0 Members and 1 Guest are viewing this topic.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015Ran by SYSTEM on MININT-KDNTFMQ on 16-07-2015 09:11:34Running from f:\Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-12] (Intel Corporation)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.)HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-05-25] (Microsoft Corporation)HKU\dougc\...\Run: [Starfield Updater] => C:\Users\dougc\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-09-29] (Starfield Technologies)HKU\dougc\...\Run: [wben] => C:\Users\dougc\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)HKU\dougc\...\Run: [Workspace Status] => C:\Users\dougc\AppData\Local\Workspace\WorkspaceStatus.exe [694760 2014-09-29] (Starfield Technologies)Startup: C:\Users\doug.BAREFOOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2015-02-10]ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2014-05-21]ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)==================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-29] (Avast Software s.r.o.)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-29] (Avast Software)S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)S2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.)S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-09] (Microsoft Corporation)S2 tcsd_win32.exe; "C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] ()S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.)S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] ()S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] ()S0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [406784 2014-04-09] (Dell Inc.)S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-25] (Intel Corporation)S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161752 2013-06-28] (Realtek Semiconductor Corp.)S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-29] (Avast Software)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-16 09:11 - 2015-07-16 09:11 - 00000000 ____D C:\FRST2015-07-15 06:07 - 2015-07-15 06:08 - 00000000 ____D C:\Users\doug.BAREFOOT\AppData\OICE_15_974FA576_32C1D314_38AA2015-07-15 06:07 - 2015-07-15 06:07 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (4).xlsx2015-07-15 05:22 - 2015-07-15 05:22 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (3).xlsx2015-07-14 05:38 - 2015-07-14 05:38 - 00001157 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-14.csv2015-07-13 05:57 - 2015-07-13 05:57 - 00000000 ____D C:\Windows\SysWOW64\vbox2015-07-13 05:57 - 2015-07-13 05:57 - 00000000 ____D C:\Windows\System32\vbox2015-07-13 05:54 - 2015-07-13 05:54 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job2015-07-10 07:53 - 2015-07-15 06:07 - 00010514 _____ C:\Users\doug.BAREFOOT\Desktop\2015mailinglistaddons.xlsx2015-07-10 07:27 - 2015-07-10 07:27 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (2).xlsx2015-07-10 07:27 - 2015-07-10 07:27 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (1).xlsx2015-07-10 07:27 - 2015-07-10 07:27 - 00000000 ____D C:\Users\doug.BAREFOOT\AppData\OICE_15_974FA576_32C1D314_F2D2015-07-10 06:08 - 2015-07-10 06:08 - 11855872 _____ C:\Users\doug.BAREFOOT\Downloads\mitch goes boom (1).avi2015-07-10 05:09 - 2015-07-10 05:09 - 00011106 _____ C:\Users\doug.BAREFOOT\Downloads\Booth Descriptions 2015.xlsx2015-07-09 07:51 - 2015-07-09 07:51 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8.xlsx2015-07-09 06:40 - 2015-07-09 06:40 - 00007321 _____ C:\Users\doug.BAREFOOT\Downloads\part2.05060103.05000506@barefootathletics.com2015-07-09 06:40 - 2015-07-09 06:40 - 00007321 _____ C:\Users\doug.BAREFOOT\Downloads\part2.05060103.05000506@barefootathletics (1).com2015-07-09 04:54 - 2015-07-09 04:54 - 00005838 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-09.csv2015-07-08 04:46 - 2015-07-08 04:46 - 01099226 _____ C:\Users\doug.BAREFOOT\Downloads\DiamondHead_Logo.ai2015-07-08 04:46 - 2015-07-08 04:46 - 00570654 _____ C:\Users\doug.BAREFOOT\Downloads\DiamondHead_Logo.eps2015-07-08 04:45 - 2015-07-08 04:45 - 00108342 _____ C:\Users\doug.BAREFOOT\Downloads\hardat.bmp2015-07-07 10:02 - 2015-07-07 10:02 - 00004435 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-07.csv2015-07-01 10:38 - 2015-07-01 10:38 - 00012514 _____ C:\Users\doug.BAREFOOT\Downloads\Shirt Order.xlsx2015-06-29 10:35 - 2015-06-29 10:35 - 03974689 _____ C:\Users\doug.BAREFOOT\Downloads\Antiqued Gold and Silver Rope Edge Berry Concho 1-1_2-_ All Western Cowboy - Circle KB Idaho USA.webarchive2015-06-29 07:28 - 2015-06-29 07:28 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe2015-06-29 07:28 - 2015-06-29 07:28 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr2015-06-22 11:58 - 2015-06-22 11:58 - 00002062 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-06-22.csv2015-06-18 