Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer shutting down during Antivirus scan


  • This topic is locked This topic is locked
67 replies to this topic

#1 Achaemenid

Achaemenid

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 19 March 2015 - 04:08 AM

System: Windows 7 pro (64 bit)

 

I checked out these two pages at bleeping:

 
================================
 
I ran CC cleaner. 
 
I ran Superantispyware. 
 
I was able to do a quick antivirus scan. I use MSE. 
 
I am able to do a Malwarebytes scan. 
 
But the next full MSE scan I tried to run, the computer shut down again. 
 
I ran GMER. The log is posted in the next post. 

Edited by Achaemenid, 19 March 2015 - 04:21 AM.


BC AdBot (Login to Remove)

 


m

#2 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 19 March 2015 - 04:10 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-19 14:43:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH50 465.76GB
Running: pyflhvpp.exe; Driver: C:\Users\g2\AppData\Local\Temp\uxtdqpob.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                         0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                           0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                         0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                         0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                            0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                     0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                            0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                     0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                           0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                         0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                           0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                              0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                           0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                         0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                     0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                     0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                           0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                             0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                           0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                           0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                              0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                       0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                              0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                       0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                             0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                  0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                           0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                             0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                             0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                           0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                       0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                       0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\Explorer.EXE[3584] C:\Windows\system32\IMM32.dll!ImmProcessKey                                                                                                                                         000007feff3839c8 14 bytes {JMP QWORD [RIP+0x0]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                 0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                   0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                 0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                 0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                    0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                             0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                    0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                             0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                   0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                        0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                 0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                   0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                      0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                   0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                 0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                             0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                             0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                        0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                          0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                        0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                        0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                           0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                    0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                           0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                    0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                          0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                               0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                        0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                          0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                             0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                          0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                        0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                    0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                    0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                              0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                              0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                              0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                 0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                 0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                     0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                   0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                    0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                      0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                    0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                    0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                       0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                       0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                      0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                           0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                    0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                      0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                         0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                      0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                    0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                     0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                       0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                     0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                     0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                        0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                 0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                        0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                 0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                       0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                            0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                     0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                       0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                          0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                       0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                     0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                 0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                 0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe[5764] C:\Windows\system32\IMM32.DLL!ImmProcessKey                                                                                                        000007feff3839c8 14 bytes {JMP QWORD [RIP+0x0]}
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                          0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                            0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                          0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                          0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                             0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                      0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                             0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                      0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                            0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                 0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                          0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                            0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                               0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                            0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                          0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                      0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                      0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                             0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                               0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                             0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                             0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                         0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                         0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                               0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                    0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                             0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                               0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                  0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                               0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                             0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                         0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                         0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                  0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                    0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                  0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                  0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                     0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                              0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                     0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                              0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                    0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                         0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                  0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                    0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                       0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                    0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                  0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                              0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                              0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                         0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                           0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                         0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                         0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                     0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                     0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                           0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                         0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                           0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                           0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                         0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                     0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[6920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                     0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                  0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                   0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                            0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                   0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                            0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                  0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                       0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                  0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                     0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                  0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                            0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                            0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                      0000000076c11401 2 bytes JMP 76d3b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                        0000000076c11419 2 bytes JMP 76d3b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                      0000000076c11431 2 bytes JMP 76db8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                      0000000076c1144a 2 bytes CALL 76d148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                               * 9
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                         0000000076c114dd 2 bytes JMP 76db87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                  0000000076c114f5 2 bytes JMP 76db8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                         0000000076c1150d 2 bytes JMP 76db8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                  0000000076c11525 2 bytes JMP 76db8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                        0000000076c1153d 2 bytes JMP 76d2fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                             0000000076c11555 2 bytes JMP 76d368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                      0000000076c1156d 2 bytes JMP 76db8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                        0000000076c11585 2 bytes JMP 76db8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                           0000000076c1159d 2 bytes JMP 76db865c C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                        0000000076c115b5 2 bytes JMP 76d2fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                      0000000076c115cd 2 bytes JMP 76d3b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                  0000000076c116b2 2 bytes JMP 76db8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe[5124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                  0000000076c116bd 2 bytes JMP 76db85f1 C:\Windows\syswow64\kernel32.dll
 
