23 11:54 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2011-12-31 21:25 - 2010-06-24 18:17 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2011-12-31 21:25 - 2010-06-07 14:58 - 00880128 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2011-12-31 21:25 - 2010-07-15 08:12 - 01604096 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2011-12-31 21:25 - 2010-06-24 17:53 - 01246720 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2011-12-31 21:25 - 2010-06-21 16:32 - 00850432 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2011-12-31 21:25 - 2010-06-21 16:37 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2011-12-31 21:25 - 2010-02-24 16:56 - 00661504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\aaHMLib.dll
2015-02-09 14:48 - 2015-02-04 03:02 - 01117512 _____ () C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-09 14:48 - 2015-02-04 03:02 - 00211272 _____ () C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-09 14:48 - 2015-02-04 03:02 - 09170760 _____ () C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:27D40D6F
AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA
AlternateDataStreams: C:\Users\Travis\The Dream Team.avi:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3227071784-2484793637-3475646672-500 - Administrator - Disabled)
Guest (S-1-5-21-3227071784-2484793637-3475646672-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3227071784-2484793637-3475646672-1004 - Limited - Enabled)
Travis (S-1-5-21-3227071784-2484793637-3475646672-1001 - Administrator - Enabled) => C:\Users\Travis
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/16/2015 02:27:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/16/2015 02:27:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/16/2015 02:26:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (02/17/2015 04:13:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000006, 0xfffffa801529cb50, 0xfffffa8015292e10, 0xfffff8000339b100)C:\Windows\MEMORY.DMP021715-28267-01
 
Error: (02/17/2015 04:13:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:11:17 PM on ‎2/‎17/‎2015 was unexpected.
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS System Control Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 10%
Total physical RAM: 24567.12 MB
Available physical RAM: 21964.78 MB
Total Pagefile: 49132.42 MB
Available Pagefile: 46225.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.36 GB) (Free:90.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 5393EA45)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Thanks for the help!
Travis

Edited by hamluis, 19 February 2015 - 07:49 PM.
Moved from AII to MRL.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 24 February 2015 - 05:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567635 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Travis Wayne

Travis Wayne
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa
  • Local time:09:48 AM

Posted 28 February 2015 - 06:23 PM

Ok, still having the same problems...Here are the latest logs:

 

