Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop problem


  • This topic is locked This topic is locked
40 replies to this topic

#1 M. de Jager

M. de Jager

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 11 October 2014 - 08:37 AM

Hi,

 

I have a laptop here what need chek. I can't chek it daily but will do my best:

Runned AdWCleaner:

# AdwCleaner v3.311 - Rapport aangemaakt 11/10/2014 op 15:59:29
# Laatste Update 30/09/2014 door Xplode
# Besturingssysteem : Windows 8  (64 bits)
# Gebruikersnaam : Tawny - VAIO
# Gestart vanuit : C:\Users\Tawny\Downloads\AdwCleaner (1).exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
[#] Service Verwijderd : 70e6ca8c
Service Verwijderd : APNMCP
[#] Service Verwijderd : torchcrashhandler
Service Verwijderd : winzipersvc
Service Verwijderd : wStLib64
 
***** [ Bestanden / Mappen ] *****
 
Map Verwijderd : C:\ProgramData\apn
Map Verwijderd : C:\ProgramData\AskPartnerNetwork
Map Verwijderd : C:\ProgramData\BitGuard
Map Verwijderd : C:\ProgramData\Browser Manager
Map Verwijderd : C:\ProgramData\BrowserProtect
Map Verwijderd : C:\ProgramData\SafetyNut
Map Verwijderd : C:\ProgramData\Tarma Installer
Map Verwijderd : C:\ProgramData\torchcrashhandler
Map Verwijderd : C:\ProgramData\wincert
Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Map Verwijderd : C:\Program Files (x86)\AskPartnerNetwork
Map Verwijderd : C:\Program Files (x86)\Movies Toolbar
Map Verwijderd : C:\Program Files (x86)\Optimizer Pro
Map Verwijderd : C:\Program Files (x86)\WinZipper
Map Verwijderd : C:\Users\Tawny\AppData\Local\AskPartnerNetwork
Map Verwijderd : C:\Users\Tawny\AppData\Local\iLivid
Map Verwijderd : C:\Users\Tawny\AppData\Local\torch
Map Verwijderd : C:\Users\Tawny\AppData\Local\Temp\apn
Map Verwijderd : C:\Users\Tawny\AppData\LocalLow\Inbox Toolbar
Map Verwijderd : C:\Users\Tawny\AppData\LocalLow\Minibar
Map Verwijderd : C:\Users\Tawny\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
Map Verwijderd : C:\Users\Tawny\AppData\Roaming\eIntaller
Map Verwijderd : C:\Users\Tawny\AppData\Roaming\WinZipper
Map Verwijderd : C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Map Verwijderd : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo
Bestand Verwijderd : C:\Windows\System32\drivers\wStLib64.sys
Bestand Verwijderd : C:\Users\Tawny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
Bestand Verwijderd : C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Bestand Verwijderd : C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
Bestand Verwijderd : C:\Users\Tawny\Desktop\Optimizer Pro.lnk
Bestand Verwijderd : C:\Users\Tawny\Desktop\Torch.lnk
Bestand Verwijderd : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Bestand Verwijderd : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Bestand Verwijderd : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
Bestand Verwijderd : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
Bestand Verwijderd : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage
Bestand Verwijderd : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journal
 
***** [ Taken ] *****
 
Taak Verwijderd : Desk 365 RunAsStdUser
Taak Verwijderd : DTReg
 
***** [ Snelkoppelingen ] *****
 
Snelkoppeling Gedesinfecteerd : C:\Users\Public\Desktop\Google Chrome.lnk
Snelkoppeling Gedesinfecteerd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Snelkoppeling Gedesinfecteerd : C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Snelkoppeling Gedesinfecteerd : C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk
Snelkoppeling Gedesinfecteerd : C:\Users\Tawny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Snelkoppeling Gedesinfecteerd : C:\Users\Tawny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Snelkoppeling Gedesinfecteerd : C:\Users\Tawny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Register ] *****
 