---- User IAT/EAT - GMER 2.1 ----
 
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlUnlockHeap]                                                                                                  [7feeea98164] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlSizeHeap]                                                                                                    [7feeea98260] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlReAllocateHeap]                                                                                              [7feeea973ec] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlLockHeap]                                                                                                    [7feeea980e8] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlFreeHeap]                                                                                                    [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlAllocateHeap]                                                                                                [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlCreateHeap]                                                                                                  [7feeea97e84] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlDestroyHeap]                                                                                                 [7feeea98048] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlExitUserProcess]                                                                                             [7feeea982e4] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlAllocateHeap]                                                                                              [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlFreeHeap]                                                                                                  [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlExitUserProcess]                                                                                           [7feeea982e4] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlReAllocateHeap]                                                                                            [7feeea973ec] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlLockHeap]                                                                                                  [7feeea980e8] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlUnlockHeap]                                                                                                [7feeea98164] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlCreateHeap]                                                                                                [7feeea97e84] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlDestroyHeap]                                                                                               [7feeea98048] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlValidateHeap]                                                                                              [7feeea981c0] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!RtlWalkHeap]                                                                                                  [7feeea98054] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueA]                                                                                              [7feeea4bd9c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExA]                                                                                               [7feeea4bc64] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress]                                                                                               [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!DeleteFileW]                                                                                                  [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!CreateFileW]                                                                                                  [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegOpenKeyExA]                                                                                                [7feeea4b864] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueW]                                                                                              [7feeea4be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExW]                                                                                               [7feeea4bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ole32.dll[ntdll.dll!RtlFreeHeap]                                                                                                       [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ole32.dll[ntdll.dll!RtlAllocateHeap]                                                                                                   [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ole32.dll[ntdll.dll!RtlReAllocateHeap]                                                                                                 [7feeea973ec] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\GDI32.dll[ntdll.dll!RtlFreeHeap]                                                                                                       [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\GDI32.dll[ntdll.dll!RtlAllocateHeap]                                                                                                   [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW]                                                                                                      [7feeea4a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW]                                                                                                    [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW]                                                                                                    [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[ntdll.dll!RtlFreeHeap]                                                                                                      [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[ntdll.dll!RtlAllocateHeap]                                                                                                  [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[ntdll.dll!RtlReAllocateHeap]                                                                                                [7feeea973ec] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[ntdll.dll!RtlSizeHeap]                                                                                                      [7feeea98260] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW]                                                                                                 [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW]                                                                                               [7feeea4b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW]                                                                                                [7feeea4bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress]                                                                                                [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW]                                                                                                   [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!RtlFreeHeap]                                                                                                      [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!RtlAllocateHeap]                                                                                                  [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite]                                                                                                     [7feeea4ac74] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW]                                                                                                 [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA]                                                                                                 [7feeea4a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW]                                                                                                 [7feeea4aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW]                                                                                                   [7feeea4a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA]                                                                                                 [7feeea4a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW]                                                                                              [7feeea4bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW]                                                                                             [7feeea4be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW]                                                                                             [7feeea4b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW]                                                                                               [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW]                                                                                                   [7feeea4a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW]                                                                                                 [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW]                                                                                          [7feeea4ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW]                                                                                                 [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW]                                                                                             [7feeea4b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW]                                                                                               [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW]                                                                                              [7feeea4bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW]                                                                                             [7feeea4be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!RtlAllocateHeap]                                                                                                [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!RtlFreeHeap]                                                                                                    [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!RtlReAllocateHeap]                                                                                              [7feeea973ec] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW]                                                                                                   [7feeea4a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW]                                                                                                 [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW]                                                                                                 [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\SYSTEM32\sechost.dll[ntdll.dll!RtlFreeHeap]                                                                                                     [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\SYSTEM32\sechost.dll[ntdll.dll!RtlAllocateHeap]                                                                                                 [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OPENGL32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OPENGL32.dll[ADVAPI32.dll!RegOpenKeyExW]                                                                                               [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OPENGL32.dll[ADVAPI32.dll!RegQueryValueExW]                                                                                            [7feeef1f43c] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\OPENGL32.dll[ADVAPI32.dll!RegCloseKey]                                                                                                 [7feeef1f4d0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\DDRAW.dll[KERNEL32.dll!CreateFileA]                                                                                                    [7feeea4a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\DDRAW.