FRST: 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Travis (administrator) on TRAVIS-PC on 28-02-2015 17:21:07
Running from C:\Users\Travis\Desktop
Loaded Profiles: Travis (Available profiles: Travis)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Users\Travis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\HMService\aaHM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11048040 2011-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Run: [Google Update] => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Run: [Amazon Cloud Player] => C:\Users\Travis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Run: [DU Meter] => "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3227071784-2484793637-3475646672-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3227071784-2484793637-3475646672-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-31]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-31]
CHR Extension: (Google Search) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-31]
CHR Extension: (AdBlock) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-27]
StartMenuInternet: Google Chrome - C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2011-12-31] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-27] (Avast Software)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-02-07] (Macrovision Europe Ltd.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2011-12-31] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-27] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2011-12-31] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-27] (Avast Software)
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 17:21 - 2015-02-28 17:21 - 00000000 ____D () C:\Users\Travis\Desktop\FRST-OlderVersion
2015-02-28 14:09 - 2015-02-28 14:10 - 00000197 _____ () C:\Windows\system32\2015-02-28-20-09-49.029-AvastVBoxSVC.exe-3412.log
2015-02-26 17:40 - 2015-02-26 17:41 - 00000197 _____ () C:\Windows\system32\2015-02-26-23-40-54.026-AvastVBoxSVC.exe-3644.log
2015-02-25 21:56 - 2015-02-26 20:28 - 01386997 _____ () C:\Users\Travis\Desktop\NorwexFlyer.psd
2015-02-25 21:45 - 2015-02-25 21:45 - 00000000 ____D () C:\Users\Travis\Desktop\New folder
2015-02-25 18:30 - 2015-02-25 18:30 - 00387392 _____ () C:\Users\Travis\Downloads\attachments_2015_02_26.zip
2015-02-25 18:20 - 2015-02-25 18:21 - 00000197 _____ () C:\Windows\system32\2015-02-26-00-20-54.074-AvastVBoxSVC.exe-2636.log
2015-02-24 17:18 - 2015-01-08 17:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 17:18 - 2015-01-08 17:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 15:35 - 2015-02-24 15:35 - 00000197 _____ () C:\Windows\system32\2015-02-24-21-35-03.077-AvastVBoxSVC.exe-3976.log
2015-02-23 18:27 - 2015-02-23 18:28 - 00000197 _____ () C:\Windows\system32\2015-02-24-00-27-54.078-AvastVBoxSVC.exe-3884.log
2015-02-21 16:54 - 2015-02-21 16:54 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-54-19.003-AvastVBoxSVC.exe-3036.log
2015-02-19 15:54 - 2015-02-28 17:21 - 00012246 _____ () C:\Users\Travis\Desktop\FRST.txt
2015-02-19 15:52 - 2015-02-28 17:21 - 00000000 ____D () C:\FRST
2015-02-19 15:51 - 2015-02-28 17:21 - 02087936 _____ (Farbar) C:\Users\Travis\Desktop\FRST64.exe
2015-02-18 17:46 - 2015-02-18 17:46 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\19553
2015-02-18 17:39 - 2015-02-18 17:39 - 00000197 _____ () C:\Windows\system32\2015-02-18-23-39-13.049-AvastVBoxSVC.exe-2424.log
2015-02-17 16:13 - 2015-02-17 16:14 - 00000197 _____ () C:\Windows\system32\2015-02-17-22-13-55.090-AvastVBoxSVC.exe-2864.log
2015-02-17 16:13 - 2015-02-17 16:13 - 00276432 _____ () C:\Windows\Minidump\021715-28267-01.dmp
2015-02-17 13:31 - 2015-02-17 13:31 - 00000197 _____ () C:\Windows\system32\2015-02-17-19-31-39.051-AvastVBoxSVC.exe-3000.log
2015-02-17 12:02 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 12:02 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 12:02 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 12:02 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 11:58 - 2015-02-17 11:58 - 00000197 _____ () C:\Windows\system32\2015-02-17-17-58-23.036-AvastVBoxSVC.exe-3424.log
2015-02-16 17:18 - 2015-02-16 17:19 - 00000197 _____ () C:\Windows\system32\2015-02-16-23-18-52.040-AvastVBoxSVC.exe-2908.log
2015-02-16 17:03 - 2015-02-16 17:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 17:03 - 2015-02-16 17:03 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 17:03 - 2015-02-16 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 17:03 - 2015-02-16 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 17:03 - 2015-02-16 17:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 17:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 17:03 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 17:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-16 17:02 - 2015-02-16 17:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Travis\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-16 17:02 - 2015-02-16 17:02 - 00001276 _____ () C:\Users\Travis\Desktop\ESETscan.txt
2015-02-16 14:27 - 2015-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-16 14:26 - 2015-02-16 14:26 - 02347384 _____ (ESET) C:\Users\Travis\Desktop\esetsmartinstaller_enu.exe
2015-02-16 14:25 - 2015-02-16 14:25 - 01388274 _____ (Thisisu) C:\Users\Travis\Downloads\JRT.exe
2015-02-16 14:15 - 2015-02-16 14:15 - 00001728 _____ () C:\Users\Travis\Desktop\JRT.txt
2015-02-16 14:11 - 2015-02-16 14:11 - 01388274 _____ (Thisisu) C:\Users\Travis\Desktop\JRT.exe
2015-02-16 14:10 - 2015-02-16 14:10 - 00001621 _____ () C:\Users\Travis\Desktop\AdwCleaner[R0].txt
2015-02-16 13:31 - 2015-02-17 13:28 - 00000000 ____D () C:\AdwCleaner
2015-02-16 13:31 - 2015-02-16 13:31 - 02112512 _____ () C:\Users\Travis\Desktop\AdwCleaner.exe
2015-02-16 13:31 - 2015-02-16 13:31 - 00099812 _____ () C:\Users\Travis\Desktop\TDSSKILLER REPORT.txt
2015-02-16 13:03 - 2015-02-16 13:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Travis\Desktop\tdsskiller.exe
2015-02-16 13:02 - 2015-02-16 13:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Travis\Downloads\tdsskiller.exe
2015-02-16 13:00 - 2015-02-16 13:00 - 00033419 _____ () C:\Users\Travis\Desktop\Result Mini ToolBox.txt
2015-02-16 12:46 - 2015-02-16 12:47 - 00033419 _____ () C:\Users\Travis\Desktop\Result.txt
2015-02-16 12:45 - 2015-02-16 12:45 - 00401920 _____ (Farbar) C:\Users\Travis\Desktop\MiniToolBox.exe
2015-02-16 11:25 - 2015-02-16 11:26 - 00000247 _____ () C:\Windows\system32\2015-02-16-17-25-52.042-aswFe.exe-5788.log
2015-02-16 11:22 - 2015-02-16 11:25 - 00000247 _____ () C:\Windows\system32\2015-02-16-17-22-40.011-aswFe.exe-4916.log
2015-02-16 11:22 - 2015-02-16 11:22 - 00000197 _____ () C:\Windows\system32\2015-02-16-17-22-37.036-AvastVBoxSVC.exe-3856.log
2015-02-15 12:47 - 2015-02-15 12:47 - 00141864 _____ () C:\Users\Travis\Downloads\bluescreenview_setup.exe
2015-02-15 12:47 - 2015-02-15 12:47 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2015-02-15 12:47 - 2015-02-15 12:47 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2015-02-15 12:45 - 2015-02-26 20:28 - 00000840 _____ () C:\Users\Travis\Desktop\WhoCrashed.lnk
2015-02-15 12:45 - 2015-02-15 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-02-15 12:45 - 2015-02-15 12:45 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-02-15 12:44 - 2015-02-15 12:45 - 02727584 _____ (Resplendence Software Projects Sp. ) C:\Users\Travis\Downloads\whocrashedSetup.exe
2015-02-15 12:42 - 2015-02-15 12:42 - 00000197 _____ () C:\Windows\system32\2015-02-15-18-42-33.032-AvastVBoxSVC.exe-3080.log
2015-02-15 12:40 - 2015-02-15 12:40 - 00276432 _____ () C:\Windows\Minidump\021515-20732-01.dmp
2015-02-15 12:37 - 2015-02-15 12:37 - 00276432 _____ () C:\Windows\Minidump\021515-22448-01.dmp
2015-02-15 12:37 - 2015-02-15 12:37 - 00000197 _____ () C:\Windows\system32\2015-02-15-18-37-37.004-AvastVBoxSVC.exe-1128.log
2015-02-15 12:35 - 2015-02-15 12:35 - 00448512 _____ (OldTimer Tools) C:\Users\Travis\Desktop\TFC.exe
2015-02-15 12:30 - 2015-02-15 12:31 - 00000197 _____ () C:\Windows\system32\2015-02-15-18-30-45.012-AvastVBoxSVC.exe-3588.log
2015-02-14 14:56 - 2015-02-14 14:56 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\4491
2015-02-14 13:34 - 2015-01-22 23:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 13:34 - 2015-01-22 22:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-14 13:25 - 2015-02-14 13:26 - 00000197 _____ () C:\Windows\system32\2015-02-14-19-25-52.058-AvastVBoxSVC.exe-2684.log