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Sleutel Verwijderd : HKCU\Software\Classes\iLivid.torrent
Waarde Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Waarde Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLivid.torrent
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\inbox.appserver
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\speedupmypc
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Sleutel Verwijderd : HKCU\Software\APN DTX
Sleutel Verwijderd : HKCU\Software\AskPartnerNetwork
Sleutel Verwijderd : HKCU\Software\DefaultTab
Sleutel Verwijderd : HKCU\Software\ilivid
Sleutel Verwijderd : HKCU\Software\Optimizer Pro
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\torch
Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Sleutel Verwijderd : HKLM\SOFTWARE\AskPartnerNetwork
Sleutel Verwijderd : HKLM\SOFTWARE\Default Tab
Sleutel Verwijderd : HKLM\SOFTWARE\DefaultTab
Sleutel Verwijderd : HKLM\SOFTWARE\Desksvc
Sleutel Verwijderd : HKLM\SOFTWARE\hdcode
Sleutel Verwijderd : HKLM\SOFTWARE\Inbox Toolbar
Sleutel Verwijderd : HKLM\SOFTWARE\Minibar
Sleutel Verwijderd : HKLM\SOFTWARE\SafetyNut
Sleutel Verwijderd : HKLM\SOFTWARE\torch
Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue
Sleutel Verwijderd : HKLM\SOFTWARE\V9
Sleutel Verwijderd : HKLM\SOFTWARE\winzipersvc
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Tarma Installer
Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win32c~1.dll
Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\mgrldr.dll
Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Gegevens Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Gegevens Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll
Gegevens Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v37.0.2062.124
 
[ Bestand : C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [23873 octets] - [14/04/2014 19:30:50]
AdwCleaner[R1].txt - [14856 octets] - [11/10/2014 15:55:54]
AdwCleaner[S0].txt - [11820 octets] - [11/10/2014 15:59:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11881 octets] ##########

Attached Files


Edited by M. de Jager, 11 October 2014 - 09:07 AM.


BC AdBot (Login to Remove)

 


#2 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 13 October 2014 - 03:04 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#3 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 14 October 2014 - 04:19 AM

Hi,

 

Thanks or the response logs come asap. Is it a problem if it takes a litle longer?



#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 14 October 2014 - 04:27 AM

Hi :)

 

That's your call. However bare in mind that malware removal is a multi-step process and will take some time. From my perspective - the quicker, the better :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 14 October 2014 - 06:10 AM

Hello Naat,

 

I see the person with the laptop Friday. I can then do the first scan, I hope this is okay?

Sorry for it, but I hope you can accept this.



#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 14 October 2014 - 06:22 AM

Sure, I will be around. However bare in mind that I'm not as available during weekends as during workdays.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 14 October 2014 - 06:36 AM

It is okay, I see that people not everyday and that laptop must get a clean up, we got time.

 

Thanks for the understanding.



#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 14 October 2014 - 06:44 AM

No worries :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 18 October 2014 - 05:15 AM

Since Friday has passed and there is no reply from you, I'm going to close this thread. Shoud you wish to continue, please PM me :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 18 October 2014 - 12:20 PM

Thread re-opened per user's request.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 18 October 2014 - 12:32 PM