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\DCIMAN32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress]                                                                                                [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!DeleteFileW]                                                                                                 [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!CreateFileW]                                                                                                 [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW]                                                                                                  [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW]                                                                                                  [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW]                                                                                           [7feeea4ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA]                                                                                           [7feeea4add4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress]                                                                                               [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA]                                                                                                  [7feeea4a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!CreateFileW]     [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!GetProcAddress]  [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHELL32.dll[ntdll.dll!RtlFreeHeap]                                                                                                     [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW]                                                                                                    [7feeea4a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW]                                                                                                  [7feeea4aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW]                                                                                                    [7feeea4a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW]                                                                                                 [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW]                                                                                                 [7feeea4aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW]                                                                                          [7feeea4ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW]                                                                                                   [7feeea4a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW]                                                                                                 [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\oledlg.dll[ntdll.dll!RtlFreeHeap]                                                                                                      [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\oledlg.dll[ntdll.dll!RtlAllocateHeap]                                                                                                  [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\oledlg.dll[KERNEL32.dll!CreateFileW]                                                                                                   [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\oledlg.dll[KERNEL32.dll!GetProcAddress]                                                                                                [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\oledlg.dll[ADVAPI32.dll!RegOpenKeyExW]                                                                                                 [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!CreateFileW]              [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!CreateFileA]              [7feeea4a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!GetProcAddress]           [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress]                                                                                                   [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SspiCli.dll[ntdll.dll!RtlFreeHeap]                                                                                                     [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\SspiCli.dll[ntdll.dll!RtlAllocateHeap]                                                                                                 [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\sfc_os.DLL[ntdll.dll!RtlFreeHeap]                                                                                                      [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\sfc_os.DLL[ntdll.dll!RtlReAllocateHeap]                                                                                                [7feeea973ec] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\sfc_os.DLL[ntdll.dll!RtlAllocateHeap]                                                                                                  [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress]                                                                                                [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW]                                                                                              [7feeea4ad5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW]                                                                                                  [7feeea4aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile]                                                                                                       [7feeea4aae8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW]                                                                                                    [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress]                                                                                                 [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!GetProcAddress]                                                                                         [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!CreateFileW]                                                                                            [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!RegOpenKeyExW]                                                                                          [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!RtlAllocateHeap]                                                                                               [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!RtlFreeHeap]                                                                                                   [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINTRUST.dll[ntdll.dll!RtlFreeHeap]                                                                                                    [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINTRUST.dll[ntdll.dll!RtlAllocateHeap]                                                                                                [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!SetFileAttributesW]                                                                                          [7feeea4ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!CreateFileW]                                                                                                 [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPT32.dll[ntdll.dll!RtlAllocateHeap]                                                                                                 [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPT32.dll[ntdll.dll!RtlFreeHeap]                                                                                                     [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileA]                                                                                                  [7feeea4a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!DeleteFileW]                                                                                                  [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!SetFileAttributesW]                                                                                           [7feeea4ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileW]                                                                                                  [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress]                                                                                               [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[ntdll.dll!RtlAllocateHeap]                                                                                                 [7feeea971cc] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[ntdll.dll!RtlFreeHeap]                                                                                                     [7feeea97a7c] C:\Windows\AppPatch\AppPatch64\AcXtrnal.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW]                                                                                              [7feeea4be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW]                                                                                              [7feeea4b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW]                                                                                               [7feeea4bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW]                                                                                                [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW]                                                                                                  [7feeea4aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW]                                                                                                  [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW]                                                                                           [7feeea4ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW]                                                                                                    [7feeea4a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW]                                                                                                  [7feeea4a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress]                                                                                               [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!CreateFileW]                                                                                                 [7feeea4a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\System32\audioses.dll[KERNEL32.dll!GetProcAddress]                                                                                              [7fefd2e4230] C:\Windows\system32\apphelp.dll
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\System32\audioses.dll[ADVAPI32.dll!RegSetValueExW]                                                                                              [7feeea4bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\System32\audioses.dll[ADVAPI32.dll!RegOpenKeyExW]                                                                                               [7feeea4b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\System32\audioses.dll[ADVAPI32.dll!RegDeleteValueW]                                                                                             [7feeea4be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
IAT    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] @ C:\Windows\System32\audioses.dll[ADVAPI32.dll!RegCreateKeyExW]                                                                                             [7feeea4b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
 