2015-02-12 18:37 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 18:37 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 18:37 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 18:37 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 18:37 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 18:37 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 18:37 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 18:37 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 18:37 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 18:37 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 18:37 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 18:37 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 18:37 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 18:37 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 18:37 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 18:37 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 18:37 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 18:37 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 18:37 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 18:37 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 18:37 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 18:37 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 18:37 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 18:37 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 18:37 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 18:37 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 18:37 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 18:37 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 18:37 - 2014-10-03 20:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 18:37 - 2014-10-03 19:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 18:37 - 2014-10-03 19:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 18:37 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 18:37 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 18:37 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 18:37 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 18:36 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 18:36 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 18:36 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 18:36 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 18:36 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 18:36 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 18:36 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 18:36 - 2015-01-13 00:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 18:36 - 2015-01-13 00:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 18:36 - 2015-01-13 00:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 18:36 - 2015-01-13 00:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 18:36 - 2015-01-13 00:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 18:36 - 2015-01-13 00:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 18:36 - 2015-01-13 00:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 18:36 - 2015-01-12 23:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 18:36 - 2015-01-12 23:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 18:36 - 2015-01-12 23:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 18:36 - 2015-01-12 23:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 18:36 - 2015-01-12 23:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 18:36 - 2015-01-12 22:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 18:36 - 2015-01-12 22:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 18:36 - 2015-01-12 22:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 18:36 - 2015-01-12 21:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-12 18:36 - 2015-01-12 21:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 18:36 - 2015-01-12 21:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-12 18:36 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 18:36 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 18:36 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 18:27 - 2015-02-12 18:27 - 00000197 _____ () C:\Windows\system32\2015-02-13-00-27-07.058-AvastVBoxSVC.exe-3712.log
2015-02-09 14:15 - 2015-02-09 14:16 - 00000197 _____ () C:\Windows\system32\2015-02-09-20-15-59.079-AvastVBoxSVC.exe-3648.log
2015-02-06 20:37 - 2015-02-06 20:37 - 00001225 _____ () C:\Users\Travis\Desktop\TreeSize Free.lnk
2015-02-06 20:37 - 2015-02-06 20:37 - 00000000 ____D () C:\Users\Travis\AppData\Roaming\JAM Software
2015-02-06 20:37 - 2015-02-06 20:37 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2015-02-06 20:36 - 2015-02-06 20:36 - 05096104 _____ (JAM Software ) C:\Users\Travis\Downloads\TreeSizeFreeSetup.exe
2015-02-06 20:02 - 2015-02-06 20:02 - 00000197 _____ () C:\Windows\system32\2015-02-07-02-02-26.095-AvastVBoxSVC.exe-3652.log
2015-02-03 00:44 - 2015-02-03 00:44 - 00000197 _____ () C:\Windows\system32\2015-02-03-06-44-34.010-AvastVBoxSVC.exe-3560.log
2015-02-02 13:44 - 2015-02-02 13:44 - 00000197 _____ () C:\Windows\system32\2015-02-02-19-44-20.045-AvastVBoxSVC.exe-3492.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 17:19 - 2011-12-29 19:56 - 01558869 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 17:02 - 2013-05-12 14:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 16:46 - 2011-12-31 21:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA.job
2015-02-28 16:46 - 2011-12-31 21:04 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core.job
2015-02-28 16:43 - 2012-05-08 20:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-28 15:02 - 2013-05-12 14:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 14:15 - 2009-07-13 22:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 14:15 - 2009-07-13 22:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 14:08 - 2012-07-06 18:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-28 14:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 14:08 - 2009-07-13 22:51 - 00077507 _____ () C:\Windows\setupact.log
2015-02-26 20:52 - 2013-05-16 18:54 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-25 18:22 - 2011-12-29 22:16 - 00109296 _____ () C:\Users\Travis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 15:47 - 2011-12-31 21:04 - 00002374 _____ () C:\Users\Travis\Desktop\Google Chrome.lnk
2015-02-24 15:34 - 2009-07-13 22:45 - 02340616 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 18:29 - 2012-01-02 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 16:06 - 2012-02-27 22:18 - 00138752 _____ () C:\Users\Travis\Documents\New DVD List.xls
2015-02-18 17:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 16:13 - 2014-12-30 19:53 - 00000000 ____D () C:\Windows\Minidump
2015-02-17 16:12 - 2014-12-30 19:53 - 800952848 _____ () C:\Windows\MEMORY.DMP
2015-02-17 16:12 - 2011-12-31 22:02 - 00270776 _____ () C:\Windows\PFRO.log
2015-02-17 15:08 - 2012-02-05 17:09 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-17 15:08 - 2012-02-05 17:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-17 12:03 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 17:10 - 2012-12-23 21:18 - 00000000 ____D () C:\Users\Travis\XP Fix
2015-02-16 17:10 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Branding
2015-02-16 12:35 - 2014-08-24 08:55 - 00000000 ____D () C:\Users\Travis\Documents\Martin Logo
2015-02-14 14:58 - 2014-06-14 07:53 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 US
2015-02-14 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 13:23 - 2014-12-17 03:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 13:23 - 2014-05-02 21:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-14 13:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-13 00:29 - 2013-08-04 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 00:27 - 2012-01-02 19:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 14:57 - 2013-05-12 14:54 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 14:57 - 2013-05-12 14:54 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-09 14:50 - 2013-03-18 18:29 - 00013895 _____ () C:\Users\Travis\Documents\Deposits.xlsx
2015-02-06 20:43 - 2012-05-08 20:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 20:43 - 2012-05-08 20:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 20:43 - 2011-12-29 20:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 09:37 - 2011-12-31 21:39 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-02-03 16:41 - 2011-12-31 21:04 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA
2015-02-03 16:41 - 2011-12-31 21:04 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core
 