Sorry for the later response. I didn't see the person earlier; the first logs:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by Tawny (administrator) on VAIO on 18-10-2014 19:13:38
Running from C:\Users\Tawny\Downloads
Loaded Profiles: Tawny &  (Available profiles: Tawny)
Platform: Windows 8 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-13] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-04-15] (Intel Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-04-15] (Intel Corporation)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001\...\Run: [Facebook Update] => C:\Users\Tawny\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-20] (Facebook Inc.)
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001\...\MountPoints2: {8245aa27-3f26-11e4-bec8-a41731c7d9e2} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001\...\MountPoints2: {dc374945-29ec-11e3-be8c-a41731c7d9e2} - "E:\Startme.exe" 
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Tawny\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-20] (Facebook Inc.)
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8245aa27-3f26-11e4-bec8-a41731c7d9e2} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2913199786-2070250273-3966285727-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dc374945-29ec-11e3-be8c-a41731c7d9e2} - "E:\Startme.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {4AC33066-4B6A-45D8-A5CF-468BAC12FBC9} URL = http://www.mysearchresults.com/search?c=3520&t=01&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {92EDD0CA-59A6-4D8C-ADDC-09FEF69A46C2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 62.238.255.69 212.115.192.100
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tawny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.inbox.com/homepage.aspx?tbid=82632&iwk=297&lng=en
CHR StartupUrls: Default -> "hxxp://www.google.be/"
CHR DefaultSearchKeyword: Default -> inbox.com
CHR DefaultSuggestURL: Default -> http://www.inbox.com/s.aspx?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.6) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Documenten) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-18]
CHR Extension: (Google Drive) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-18]
CHR Extension: (YouTube) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-18]
CHR Extension: (Adblock Plus) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-14]
CHR Extension: (Google Zoeken) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-18]
CHR Extension: (AppsHat) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo [2013-09-30]
CHR Extension: (Google Wallet) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Gmail) - C:\Users\Tawny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-13] (Qualcomm Atheros Commnucations)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6265128 2014-09-16] (SecureMix LLC)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S2 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [5619000 2012-06-20] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [639576 2013-05-10] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-13] (Atheros) [File not signed]
S2 0063031365176699mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\006303~1.EXE -cleanup -nolog [X]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [X]
S2 McOobeSv2; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McSchedulerSvc; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-08-20] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-13] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-08-13] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-10-06] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-10-06] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-10-06] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-10-06] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2014-10-06] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-10-06] (G Data Software)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [32784 2014-09-12] (SecureMix LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-10-06] (G Data Software AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-05-26] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-21] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 19:13 - 2014-10-18 19:14 - 00022527 _____ () C:\Users\Tawny\Downloads\FRST.txt
2014-10-18 19:12 - 2014-10-18 19:13 - 00000000 ____D () C:\FRST
2014-10-18 19:11 - 2014-10-18 19:11 - 02112000 _____ (Farbar) C:\Users\Tawny\Downloads\FRST64.exe
2014-10-11 17:26 - 2014-10-11 17:27 - 00000205 _____ () C:\Users\Tawny\Desktop\Hotmail.url
2014-10-11 17:12 - 2014-10-11 17:12 - 00000000 ____D () C:\Users\Tawny\AppData\Roaming\G Data
2014-10-11 17:11 - 2014-10-11 17:11 - 00000000 ____D () C:\Users\Tawny\AppData\Local\G DATA