---- Registry - GMER 2.1 ----
 
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8daf303f6                                                                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd1008a                                                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8daf303f6 (not active ControlSet)                                                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd1008a (not active ControlSet)                                                                                                                   
 
---- EOF - GMER 2.1 ----


#3 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 19 March 2015 - 04:13 AM

Here is the FRST log, part 1

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by g2 (administrator) on G2-VAIO on 19-03-2015 15:55:49
Running from C:\Users\g2\Desktop\WIPER\PROGRAMS
Loaded Profiles: g2 (Available profiles: boinc_master & g2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(EMTEC) C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
() C:\Users\g2\Desktop\WIPER\PROGRAMS\GMER\pyflhvpp.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-16] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-16] (QFX Software Corporation)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {84e7a181-d78d-11e3-a1a5-f0bf975a39df} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {a12da19a-5dfe-11e4-920b-c0f8daf303f6} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {dbd834e7-66ca-11e4-8190-f0bf975a39df} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {e8be39f2-d792-11e3-b543-f0bf975a39df} - U:\Emtec.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk
ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 203.144.206.29 203.144.206.49
Tcpip\..\Interfaces\{078FEFC6-B447-49B3-A3F0-083FD6572DC1}: [NameServer] 10.4.0.1
Tcpip\..\Interfaces\{17DAB472-8A82-41B7-B1E9-E4F5E63406E1}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DFCEFB80-BB55-447B-81AF-92826A8CB8D4}: [NameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-11-04] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-11-04] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://whatismyipaddress.com/
CHR StartupUrls: Default -> "hxxp://whatismyipaddress.com/"
CHR DefaultSearchKeyword: Default -> %7bsearchterms%7d
CHR DefaultSearchURL: Default -> http://{searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Torrent Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-01-09]
CHR Extension: (Google Drive) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (The Pirate Bay Redirector) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnminlhlpmekadljcjaogaaodpmlpkmk [2015-01-09]
CHR Extension: (Google Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Gmail) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR HKU\S-1-5-21-1348773421-1561231600-761306792-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-02-27] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-03] (Digital Delivery Networks, Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-06-13] (Power Admin LLC) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-19] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-01] ()
U2 MSSQL$DDNI; No ImagePath
U3 uxtdqpob; \??\C:\Users\g2\AppData\Local\Temp\uxtdqpob.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 15:55 - 2015-03-19 15:55 - 00000000 ____D () C:\FRST
2015-03-19 14:43 - 2015-03-19 14:43 - 00113257 _____ () C:\Users\g2\Desktop\GMER log.log
2015-03-19 08:18 - 2015-03-19 10:43 - 00000336 _____ () C:\Windows\setupact.log
2015-03-19 08:18 - 2015-03-19 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-17 21:24 - 2015-03-19 13:24 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a.job
2015-03-17 21:24 - 2015-03-18 15:46 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6.job
2015-03-17 21:24 - 2015-03-17 21:24 - 00003570 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6
2015-03-17 21:24 - 2015-03-17 21:24 - 00003496 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a
2015-03-17 21:23 - 2015-03-17 21:23 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 21:22 - 2015-03-17 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-17 21:22 - 2015-03-17 21:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-17 21:22 - 2015-03-17 21:22 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-03-17 21:22 - 2015-03-17 21:22 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-17 20:34 - 2015-03-17 20:36 - 00002158 _____ () C:\Users\g2\Desktop\Rkill.txt
2015-03-17 19:41 - 2015-03-17 19:44 - 00000860 _____ () C:\Users\g2\Desktop\NON OPENVPN NUMBERS THAT CONNECT.txt
2015-03-17 01:30 - 2015-03-17 01:30 - 00000786 _____ () C:\Users\g2\Desktop\ADD TO CM FLYER.txt
2015-03-16 11:35 - 2015-03-16 11:35 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-16 11:35 - 2015-03-16 11:35 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-16 11:35 - 2015-03-16 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-16 11:35 - 2015-03-16 11:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-16 07:53 - 2015-03-16 07:53 - 00000150 _____ () C:\Users\g2\Desktop\COPY AND POST TO BYZ SITES.txt
2015-03-16 05:41 - 2015-03-16 05:41 - 00000168 _____ () C:\Users\g2\Desktop\CH EMAIL SEBASTIEN.txt
2015-03-16 04:32 - 2015-03-16 04:32 - 00000000 ____D () C:\Users\g2\Desktop\DELETE ZOHO
2015-03-15 04:03 - 2015-03-15 04:03 - 00000084 _____ () C:\Users\g2\Desktop\GEHEIM DATENVERARBEITER.txt
2015-03-14 19:29 - 2015-03-14 19:29 - 00000180 _____ () C:\Users\g2\Desktop\OPENOFFICE TUTORIAL.txt
2015-03-14 10:22 - 2015-03-14 10:22 - 00000106 _____ () C:\Users\g2\Desktop\SEXUAL ESCALATION.txt
2015-03-14 02:53 - 2015-03-14 02:53 - 01328084 _____ () C:\Users\g2\Desktop\pg3600.epub
2015-03-14 02:40 - 2015-03-14 02:40 - 00000156 _____ () C:\Users\g2\Desktop\HOW STUFF WORKS.txt
2015-03-11 10:03 - 2015-02-24 10:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 10:03 - 2015-02-24 09:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 10:03 - 2015-02-21 07:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 10:03 - 2015-02-21 07:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 10:03 - 2015-02-21 07:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 10:03 - 2015-02-21 07:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 10:03 - 2015-02-21 06:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:03 - 2015-02-21 06:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 10:03 - 2015-02-20 10:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:03 - 2015-02-20 10:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 10:03 - 2015-02-20 09:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 10:03 - 2015-02-20 09:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:03 - 2015-02-20 09:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 10:03 - 2015-02-20 09:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:03 - 2015-02-20 09:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 10:03 - 2015-02-20 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:03 - 2015-02-20 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 10:03 - 2015-02-20 09:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 10:03 - 2015-02-20 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:03 - 2015-02-20 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 10:03 - 2015-02-20 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 10:03 - 2015-02-20 09:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:03 - 2015-02-20 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 10:03 - 2015-02-20 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 10:03 - 2015-02-20 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:03 - 2015-02-20 09:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 10:03 - 2015-02-20 09:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 10:03 - 2015-02-20 09:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 10:03 - 2015-02-20 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:03 - 2015-02-20 09:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 10:03 - 2015-02-20 09:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 10:03 - 2015-02-20 09:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 10:03 - 2015-02-20 08:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 10:03 - 2015-02-20 08:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 10:03 - 2015-02-20 08:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 10:03 - 2015-02-20 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:03 - 2015-02-20 08:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 10:03 - 2015-02-20 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 10:03 - 2015-02-20 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:03 - 2015-02-20 08:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:03 - 2015-02-20 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 10:03 - 2015-02-20 08:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 10:03 - 2015-02-20 08:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 10:03 - 2015-02-20 08:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:03 - 2015-02-20 08:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 10:03 - 2015-02-20 08:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 10:03 - 2015-02-20 08:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 10:03 - 2015-02-20 08:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:03 - 2015-02-20 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 10:03 - 2015-02-20 08:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 10:03 - 2015-02-20 07:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 10:03 - 2015-02-20 07:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 10:03 - 2015-02-03 10:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:03 - 2015-02-03 10:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 10:03 - 2015-02-03 10:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 10:03 - 2015-02-03 10:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 10:03 - 2015-02-03 10:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 10:03 - 2015-02-03 10:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 10:03 - 2015-02-03 10:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

FRST LOG PART 2

 