==================== Files in the root of some directories =======
 
2012-12-06 23:44 - 2012-12-05 11:44 - 0000044 ____H () C:\Program Files (x86)\541b9a0f.tmp
2014-05-17 20:49 - 2014-05-17 21:00 - 0000092 _____ () C:\Users\Travis\AppData\Roaming\burnaware.ini
2014-05-17 20:59 - 2014-05-17 20:59 - 0000031 _____ () C:\Users\Travis\AppData\Local\burnaware.ini
2012-01-01 00:32 - 2014-01-23 20:09 - 0007597 _____ () C:\Users\Travis\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Travis\AppData\Local\setup.txt
2012-06-28 06:01 - 2012-11-30 20:59 - 0000040 ___SH () C:\ProgramData\.zreglib
 
Some content of TEMP:
====================
C:\Users\Travis\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\ose00000.exe
C:\Users\Travis\AppData\Local\Temp\Quarantine.exe
C:\Users\Travis\AppData\Local\Temp\sqlite3.dll
C:\Users\Travis\AppData\Local\Temp\tmp22EA.exe
C:\Users\Travis\AppData\Local\Temp\tmp2C9B.exe
C:\Users\Travis\AppData\Local\Temp\tmpC10D.exe
C:\Users\Travis\AppData\Local\Temp\x264enc5.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-24 16:02
 