2014-10-11 16:59 - 2014-10-11 16:59 - 00427616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-11 16:36 - 2014-08-30 07:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-11 16:36 - 2014-08-30 07:47 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-11 16:36 - 2014-08-30 07:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-11 16:36 - 2014-08-30 06:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-11 16:36 - 2014-08-30 06:04 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-11 16:36 - 2014-08-30 06:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-11 16:36 - 2014-07-12 06:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-10-11 16:36 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-11 16:36 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-11 16:36 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-11 16:36 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-11 16:36 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-11 16:36 - 2014-07-12 06:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-10-11 16:36 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-11 16:36 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-11 16:36 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-11 16:36 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-11 16:36 - 2014-07-12 06:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-11 16:36 - 2014-07-12 02:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-11 16:36 - 2014-07-12 02:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-10-11 16:36 - 2014-07-09 00:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-10-11 16:36 - 2014-07-09 00:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-10-11 16:36 - 2014-07-09 00:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-10-11 16:36 - 2014-07-09 00:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-10-11 16:36 - 2014-07-07 07:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-10-11 16:36 - 2014-07-07 07:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-10-11 16:36 - 2014-07-04 12:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-10-11 16:36 - 2014-07-03 03:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-11 16:36 - 2014-07-03 02:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-11 16:36 - 2014-06-28 09:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-10-11 16:36 - 2014-06-28 08:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-11 16:36 - 2014-06-28 08:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-10-11 16:36 - 2014-06-25 09:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-11 16:36 - 2014-06-25 09:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-11 16:36 - 2014-06-18 01:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-11 16:36 - 2014-06-18 01:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-11 16:36 - 2014-06-13 01:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-11 16:36 - 2014-06-13 01:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-11 16:36 - 2014-06-11 16:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-11 16:36 - 2014-06-11 06:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-11 16:36 - 2014-06-11 00:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-11 16:36 - 2014-05-30 01:31 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-11 16:36 - 2014-05-30 01:03 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-11 16:36 - 2014-02-04 12:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-11 16:35 - 2014-08-02 00:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-11 16:35 - 2014-07-24 15:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-11 16:35 - 2014-07-17 01:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-10-11 16:35 - 2014-07-17 00:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-11 16:35 - 2014-07-17 00:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-10-11 16:35 - 2014-07-12 08:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-10-11 16:35 - 2014-07-12 06:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-11 16:35 - 2014-07-12 06:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-11 16:35 - 2014-07-12 06:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-11 16:35 - 2014-07-12 06:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-11 16:35 - 2014-06-28 08:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-10-11 16:35 - 2014-06-28 04:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-10-11 15:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-11 15:54 - 2014-10-11 15:54 - 01375089 _____ () C:\Users\Tawny\Downloads\AdwCleaner (1).exe
2014-10-11 15:37 - 2014-10-11 15:37 - 00019018 _____ () C:\Users\Tawny\Desktop\dds.txt
2014-10-11 15:37 - 2014-10-11 15:37 - 00009109 _____ () C:\Users\Tawny\Desktop\attach.txt
2014-10-11 15:34 - 2014-10-11 15:34 - 00688992 ____R (Swearware) C:\Users\Tawny\Downloads\dds.com
2014-10-11 15:33 - 2014-10-11 15:33 - 00000000 ____D () C:\Users\Tawny\AppData\Local\GlassWire
2014-10-11 15:31 - 2014-10-11 15:31 - 00000000 ____D () C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2014-10-11 15:31 - 2014-10-11 15:31 - 00000000 ____D () C:\ProgramData\GlassWire
2014-10-11 15:31 - 2014-10-11 15:31 - 00000000 ____D () C:\Program Files (x86)\GlassWire
2014-10-11 15:31 - 2014-09-12 07:17 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat
2014-10-11 15:31 - 2014-09-12 07:06 - 00032784 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2014-10-11 15:30 - 2014-10-11 15:30 - 16250472 _____ (SecureMix LLC) C:\Users\Tawny\Downloads\GlassWireSetup.exe
2014-10-10 08:16 - 2014-10-10 08:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-10-10 08:16 - 2014-10-10 08:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-10 08:16 - 2014-10-10 08:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-10-10 08:16 - 2014-10-10 08:16 - 00000000 ____D () C:\Users\Gast
2014-10-10 08:16 - 2014-10-10 08:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-10-10 08:16 - 2014-10-10 08:16 - 00000000 ____D () C:\Users\Administrator
2014-10-10 08:16 - 2014-10-10 08:16 - 00000000 ____D () C:\Program Files\Sony Corporation