 
2015-03-11 10:03 - 2015-02-03 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 10:03 - 2015-02-03 10:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 10:03 - 2015-02-03 10:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 10:03 - 2015-02-03 10:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 10:03 - 2015-02-03 10:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 10:03 - 2015-02-03 10:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 10:03 - 2015-02-03 10:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 10:03 - 2015-02-03 10:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 10:03 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 10:03 - 2015-02-03 10:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 10:03 - 2015-02-03 10:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 10:03 - 2015-02-03 10:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 10:03 - 2015-02-03 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 10:03 - 2015-02-03 10:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 10:03 - 2015-02-03 09:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 10:03 - 2014-11-01 05:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 10:02 - 2015-02-21 08:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:02 - 2015-02-20 11:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 10:02 - 2015-02-20 11:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 10:02 - 2015-02-20 10:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:02 - 2015-02-20 10:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 10:02 - 2015-02-03 10:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 10:02 - 2015-02-03 10:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 10:02 - 2015-01-31 10:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 10:02 - 2015-01-31 10:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 10:02 - 2015-01-31 06:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 10:01 - 2015-03-06 12:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 10:01 - 2015-03-06 12:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 10:01 - 2015-03-06 12:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 10:01 - 2015-03-06 12:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 10:01 - 2015-03-06 12:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 10:01 - 2015-03-06 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 10:01 - 2015-03-06 12:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 10:01 - 2015-03-06 12:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 10:01 - 2015-03-06 12:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 10:01 - 2015-03-06 12:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 10:01 - 2015-03-06 12:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 10:01 - 2015-03-06 12:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 10:01 - 2015-03-06 12:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 10:01 - 2015-02-13 12:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:01 - 2015-02-03 10:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:01 - 2015-02-03 10:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 10:01 - 2015-01-31 06:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 10:00 - 2015-02-26 10:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:00 - 2015-02-13 12:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 10:00 - 2015-02-04 10:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:00 - 2015-02-04 09:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 10:00 - 2015-01-17 09:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:00 - 2015-01-17 09:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 11:53 - 2015-03-10 11:53 - 00000508 _____ () C:\Users\g2\Desktop\COMPUTER SHUTTING DOWN.txt
2015-03-10 09:33 - 2015-03-10 09:34 - 00000102 _____ () C:\Users\g2\Desktop\NEW GEHEIM ZOHO KENNWORT.txt
2015-03-10 09:00 - 2015-03-17 22:04 - 00000218 _____ () C:\Users\g2\Desktop\MARXIAN ECONOMICS COURSE.txt
2015-03-09 05:28 - 2015-03-15 04:41 - 00000402 _____ () C:\Users\g2\Desktop\KNARR MAINTENANCE.txt
2015-03-09 04:55 - 2015-03-09 05:08 - 00000392 _____ () C:\Users\g2\Desktop\YOUTUBE GF SITES.txt
2015-03-08 12:02 - 2015-03-08 12:02 - 00000088 _____ () C:\Users\g2\Desktop\EAR TRAINING SITE.txt
2015-03-08 02:22 - 2015-03-08 02:22 - 00000000 ____D () C:\Users\g2\Desktop\FREE MOVIES
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8
2015-03-06 00:53 - 2015-03-06 00:53 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-03-05 03:10 - 2015-03-05 03:11 - 00000000 ____D () C:\Users\g2\Desktop\MARX ECON AND PHILOS MSS
2015-03-02 21:17 - 2015-03-02 21:17 - 00000943 _____ () C:\Users\g2\Desktop\Verse Perfect.lnk
2015-03-02 21:17 - 2015-03-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect
2015-03-02 21:17 - 2015-03-02 21:17 - 00000000 ____D () C:\Program Files (x86)\VersePerfect
2015-03-02 20:41 - 2015-03-02 20:41 - 00001736 _____ () C:\Users\g2\Desktop\OBJECT WRITING.txt
2015-02-28 09:18 - 2015-02-28 09:18 - 00000242 _____ () C:\Users\g2\Desktop\byz pol poss ally.txt
2015-02-27 12:46 - 2015-02-27 12:46 - 00018944 _____ (Softland) C:\Windows\system32\novamn8.dll
2015-02-27 12:46 - 2015-02-27 12:46 - 00015872 _____ (Softland) C:\Windows\system32\novami8.dll
2015-02-27 04:25 - 2015-02-27 04:25 - 00000138 _____ () C:\Users\g2\Desktop\SCHMUCK verkaufen TIP.txt