==================== End Of Log ============================
 
 
 
Addition:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Travis at 2015-02-28 17:21:29
Running from C:\Users\Travis\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.00.27 - ASUSTeK)
Amazon Cloud Player (HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
BluFab 9.1.3.5 (17/03/2014) (HKLM-x32\...\BluFab 9_is1) (Version:  - BluFab Software Inc.)
BurnAware Free 7.0 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.2.0.1 (17/08/2012) Qt Beta (HKLM-x32\...\DVDFab 8 Qt Beta_is1) (Version:  - Fengtao Software Inc.)
DVDFab 8.2.2.6 (25/12/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.4.6 (22/05/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.8.3 (07/01/2015) (HKLM-x32\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero 7 Premium (HKLM-x32\...\{847CAE64-4CD2-4B2D-AF00-978FF5431033}) (Version: 7.02.9755 - Nero AG)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PFPortChecker 1.0.40 (HKLM-x32\...\PFPortChecker) (Version: 1.0.40 - Portforward.com)
PingPlotter Standard 3.40.2s (HKLM-x32\...\{D8A50F0B-791E-43E6-8F22-AEC2D3FBEB84}) (Version: 3.40.2.5 - Nessoft, LLC)
Portforward Static IP Address 1.0.47 (HKLM-x32\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6161 - Realtek Semiconductor Corp.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
zMUD 7.21.0.0 (HKLM-x32\...\zMUD) (Version: 7.21.0.0 - Zugg Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
05-12-2014 19:07:20 Windows Update
16-12-2014 20:56:13 Windows Update
17-12-2014 03:00:14 Windows Update
20-12-2014 11:17:27 Windows Update
27-12-2014 14:48:57 avast! antivirus system restore point
27-12-2014 14:50:46 Windows Update
03-01-2015 12:53:15 Windows Update
06-01-2015 16:54:31 Windows Update
13-01-2015 17:13:06 Windows Update
14-01-2015 03:00:11 Windows Update
20-01-2015 00:17:30 Windows Update
25-01-2015 15:28:31 Windows Update
02-02-2015 13:48:01 Windows Update
06-02-2015 20:05:59 Windows Update
12-02-2015 18:35:54 Windows Update
13-02-2015 00:25:05 Windows Update
15-02-2015 03:00:12 Windows Update
17-02-2015 15:08:33 Removed Adobe Reader X (10.1.8).
17-02-2015 15:09:11 Removed Java 7 Update 60
17-02-2015 17:03:29 Windows Update
21-02-2015 16:57:23 Windows Update
24-02-2015 17:18:09 Windows Update
28-02-2015 14:13:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09582473-2EC4-466E-9410-614E20ADB69A} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-06-28] (ASUSTeK Computer Inc.)
Task: {433650E5-38C0-4399-8E29-E7573862CDAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
Task: {5E04915B-CA10-4419-8F26-451A9BCC717D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
Task: {68868783-583C-4DE1-9FFE-4FB0A1F35A88} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-27] (AVAST Software)
Task: {74054B66-D9A9-46A7-8AA3-1E5122350C0E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {C4CEB21D-E58F-4098-A1C0-292AEA78EABD} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2011-12-31] (ASUSTeK Computer Inc.)
Task: {C8874834-EE5B-4CB3-A4B3-D7BFC6CD71AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F02B7A86-7286-4428-BCB6-F5ABF86CC44B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core.job => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA.job => C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-13 18:33 - 2014-03-07 14:39 - 03168576 _____ () C:\Users\Travis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-12-27 14:50 - 2014-12-27 14:50 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-27 14:50 - 2014-12-27 14:50 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-02-26 17:40 - 2015-02-26 17:40 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022601\algo.dll
2014-12-27 14:50 - 2014-12-27 14:50 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-28 14:09 - 2015-02-28 14:09 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022801\algo.dll
2014-12-27 14:50 - 2014-12-27 14:50 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-12-31 21:25 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2011-12-31 21:25 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2011-12-31 21:25 - 2010-06-23 11:54 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2011-12-31 21:25 - 2010-06-24 18:17 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2011-12-31 21:25 - 2010-06-07 14:58 - 00880128 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2011-12-31 21:25 - 2010-07-15 08:12 - 01604096 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2011-12-31 21:25 - 2010-06-24 17:53 - 01246720 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2011-12-31 21:25 - 2010-06-21 16:32 - 00850432 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2011-12-31 21:25 - 2010-06-21 16:37 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2011-12-31 21:25 - 2010-02-24 16:56 - 00661504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\aaHMLib.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:27D40D6F
AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA
AlternateDataStreams: C:\Users\Travis\The Dream Team.avi:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3227071784-2484793637-3475646672-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3227071784-2484793637-3475646672-500 - Administrator - Disabled)
Guest (S-1-5-21-3227071784-2484793637-3475646672-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3227071784-2484793637-3475646672-1004 - Limited - Enabled)
Travis (S-1-5-21-3227071784-2484793637-3475646672-1001 - Administrator - Enabled) => C:\Users\Travis
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2015 02:44:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/26/2015 06:29:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/26/2015 06:10:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/25/2015 06:48:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/24/2015 04:04:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/19/2015 04:07:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT).  hr = 0x8007045b, A system shutdown is in progress.
.
 