2014-10-10 08:15 - 2014-10-10 08:15 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xperia Link.lnk
2014-10-08 08:57 - 2014-10-08 08:57 - 00000982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-10-07 15:36 - 2014-10-11 17:12 - 00000000 ____D () C:\Users\Tawny\AppData\Roaming\TeamViewer
2014-10-07 15:36 - 2014-10-07 15:36 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-07 15:36 - 2014-10-07 15:36 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-07 15:36 - 2014-10-07 15:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-07 15:35 - 2014-10-07 15:35 - 06626856 _____ (TeamViewer GmbH) C:\Users\Tawny\Downloads\TeamViewer_Setup_nl.exe
2014-10-07 15:35 - 2014-10-07 15:35 - 06626856 _____ (TeamViewer GmbH) C:\Users\Tawny\Downloads\TeamViewer_Setup_nl (3).exe
2014-10-07 15:35 - 2014-10-07 15:35 - 06626856 _____ (TeamViewer GmbH) C:\Users\Tawny\Downloads\TeamViewer_Setup_nl (2).exe
2014-10-07 15:35 - 2014-10-07 15:35 - 06626856 _____ (TeamViewer GmbH) C:\Users\Tawny\Downloads\TeamViewer_Setup_nl (1).exe
2014-10-06 14:08 - 2014-10-06 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2014-10-06 14:08 - 2014-10-06 14:08 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-10-06 14:08 - 2014-10-06 14:08 - 00001938 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2014-10-06 14:08 - 2014-10-06 14:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-09-18 13:13 - 2014-09-18 13:13 - 00000214 _____ () C:\Users\Tawny\Downloads\Royal Story NL.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 19:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-18 17:24 - 2013-04-18 15:35 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-18 17:04 - 2013-05-20 19:59 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913199786-2070250273-3966285727-1001UA.job
2014-10-18 16:57 - 2012-11-01 19:15 - 01386084 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 16:37 - 2014-04-14 18:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 16:37 - 2013-04-18 15:35 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 16:09 - 2012-11-01 18:58 - 00796920 _____ () C:\Windows\system32\perfh013.dat
2014-10-18 16:09 - 2012-11-01 18:58 - 00159176 _____ () C:\Windows\system32\perfc013.dat
2014-10-18 16:09 - 2012-07-26 09:28 - 01792392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 03:16 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-18 03:15 - 2013-04-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 14:48 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 09:29 - 2013-04-15 21:36 - 00000000 ____D () C:\Users\Tawny\AppData\Local\CrashDumps
2014-10-14 20:04 - 2013-05-20 19:59 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913199786-2070250273-3966285727-1001Core.job
2014-10-14 19:47 - 2012-07-26 09:21 - 00050701 _____ () C:\Windows\setupact.log
2014-10-14 15:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-12 16:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-10-12 16:26 - 2013-04-15 17:39 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2913199786-2070250273-3966285727-1001
2014-10-11 19:11 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-11 18:22 - 2013-04-30 07:00 - 00113416 _____ () C:\Users\Tawny\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-11 16:59 - 2012-08-03 04:22 - 00730112 _____ () C:\Windows\PFRO.log
2014-10-11 16:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-11 16:12 - 2014-05-02 14:03 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-10-11 16:03 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-10-11 16:02 - 2014-04-14 19:30 - 00000000 ____D () C:\AdwCleaner
2014-10-11 16:02 - 2013-09-30 20:21 - 00000000 ____D () C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-10-11 16:02 - 2013-04-18 15:36 - 00001270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-11 16:02 - 2013-04-18 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-11 16:02 - 2013-04-15 17:32 - 00000975 _____ () C:\Users\Tawny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-11 12:21 - 2013-09-30 18:35 - 00000000 ____D () C:\Update
2014-10-10 08:16 - 2013-04-15 17:31 - 00000000 ____D () C:\Users\Tawny\AppData\Local\Packages
2014-10-10 08:16 - 2012-11-01 19:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-10 08:16 - 2012-11-01 18:09 - 00000000 ____D () C:\Program Files\Sony
2014-10-10 08:15 - 2012-11-01 19:20 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-10-08 08:57 - 2012-11-01 18:14 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-06 14:17 - 2014-05-02 14:03 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-10-06 14:16 - 2012-11-01 19:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-06 14:09 - 2014-05-02 13:55 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-10-06 14:09 - 2014-01-31 19:49 - 00000000 ____D () C:\ProgramData\G Data
2014-10-06 14:08 - 2014-05-02 13:54 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-10-06 14:08 - 2014-05-02 13:54 - 00068608 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-10-06 14:08 - 2014-05-02 13:54 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-10-06 14:08 - 2014-05-02 13:54 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-10-06 14:08 - 2012-11-01 19:03 - 00956062 _____ () C:\Windows\DPINST.LOG
2014-09-28 10:28 - 2013-04-15 17:34 - 00000000 ____D () C:\Users\Tawny\AppData\Roaming\Atheros
2014-09-27 18:18 - 2013-06-07 18:25 - 00270848 ___SH () C:\Users\Tawny\Downloads\Thumbs.db
2014-09-26 22:32 - 2013-05-26 12:41 - 00077312 ___SH () C:\Users\Tawny\Documents\Thumbs.db
 