2015-02-27 01:43 - 2015-02-27 01:43 - 00000258 _____ () C:\Users\g2\Desktop\TO JOIN BYZ RELATED.txt
2015-02-25 19:35 - 2015-01-09 06:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:35 - 2015-01-09 06:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 01:07 - 2015-02-20 01:07 - 00000198 _____ () C:\Users\g2\Desktop\LINUX UBUNTU DEBIAN TAILS.txt
2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-02-19 05:04 - 2015-02-19 05:08 - 00006824 _____ () C:\Users\g2\Desktop\NSA SPYWARE ON HD'S.txt
2015-02-17 20:31 - 2015-02-06 00:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-17 20:29 - 2015-02-06 04:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-17 20:29 - 2015-02-06 04:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-17 20:29 - 2015-02-06 04:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-17 02:32 - 2015-02-25 02:07 - 00000186 _____ () C:\Users\g2\Desktop\website name.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 15:52 - 2014-05-09 20:12 - 01451109 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 15:05 - 2014-05-12 00:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 14:51 - 2014-05-10 03:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 14:33 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\tracing
2015-03-19 10:50 - 2009-07-14 11:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 10:50 - 2009-07-14 11:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 10:42 - 2014-11-16 06:51 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-19 10:42 - 2014-06-13 14:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 10:42 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 09:29 - 2014-05-09 22:28 - 00000000 ____D () C:\Users\g2\Desktop\WIPER
2015-03-19 08:28 - 2014-05-10 00:45 - 00000000 ____D () C:\Users\g2\AppData\Roaming\Skype
2015-03-19 08:23 - 2014-05-10 01:10 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SoftGrid Client
2015-03-18 21:28 - 2015-02-07 01:43 - 00000626 _____ () C:\Users\g2\Desktop\PROTON RESERVATION GEHEIM EMAIL.txt
2015-03-18 20:35 - 2015-02-09 01:47 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SlimBrowser
2015-03-18 16:07 - 2014-05-09 22:19 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{366FA3D7-3A46-4571-8035-21FA6273315F}
2015-03-16 11:37 - 2011-01-12 10:06 - 00000000 ____D () C:\Windows\Panther
2015-03-16 05:20 - 2015-01-23 23:10 - 00000000 ____D () C:\Users\g2\Desktop\MARCUS AURELIUS
2015-03-15 10:59 - 2014-09-08 08:07 - 00000000 ____D () C:\Users\g2\AppData\Roaming\Audacity
2015-03-14 02:05 - 2009-07-14 12:13 - 00782940 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 03:06 - 2014-05-12 00:51 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 03:03 - 2015-01-08 12:55 - 00000000 ____D () C:\Users\g2\Desktop\MUSIC SONGS CM 2014-1015
2015-03-12 16:22 - 2015-02-08 12:42 - 00000000 ____D () C:\Users\g2\Desktop\PHOTOS NEW SEA
2015-03-12 02:22 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 10:38 - 2014-05-09 22:16 - 00000000 ___RD () C:\Users\g2\Virtual Machines
2015-03-11 10:32 - 2009-07-14 11:45 - 00334488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 10:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 10:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 10:11 - 2014-05-13 16:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:06 - 2014-05-13 16:23 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 10:30 - 2015-01-02 22:32 - 00000654 _____ () C:\Users\g2\Desktop\METRONOME.txt
2015-03-08 08:18 - 2015-02-08 13:29 - 00000228 _____ () C:\Users\g2\Desktop\SPAN REVIEW AND DELETE.txt
2015-03-08 08:17 - 2014-05-19 22:06 - 00000000 ____D () C:\Users\g2\Desktop\MATCH HEAVEN
2015-03-08 05:57 - 2014-09-13 23:39 - 00000000 ____D () C:\Users\g2\Desktop\BANK  STUFF
2015-03-06 14:13 - 2014-08-31 04:26 - 00003556 _____ () C:\Windows\System32\Tasks\doPDF Update
2015-03-06 14:13 - 2014-08-13 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 14:12 - 2014-08-31 04:25 - 00000000 ____D () C:\Program Files\Softland
2015-03-06 10:41 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-06 04:49 - 2014-05-12 09:08 - 00000000 ____D () C:\Update
2015-03-06 00:53 - 2014-05-12 09:15 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-03-06 00:53 - 2011-01-12 23:48 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-06 00:52 - 2011-01-12 10:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-03 20:17 - 2014-05-09 20:47 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-26 21:17 - 2009-07-14 12:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 02:07 - 2014-09-06 02:23 - 00000000 ____D () C:\Users\g2\Desktop\DNS
2015-02-24 05:53 - 2014-07-04 17:09 - 00001282 _____ () C:\Users\g2\Desktop\THINGS I HATE.txt
2015-02-19 21:20 - 2014-05-11 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-02-19 21:20 - 2014-05-11 17:39 - 00000000 ____D () C:\Program Files (x86)\KeyScrambler
2015-02-19 15:29 - 2014-11-04 04:09 - 00001063 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-02-17 20:32 - 2014-06-13 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2014-10-31 10:09 - 2014-10-31 07:35 - 0005962 _____ () C:\Program Files\frootvpn.ovpn
2014-08-26 02:30 - 2014-10-29 10:09 - 0000600 _____ () C:\Users\g2\AppData\Local\PUTTY.RND
2014-05-13 17:41 - 2014-09-24 23:02 - 0007620 _____ () C:\Users\g2\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 04:59
 