 
Operation:
   Initialize For Backup
 
Error: (02/19/2015 04:07:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT).  hr = 0x8007045b, A system shutdown is in progress.
.
 
 
Operation:
   Initialize For Backup
 
Error: (02/16/2015 02:27:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/16/2015 02:27:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/16/2015 02:26:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (02/17/2015 04:13:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000006, 0xfffffa801529cb50, 0xfffffa8015292e10, 0xfffff8000339b100)C:\Windows\MEMORY.DMP021715-28267-01
 
Error: (02/17/2015 04:13:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:11:17 PM on ‎2/‎17/‎2015 was unexpected.
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/17/2015 01:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS System Control Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 11%
Total physical RAM: 24567.12 MB
Available physical RAM: 21757.06 MB
Total Pagefile: 49132.42 MB
Available Pagefile: 46254.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.36 GB) (Free:79.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 5393EA45)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:48 AM

Posted 02 March 2015 - 09:28 PM

Greetings Travis Wayne and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Travis\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\ose00000.exe
C:\Users\Travis\AppData\Local\Temp\Quarantine.exe
C:\Users\Travis\AppData\Local\Temp\sqlite3.dll
C:\Users\Travis\AppData\Local\Temp\tmp22EA.exe
C:\Users\Travis\AppData\Local\Temp\tmp2C9B.exe
C:\Users\Travis\AppData\Local\Temp\tmpC10D.exe
C:\Users\Travis\AppData\Local\Temp\x264enc5.exe
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:27D40D6F
AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA
AlternateDataStreams: C:\Users\Travis\The Dream Team.avi:TOC.WMV
C:\Program Files (x86)\541b9a0f.tmp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:48 AM

Posted 05 March 2015 - 09:54 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Travis Wayne

Travis Wayne
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa
  • Local time:09:48 AM

Posted 06 March 2015 - 09:53 PM

Hi Gary, sorry for the delayed response...from now on I'll be checking this every day...Just ran the FRST, but haven't tried to delete temp files again, wasn't sure if you wanted me to try or not? Otherwise, before that the computer has been doing the same things. Here are the results of the FRST Fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Travis at 2015-03-06 20:46:26 Run:1
Running from C:\Users\Travis\Desktop
Loaded Profiles: Travis (Available profiles: Travis)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Travis\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\ose00000.exe
C:\Users\Travis\AppData\Local\Temp\Quarantine.exe
C:\Users\Travis\AppData\Local\Temp\sqlite3.dll
C:\Users\Travis\AppData\Local\Temp\tmp22EA.exe
C:\Users\Travis\AppData\Local\Temp\tmp2C9B.exe
C:\Users\Travis\AppData\Local\Temp\tmpC10D.exe
C:\Users\Travis\AppData\Local\Temp\x264enc5.exe
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:27D40D6F
AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA
AlternateDataStreams: C:\Users\Travis\The Dream Team.avi:TOC.WMV
C:\Program Files (x86)\541b9a0f.tmp
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.60.2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2" => Key deleted successfully.
DIRECTIO => Service deleted successfully.
DUMeterDrv => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Travis\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\tmp22EA.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\tmp2C9B.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\tmpC10D.exe => Moved successfully.
C:\Users\Travis\AppData\Local\Temp\x264enc5.exe => Moved successfully.
"HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-3227071784-2484793637-3475646672-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\ProgramData\TEMP => ":27D40D6F" ADS removed successfully.
C:\ProgramData\TEMP => ":359B3BDA" ADS removed successfully.
C:\Users\Travis\The Dream Team.avi => ":TOC.WMV" ADS removed successfully.
C:\Program Files (x86)\541b9a0f.tmp => Moved successfully.
 