Some content of TEMP:
====================
C:\Users\Tawny\AppData\Local\Temp\APNSetup.exe
C:\Users\Tawny\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Tawny\AppData\Local\Temp\banner.exe
C:\Users\Tawny\AppData\Local\Temp\DefaultTabSetup2.exe
C:\Users\Tawny\AppData\Local\Temp\Delta.exe
C:\Users\Tawny\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Tawny\AppData\Local\Temp\fmp-2.0.7-win32.exe
C:\Users\Tawny\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tawny\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\Tawny\AppData\Local\Temp\ose00000.exe
C:\Users\Tawny\AppData\Local\Temp\propsys.dll
C:\Users\Tawny\AppData\Local\Temp\Quarantine.exe
C:\Users\Tawny\AppData\Local\Temp\rad422DD.tmp_update.exe
C:\Users\Tawny\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Tawny\AppData\Local\Temp\WSSetup.exe
C:\Users\Tawny\AppData\Local\Temp\_is6235.exe
C:\Users\Tawny\AppData\Local\Temp\_is76DA.exe
C:\Users\Tawny\AppData\Local\Temp\_isF7DE.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-12 16:27
 
==================== End Of Log ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Tawny at 2014-10-18 19:14:54
Running from C:\Users\Tawny\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{AF091FA7-20BF-49D4-4C98-4E4AD04D6FB3}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Armagetron Advanced 0.2.8.3.2 (HKLM-x32\...\Armagetron Advanced) (Version: 0.2.8.3.2 - Armagetron Advanced Team)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C1101}) (Version: 12.17.1.74 - APN, LLC) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1923 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5601.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.2 - G DATA Software AG)
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.25 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Intel AppUp® center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 43953 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2007 (x32 Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony PC Companion 2.10.174 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.174 - Sony)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{F8564AF8-30AE-4427-ACF3-69714E1BB656}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{23AE87D8-AB2F-4539-935C-442BC976F469}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail Packages (HKCU\...\Windows Live Mail Packages) (Version:  - ) <==== ATTENTION
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2913199786-2070250273-3966285727-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2913199786-2070250273-3966285727-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2913199786-2070250273-3966285727-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tawny\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2913199786-2070250273-3966285727-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tawny\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2913199786-2070250273-3966285727-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Tawny\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2913199786-2070250273-3966285727-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tawny\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2913199786-2070250273-3966285727-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tawny\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
11-10-2014 08:04:43 Gepland controlepunt
17-10-2014 06:10:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04A2C71D-4D28-46F1-982F-681779173BC0} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {09525FFF-F07F-4D9A-BEEF-D79F62D29D38} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {0ABB69CD-F55E-43BC-81D3-689AE247DC85} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {128E5966-3A44-4341-8277-42E968D9ABB1} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {1470FBEF-6FDF-4B1A-A571-9D40438268CB} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {1611CFDC-B0DB-470D-B210-A6737BE4FD09} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2913199786-2070250273-3966285727-1001UA => C:\Users\Tawny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-20] (Facebook Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C710D72-F658-4236-8854-3372BAC800AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {1E0CC576-8F37-4322-8C9A-03B68F9F4493} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {233DAC00-7B5C-4B1C-B1CB-ED3BC99B089B} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {26745810-403F-4C90-BD05-22FF7C415448} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {38CD6D84-7398-4E97-9103-5A86F291737C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {3A907D23-0B4C-46DD-83F3-E09083ECFA99} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {44264F42-DE61-4906-9061-FD87C617A3FD} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {5EE8B9C8-636F-4D20-AC61-774135E0BDC5} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {67ECA8C8-3070-4370-B5E9-36D20AFF5D9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {6AB971FF-CE2A-425F-8F6B-DAFA216D0DB7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {75E55891-C2D3-4C36-8CC1-4A80282732B7} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {77FA3C6B-EDCC-4390-9FAD-5EB77421806D} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {88CD41E9-94BA-47F1-A087-6D49A4F6D35C} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {8FDCED99-D680-40C3-82CA-F7A1D87FFF23} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {9057A2F5-16F4-4C44-A62A-7A3A82C587A4} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-21] (Synaptics Incorporated)
Task: {9F81C70E-36F8-4B77-887B-1E89E93556A9} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AA8389FA-8646-4DCD-BCFA-2D3B4B3E4BEB} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {AF0EB0A2-36E4-4B36-8194-ED11F2850FAD} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D301722A-D24C-4439-A93B-4EC2A0554C9E} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {D6A06A46-BA2E-4DA2-9AB6-7F55FA32FB4A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {DDB4F90C-C82C-4D27-838B-7EDC522E06CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {E263E65C-0F32-4B84-97B3-67CC09D95E05} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {E6BF7803-ACF4-442F-99EF-E7548F631222} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {E9A3F375-C5A3-492B-9B3C-3F729673229D} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EEFDCAEA-85EA-4ABB-93FD-D8DBE4D2C54A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2913199786-2070250273-3966285727-1001Core => C:\Users\Tawny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-20] (Facebook Inc.)
Task: {F358B918-8D1F-4877-A73D-4D2C95E65662} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {F7F02C98-2343-4D85-917F-852CFC423CE0} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {FC174188-E178-44FF-9A1A-DC918CC39A22} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913199786-2070250273-3966285727-1001Core.job => C:\Users\Tawny\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913199786-2070250273-3966285727-1001UA.job => C:\Users\Tawny\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2012-08-13 19:25 - 2012-08-13 19:25 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-13 19:19 - 2012-08-13 19:19 - 00020480 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\nl-NL\BtTray.nl-NL.dll
2012-08-06 13:54 - 2012-08-06 13:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-19 10:21 - 2013-11-19 10:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2013-04-19 06:40 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-11-01 19:11 - 2012-08-06 19:54 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-11-01 19:40 - 2013-04-15 21:49 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-09-25 06:26 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 06:26 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 06:26 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 06:26 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 06:26 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2012-11-01 19:51 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2913199786-2070250273-3966285727-500 - Administrator - Disabled)
Gast (S-1-5-21-2913199786-2070250273-3966285727-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2913199786-2070250273-3966285727-1003 - Limited - Enabled)
Tawny (S-1-5-21-2913199786-2070250273-3966285727-1001 - Administrator - Enabled) => C:\Users\Tawny
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2014 07:06:28 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 
Error: (10/18/2014 04:34:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Het activeren van de app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
 