11:06 - 2015-06-18 11:06 - 00390785 _____ C:\Users\doug.BAREFOOT\Downloads\download (1).php2015-06-18 10:55 - 2015-06-18 10:55 - 00409908 _____ C:\Users\doug.BAREFOOT\Downloads\winmail.dat2015-06-18 10:53 - 2015-06-18 10:53 - 00390785 _____ C:\Users\doug.BAREFOOT\Downloads\download.php2015-06-18 04:59 - 2015-06-18 04:59 - 00000878 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-06-18.csv==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-16 08:45 - 2015-04-05 00:00 - 00000000 ___SD C:\Windows\System32\GWX2015-07-16 08:45 - 2015-02-10 12:14 - 00000000 ____D C:\users\doug.BAREFOOT2015-07-16 08:45 - 2015-02-10 11:54 - 00000000 ____D C:\users\Administrator2015-07-16 08:45 - 2014-12-11 01:23 - 00000000 ____D C:\Windows\System32\appraiser2015-07-16 08:45 - 2014-11-19 05:54 - 00000000 ____D C:\users\crdsecagent$admin2015-07-16 08:45 - 2014-05-20 11:29 - 00000000 ___SD C:\Windows\System32\CompatTel2015-07-16 08:45 - 2014-05-20 09:52 - 00000000 ____D C:\users\dougc2015-07-16 08:45 - 2014-05-19 05:03 - 00000000 ____D C:\users\doug2015-07-16 08:45 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media2015-07-16 08:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions2015-07-16 08:44 - 2015-02-13 09:30 - 00000000 __RHD C:\MSOCache2015-07-16 08:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2015-07-16 08:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2015-07-16 00:00 - 2014-05-20 10:56 - 00000000 ____D C:\Windows\System32\MRT2015-07-15 23:17 - 2014-05-20 09:50 - 00000128 _____ C:\Windows\System32\config\netlogon.ftl2015-07-15 13:58 - 2014-05-21 06:30 - 00000000 ____D C:\Users\dougc\Desktop\Doug Shop works2015-07-14 00:46 - 2014-01-09 14:44 - 01966423 _____ C:\Windows\WindowsUpdate.log2015-07-14 00:27 - 2014-01-09 12:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-07-13 23:49 - 2014-05-19 07:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-13 18:19 - 2009-07-13 20:45 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-13 18:19 - 2009-07-13 20:45 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-13 06:49 - 2014-05-19 07:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-07-13 06:00 - 2009-07-13 21:13 - 00783606 _____ C:\Windows\System32\PerfStringBackup.INI2015-07-13 05:55 - 2015-02-10 12:14 - 00002261 _____ C:\Users\doug.BAREFOOT\Desktop\Google Chrome.lnk2015-07-13 05:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-13 05:54 - 2009-07-13 20:51 - 00037955 _____ C:\Windows\setupact.log2015-07-13 05:53 - 2010-11-20 19:47 - 00533178 _____ C:\Windows\PFRO.log2015-06-29 19:24 - 2014-05-19 07:24 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswsp.sys2015-06-29 07:28 - 2014-05-19 07:24 - 00272248 _____ C:\Windows\System32\Drivers\aswVmm.sys2015-06-29 07:28 - 2014-05-19 07:24 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys2015-06-29 07:28 - 2014-05-19 07:24 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys2015-06-29 07:28 - 2014-05-19 07:24 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys2015-06-29 07:28 - 2014-05-19 07:24 - 00065736 _____ C:\Windows\System32\Drivers\aswRvrt.sys2015-06-29 07:28 - 2014-05-19 07:24 - 00029168 _____ C:\Windows\System32\Drivers\aswHwid.sys2015-06-29 07:27 - 2014-05-19 07:24 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys2015-06-26 00:47 - 2014-05-22 05:32 - 00000000 ____D C:\Program Files\Microsoft Office 152015-06-23 10:30 - 2010-11-20 19:27 - 00300704 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== Restore Points =========================Restore point made on: 2015-06-15 22:32:23Restore point made on: 2015-06-18 23:32:51Restore point made on: 2015-06-22 23:32:50Restore point made on: 2015-06-29 07:24:49Restore point made on: 2015-06-29 23:32:47Restore point made on: 2015-07-06 23:32:54Restore point made on: 2015-07-13 05:58:37Restore point made on: 2015-07-14 00:46:40Restore point made on: 2015-07-16 00:00:21==================== Memory info =========================== Percentage of memory in use: 10%Total physical RAM: 8134.2 MBAvailable physical RAM: 7316.26 MBTotal Virtual: 8132.4 MBAvailable Virtual: 7321.19 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:452.11 GB) (Free:385.02 GB) NTFSDrive d: (Win8_x64) (CDROM) (Total:5.23 GB) (Free:0 GB) UDFDrive e: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:5.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (JW's Drive) (Removable) (Total:29.81 GB) (Free:3.2 GB) NTFSDrive g: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 03658F27)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=13.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 29.8 GB) (Disk ID: C3072E18)Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)LastRegBack: 2015-07-12 21:25==================== End of log ============================