==================== End Of Log ============================


#4 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 19 March 2015 - 04:17 AM

Here is the addition log, part 1:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by g2 at 2015-03-19 15:56:29
Running from C:\Users\g2\Desktop\WIPER\PROGRAMS
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat  9 Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.390 - ArcSoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.297 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF (Version: 8.2.929 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{599893a2-098b-4db8-8bc2-5e5f51edc0e1}) (Version: 8.2.929 - Softland)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.115 - FlashPeak Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{A652C696-8733-4681-820C-95465A19512B}) (Version: 6.2.1.618 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McGill English Dictionary of Rhyme & Verse Perfect 2.0 (HKLM-x32\...\McGill English Dictionary of Rhyme with VersePer~286A7AE6_is1) (Version:  - Bryant McGill / McGill International)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.11220 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{17E7C163-EB00-4829-B5FC-F5FB92D22163}) (Version: 8.2.929 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{C4327631-0186-4EFF-A504-D468CB087D01}) (Version: 8.2.929 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{48CFCB4B-0488-4711-B54E-E8E3F5929166}) (Version: 8.2.929 - Softland)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
OOBE (x32 Version: 3.10.0715 - Sony Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.3.6-I601  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I601 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.5.00.11260 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.4.01.11290 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.4.00.09190 - Sony Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Remote Keyboard with PlayStation 3 (x32 Version: 1.0.2.06170 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Remote Play with PlayStation®3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.1 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.11.4.20100722.2739 - Sony Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Transfer Utility (HKLM-x32\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 2.05.251 - PIXELA)
VAIO - Media Gallery (x32 Version: 1.3.0.11220 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.4.00.10090 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.4.01.11300 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (x32 Version: 4.3.0.05310 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.2.0.06080 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.2.0.07020 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}) (Version: 12.00.0622 - Sony Corporation)
VAIO Manual (x32 Version: 1.1.0.05280 - Sony Corporation) Hidden
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.2.0.06230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
05-03-2015 22:56:49 Windows Update
06-03-2015 00:51:57 Removed VAIO Update
06-03-2015 00:52:41 Installed VAIO Update
06-03-2015 14:11:14 doPDF 8
10-03-2015 08:01:02 Windows Update
11-03-2015 10:04:19 Windows Update
15-03-2015 03:47:40 Windows Update
19-03-2015 08:31:47 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {009F3CA0-7F90-4F98-A9D6-BD979A87CCEA} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-22] (Sony Corporation)
Task: {03795924-D467-4245-A5F8-56EEBE4B5911} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {03A00C0E-EDB1-4CA4-86AC-0014EF4A9075} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {03ED3188-E2E6-45E3-9A54-854680F8BB01} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {18C705F6-843D-4476-B443-EBE0FA044DD3} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-06-09] (Sony Corporation)
Task: {1C1D1BC4-2ECA-4748-A793-24AF098C72F4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {1CC37DDF-DCCA-4897-BA76-4A2FBE012312} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {274F1CD4-0F78-4506-8D24-62EE5B860506} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2A786338-2AD2-49FC-A5A6-9B57D001252D} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-27] (Sony Corporation)
Task: {3476F68D-6FA2-46D2-994A-D8A914BD0752} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-18] (Sony Corporation)
Task: {421EA4A1-9697-4FE9-8A97-62A8EAF63F7F} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-06-09] (Sony Corporation)
Task: {44283354-C581-4D50-897A-25FCC4ECE851} - System32\Tasks\VAIO® Messenger (g2) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {508DE750-D2C3-4DE4-9E72-29E125ED7E70} - System32\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {57D1DFC3-0280-42A4-BEB7-A15321791C4E} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {58436A3E-5973-42B2-A09E-9B2C3EFCCA0B} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-22] (Sony Corporation)
Task: {5A605BD9-3301-49FC-BD26-FD1E857035F2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C8F7116-C263-44C6-936A-93ADBF98C496} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-27] ()
Task: {76DEF81B-7518-4841-96BE-9A8DE0DA4784} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {7893D3A4-E40D-4C66-AEFC-59894E775D3E} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {82F06F3C-B96E-416B-8A6D-9399A57BC049} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8F308D81-9DAA-4B6E-9297-5596C2DBFB76} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {9BA6A071-F0D5-4191-97EF-0E1C728AEA38} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A4CB673F-0241-4AEF-9F2C-92A6119E24F5} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-02-27] ()
Task: {A67322C6-0CFF-406D-ABEA-1B1B1A845421} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {A8FFBDCA-1F11-4EC9-9AA4-8BC9D4D120A0} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {A9E10021-534E-4E87-96C2-CE6EF3A933D4} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-27] (Sony Corporation)
Task: {B0C2ABA7-805A-43CF-BF73-D0A00541B9F7} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-22] (Sony Corporation)
Task: {BA066103-E989-46E8-BF06-16F1E9294A5D} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {CDA1B9CC-D10A-4D1C-B3BE-5F47635C2D56} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D2D2E712-B634-4835-B6AC-BC8479112F20} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D50FA64F-81D0-43CE-9283-D15C82FAF0D1} - System32\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {D63A70EF-9B03-4F4E-AB72-986347135897} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D9D136AE-6CBE-45A8-BAC3-F34291D1CC37} - System32\Tasks\{85DD2123-2F0A-4528-87AC-D9B9E7748B84} => pcalua.exe -a "C:\Users\boinc_master\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe" -d "C:\Users\boinc_master\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller"
Task: {DD5E292B-26FB-4CBC-9A1C-9C9144EECC1A} - System32\Tasks\{D8DDA1A3-D6CE-4CA9-88AC-A31E431FFF53} => Chrome.exe http://ui.skype.com/ui/0/7.0.85.102/en/abandoninstall?page=tsProgressBar
Task: {E21C1251-2367-4FE4-8F67-3B12ED2856F3} - System32\Tasks\{CAE01C1C-74C3-4E20-B5A0-AE59C00EABC9} => pcalua.exe -a "C:\Users\g2\Desktop\WIPER\PROGRAMS\SONY LAPTOP UPDATES\sony laptop bios update\AIBSYS-00241404-1040.EXE" -d "C:\Users\g2\Desktop\WIPER\PROGRAMS\SONY LAPTOP UPDATES\sony laptop bios update"
Task: {E818B474-23FA-4602-B611-638D65CBE362} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {E84C1013-6BEC-4474-B0B1-283DFEDDBCF0} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {ED360008-8AFE-4344-86D2-1A17C0EEB983} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {F34D1430-9314-4894-8975-96D92D5E781F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-06-13 14:04 - 2015-02-06 02:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-27 12:49 - 2015-02-27 12:49 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2015-02-27 12:49 - 2015-02-27 12:49 - 00034592 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2015-02-27 12:49 - 2015-02-27 12:49 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00022504 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
2014-05-09 20:57 - 2010-07-16 01:07 - 00023552 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2014-05-09 20:57 - 2010-07-16 01:07 - 00040952 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
2014-05-09 20:57 - 2010-07-16 01:07 - 00184816 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2015-03-19 11:04 - 2015-03-19 11:04 - 00380416 _____ () C:\Users\g2\Desktop\WIPER\PROGRAMS\GMER\pyflhvpp.exe
2014-05-09 21:14 - 2010-06-01 09:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2014-05-09 21:14 - 2010-06-01 09:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00131072 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll

addition log, part 2:

 