Error: (10/18/2014 04:34:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma UNKNOWN, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 10dc
 
Starttijd: 01cfeae094d322fd
 
Eindtijd: 4294967295
 
Toepassingspad: UNKNOWN
 
Rapport-id: e02715fa-56d3-11e4-bed4-a41731c7d9e2
 
Volledige pakketnaam met fout: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
 
Relatieve toepassings-id van pakket met fout: Microsoft.WindowsLive.People
 
Error: (10/18/2014 04:34:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: VAIO)
Description: App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People is niet gestart binnen de toegewezen tijd.
 
Error: (10/17/2014 02:45:24 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 
Error: (10/17/2014 02:42:17 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 
Error: (10/17/2014 02:42:16 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 
Error: (10/17/2014 08:08:02 AM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 
Error: (10/17/2014 08:07:59 AM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 
Error: (10/17/2014 08:07:59 AM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 
 
System errors:
=============
Error: (10/18/2014 04:36:51 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (10/18/2014 04:34:38 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: Microsoft.WindowsLive.People.wwa
 
Error: (10/17/2014 02:53:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: De Energy Server Service-service is bij het starten vastgelopen.
 
Error: (10/17/2014 02:48:29 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: McAfee Content Filter-service is afhankelijk van deze service: mfefire. Deze service is mogelijk niet geïnstalleerd.
 
Error: (10/17/2014 02:48:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De McAfee PC Task Scheduler Service-service kan vanwege de volgende fout niet worden gestart: 
%%2
 
Error: (10/17/2014 02:48:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De McAfee OOBE Service2-service kan vanwege de volgende fout niet worden gestart: 
%%2
 
Error: (10/17/2014 02:48:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 7:57:59 op ‎17/‎10/‎2014 is onverwacht gebeurd.
 
Error: (10/15/2014 06:07:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: SampleCollector.
 
Error: (10/15/2014 06:07:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: SampleCollector.
 
Error: (10/14/2014 07:45:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: McAfee Content Filter-service is afhankelijk van deze service: mfefire. Deze service is mogelijk niet geïnstalleerd.
 
 
Microsoft Office Sessions:
=========================
Error: (05/17/2013 06:51:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 120605 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-03 19:09:16.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\BD9B8345.VAIOMessageCenter_1.0.0.8160_x64__05bme2bjq6sag\VAIOCentralSDKWrapper.winmd with signing level Unsigned while the system requires signing level 6 or better to load.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B980 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 4043.27 MB
Available physical RAM: 2017.53 MB
Total Pagefile: 8395.27 MB
Available Pagefile: 5491.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:434.09 GB) (Free:375.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D7BE9DD5)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Not sure when I can give the next response/


#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 18 October 2014 - 12:45 PM

Hi :)

 

 

Please describe what issues are present on that machine. I need to know what to search in those logs.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 18 October 2014 - 01:02 PM

Just a full clean up. It is slow

#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:49 PM

Posted 18 October 2014 - 01:17 PM

OK.



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 M. de Jager

M. de Jager
  • Topic Starter

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 18 October 2014 - 01:40 PM

Here you go:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8 x64
Ran by Tawny on za 18/10/2014 at 20:34:25,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update rightsurf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util rightsurf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RightSurf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RightSurf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateRightSurf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateRightSurf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilRightSurf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilRightSurf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\RightSurf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\RightSurf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4AC33066-4B6A-45D8-A5CF-468BAC12FBC9}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Tawny\appdata\local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 18/10/2014 at 20:39:47,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users