==== End of Fixlog 20:46:27 ====
 
Summary is attached...
 
Thanks again for all your help,
 
Travis


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:48 AM

Posted 06 March 2015 - 10:01 PM

Thanks Travis,

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • BSOD.txt
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Travis Wayne

Travis Wayne
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa
  • Local time:09:48 AM

Posted 06 March 2015 - 10:27 PM

Hi Gary, thanks for the quick response!

 

Here are the results...

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Travis at 2015-03-06 21:07:32 Run:2
Running from C:\Users\Travis\Desktop
Loaded Profiles: Travis (Available profiles: Travis)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
emptytemp:
*****************
 
EmptyTemp: => Removed 3.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:07:48 ====
 
 
Combofix log:
 
 
ComboFix 15-03-01.01 - Travis 03/06/2015  21:14:25.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.24567.21242 [GMT -6:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-07 to 2015-03-07  )))))))))))))))))))))))))))))))
.
.
2015-03-07 03:19 . 2015-03-07 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-07 02:45 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17A9A2F3-607A-46A8-846A-CCDBAEE0AD06}\mpengine.dll
2015-03-01 20:28 . 2015-03-01 20:28 -------- d-----w- c:\users\Travis\AppData\Roaming\4179
2015-02-19 21:52 . 2015-03-07 03:07 -------- d-----w- C:\FRST
2015-02-17 18:02 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-17 18:02 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-17 18:02 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-17 18:02 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-16 23:03 . 2015-02-16 23:19 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-16 23:03 . 2015-02-16 23:03 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-16 23:03 . 2015-02-16 23:03 -------- d-----w- c:\programdata\Malwarebytes
2015-02-16 23:03 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-16 23:03 . 2014-11-21 12:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-16 23:03 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-16 20:27 . 2015-02-16 20:27 -------- d-----w- c:\program files (x86)\ESET
2015-02-16 19:31 . 2015-02-17 19:28 -------- d-----w- C:\AdwCleaner
2015-02-15 18:47 . 2015-02-15 18:47 -------- d-----w- c:\program files (x86)\NirSoft
2015-02-15 18:45 . 2015-02-15 18:45 -------- d-----w- c:\program files\WhoCrashed
2015-02-14 20:56 . 2015-02-14 20:56 -------- d-----w- c:\users\Travis\AppData\Roaming\4491
2015-02-14 19:34 . 2015-01-23 05:50 3959296 ----a-w- c:\windows\system32\jscript9.dll
2015-02-14 19:34 . 2015-01-23 04:27 2864640 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 00:36 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-07 02:37 . 2015-02-07 02:37 -------- d-----w- c:\users\Travis\AppData\Roaming\JAM Software
2015-02-07 02:37 . 2015-02-07 02:37 -------- d-----w- c:\program files (x86)\JAM Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 09:17 . 2011-12-30 04:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-13 06:27 . 2012-01-03 01:58 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-07 02:43 . 2012-05-09 02:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-07 02:43 . 2011-12-30 02:05 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-27 20:50 . 2012-01-01 04:01 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-27 20:50 . 2014-12-27 20:50 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-27 20:50 . 2014-04-27 01:23 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-27 20:50 . 2014-01-06 04:47 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-12-27 20:50 . 2013-03-12 22:20 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-27 20:50 . 2013-03-12 22:20 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-27 20:50 . 2012-01-01 04:01 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-27 20:50 . 2012-01-01 04:01 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-27 20:50 . 2012-03-10 19:47 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-27 20:50 . 2014-12-27 20:50 43152 ----a-w- c:\windows\avastSS.scr
2014-12-27 20:50 . 2012-03-10 19:47 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-12-27 20:49 . 2014-12-27 20:49 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-12-19 03:06 . 2015-01-13 23:18 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 23:18 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 23:18 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="c:\users\Travis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-03-07 3168576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 02:43]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12 20:54]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12 20:54]
.
2015-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001Core.job
- c:\users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 10:26]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3227071784-2484793637-3475646672-1001UA.job
- c:\users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 10:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-27 20:50 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-01 11048040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-DU Meter - c:\program files (x86)\DU Meter\DUMeter.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BluFab 9_is1 - c:\program files (x86)\BluFab 9\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-06  21:20:30
ComboFix-quarantined-files.txt  2015-03-07 03:20
.
Pre-Run: 86,915,354,624 bytes free
Post-Run: 86,533,361,664 bytes free
.
- - End Of File - - 1CAAD6CBE09918223BE185DBCA5B8211
A36C5E4F47E84449FF07ED3517B43A31
 
 
BlueScreenView Log:
 
==================================================
Dump File         : 021715-28267-01.dmp
Crash Time        : 2/17/2015 4:11:32 PM
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000006
Parameter 2       : fffffa80`1529cb50
Parameter 3       : fffffa80`15292e10
Parameter 4       : fffff800`0339b100
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\021715-28267-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276,432
Dump File Time    : 2/17/2015 4:13:05 PM
==================================================
 
==================================================
Dump File         : 021515-20732-01.dmp
Crash Time        : 2/15/2015 12:38:54 PM
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000006
Parameter 2       : fffffa80`150ffb50
Parameter 3       : fffffa80`15100e10
Parameter 4       : fffff800`03390100
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\021515-20732-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276,432
Dump File Time    : 2/15/2015 12:40:04 PM
==================================================
 
==================================================
Dump File         : 021515-22448-01.dmp
Crash Time        : 2/15/2015 12:35:31 PM
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000006
Parameter 2       : fffffa80`15140b50
Parameter 3       : fffffa80`15136e10
Parameter 4       : fffff800`033c9100
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\021515-22448-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276,432
Dump File Time    : 2/15/2015 12:37:07 PM
==================================================
 
 
I saw emptying the temp files got rid of almost 4 gb...but I'd say overall I'm still down a lot more than that in hard drive space..
 
Thanks again,
Travis


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:48 AM

Posted 06 March 2015 - 10:38 PM

Thanks Travis,

Are you still experiencing BSOD's?

Edited by Oh My!, 06 March 2015 - 10:52 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:48 AM

Posted 06 March 2015 - 11:24 PM

HI Travis,

I am ending for the evening but will check back in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Travis Wayne

Travis Wayne
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa
  • Local time:09:48 AM

Posted 06 March 2015 - 11:46 PM

Hi Gary, sorry for the delay....Yeah, I just tried running TFC and as soon as I clicked start I got a BSOD again...



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:48 AM

Posted 07 March 2015 - 03:53 PM

Hi Travis,

Thank you for your patience. Please do this.

===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Uploading Minidump Files

--------------------
  • Using Windows Explorer please navigate to the following location:

C:\WINDOWS\Minidump

  • If they exist, upload the last 3 most recently dated files here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • BSOD.txt
  • Uploaded Minidump files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Travis Wayne

Travis Wayne
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa
  • Local time:09:48 AM

Posted 07 March 2015 - 10:10 PM

Hey Gary, here is the BSOD text, and the last 3 minidump files were uploaded..

 

==================================================
Dump File         : 030615-15724-01.dmp
Crash Time        : 3/6/2015 10:42:16 PM
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000006
Parameter 2       : fffffa80`15103b50
Parameter 3       : fffffa80`15106e10
Parameter 4       : fffff800`033e1100
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\030615-15724-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276,376
Dump File Time    : 3/6/2015 10:43:52 PM
==================================================
 
==================================================
Dump File         : 021715-28267-01.dmp
Crash Time        : 2/17/2015 4:11:32 PM
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000006
Parameter 2       : fffffa80`1529cb50
Parameter 3       : fffffa80`15292e10
Parameter 4       : fffff800`0339b100
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\021715-28267-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276,432
Dump File Time    : 2/17/2015 4:13:05 PM
==================================================
 
==================================================
Dump File         : 021515-20732-01.dmp
Crash Time        : 2/15/2015 12:38:54 PM
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000006
Parameter 2       : fffffa80`150ffb50
Parameter 3       : fffffa80`15100e10
Parameter 4       : fffff800`03390100
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\021515-20732-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276,432
Dump File Time    : 2/15/2015 12:40:04 PM
==================================================
 
==================================================
Dump File         : 021515-22448-01.dmp
Crash Time        : 2/15/2015 12:35:31 PM
Bug Check String  : CRITICAL_OBJECT_TERMINATION
Bug Check Code    : 0x000000f4
Parameter 1       : 00000000`00000006
Parameter 2       : fffffa80`15140b50
Parameter 3       : fffffa80`15136e10
Parameter 4       : fffff800`033c9100
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74ec0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18717 (win7sp1_gdr.150113-1808)
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\021515-22448-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 276,432
Dump File Time    : 2/15/2015 12:37:07 PM
==================================================
 
 
Travis


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:48 AM

Posted 07 March 2015 - 10:54 PM

Thank you for providing the information.

Are you getting BSOD's apart from running TFC?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Travis Wayne

Travis Wayne
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa
  • Local time:09:48 AM

Posted 07 March 2015 - 11:55 PM

Nope, that's the only time. The only other real problem is that I keep losing hard drive space. Not sure if the two things are even related...Also in the past I've run TFC with no problems...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users