 
2014-05-09 20:57 - 2010-07-16 01:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00015872 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2014-05-09 20:57 - 2010-07-16 01:07 - 00109568 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
2014-05-10 08:15 - 2013-07-03 13:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2014-05-10 08:15 - 2013-07-03 13:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll
2014-10-15 13:42 - 2014-10-15 13:42 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-01-12 10:46 - 2010-03-04 11:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-03 13:06 - 2013-07-03 13:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-03 13:06 - 2013-07-03 13:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2013-09-21 03:50 - 2013-09-21 03:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-09-17 18:54 - 2013-09-17 18:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2015-03-13 03:06 - 2015-03-07 13:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-13 03:06 - 2015-03-07 13:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-13 03:06 - 2015-03-07 13:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\g2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.144.206.29 - 203.144.206.49
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Stereo Service => 2
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1348773421-1561231600-761306792-500 - Administrator - Disabled)
boinc_master (S-1-5-21-1348773421-1561231600-761306792-1000 - Limited - Enabled) => C:\Users\boinc_master
boinc_project (S-1-5-21-1348773421-1561231600-761306792-1001 - Limited - Enabled)
g2 (S-1-5-21-1348773421-1561231600-761306792-1005 - Administrator - Enabled) => C:\Users\g2
Guest (S-1-5-21-1348773421-1561231600-761306792-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2015 02:32:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program psi.exe version 3.0.0.9016 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c1c
 
Start Time: 01d06216c1a5f5d7
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe
 
Report Id: 0dc32a44-ce0a-11e4-9733-c0f8daf303f6
 
Error: (03/19/2015 11:25:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (03/19/2015 10:45:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
 
Error: (03/19/2015 10:42:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
 
Error: (03/19/2015 10:42:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:39:38 AM on ‎3/‎19/‎2015 was unexpected.
 
Error: (03/19/2015 08:33:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.193.3095.0).
 
Error: (03/19/2015 08:33:02 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DFCEFB80-BB55-447B-81AF-92826A8CB8D4} because another computer on the network has the same name.  The server could not start.
 
Error: (03/19/2015 08:32:48 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DFCEFB80-BB55-447B-81AF-92826A8CB8D4} because another computer on the network has the same name.  The server could not start.
 
Error: (03/19/2015 08:32:48 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.3070.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/19/2015 08:21:28 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/19/2015 08:21:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
 
Error: (03/19/2015 08:20:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2015 02:32:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: psi.exe3.0.0.90161c1c01d06216c1a5f5d70C:\Program Files (x86)\Secunia\PSI\psi.exe0dc32a44-ce0a-11e4-9733-c0f8daf303f6
 
Error: (03/19/2015 11:25:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/19/2015 08:20:58 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (03/19/2015 08:20:57 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 54%
Total physical RAM: 6124.93 MB
Available physical RAM: 2765.38 MB
Total Pagefile: 12248.05 MB
Available Pagefile: 8771.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.03 GB) (Free:326.17 GB) NTFS
Drive f: () (Removable) (Total:7.43 GB) (Free:2.28 GB) FAT32
Drive u: (Emtec) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E9CADD3B)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:39 PM

Posted 19 March 2015 - 10:52 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.
    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Edited by Machiavelli, 19 March 2015 - 10:57 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 19 March 2015 - 02:47 PM

ADWARE CLEANER REPORT
========================================================================================
# AdwCleaner v4.112 - Logfile created 20/03/2015 at 02:40:18
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : g2 - G2-VAIO
# Running from : C:\Users\g2\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v41.0.2272.89
 
 
*************************
 
AdwCleaner[R0].txt - [957 bytes] - [20/03/2015 02:34:58]
AdwCleaner[S0].txt - [889 bytes] - [20/03/2015 02:40:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [947  bytes] ##########


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:39 PM

Posted 19 March 2015 - 05:13 PM

I'm waiting for the other logs. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 20 March 2015 - 07:28 AM

Here is a malwarebytes log of a scan just completed. 

Attached Files



#9 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 20 March 2015 - 07:39 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x64
Ran by g2 on Fri 03/20/2015 at 19:30:34.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/20/2015 at 19:34:41.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 20 March 2015 - 07:44 AM

FRST SCAN REPORT
===============================================================================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by g2 (administrator) on G2-VAIO on 20-03-2015 19:42:24
Running from C:\Users\g2\Desktop\WIPER\PROGRAMS
Loaded Profiles: g2 (Available profiles: boinc_master & g2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(EMTEC) C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-16] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-16] (QFX Software Corporation)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {84e7a181-d78d-11e3-a1a5-f0bf975a39df} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {a12da19a-5dfe-11e4-920b-c0f8daf303f6} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {dbd834e7-66ca-11e4-8190-f0bf975a39df} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {e8be39f2-d792-11e3-b543-f0bf975a39df} - U:\Emtec.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk
ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{078FEFC6-B447-49B3-A3F0-083FD6572DC1}: [NameServer] 10.4.0.1
Tcpip\..\Interfaces\{17DAB472-8A82-41B7-B1E9-E4F5E63406E1}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DFCEFB80-BB55-447B-81AF-92826A8CB8D4}: [NameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-11-04] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-11-04] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://whatismyipaddress.com/
CHR StartupUrls: Default -> "hxxp://whatismyipaddress.com/"
CHR DefaultSearchKeyword: Default -> %7bsearchterms%7d
CHR DefaultSearchURL: Default -> http://{searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Torrent Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-01-09]
CHR Extension: (Google Drive) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (The Pirate Bay Redirector) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnminlhlpmekadljcjaogaaodpmlpkmk [2015-01-09]
CHR Extension: (Google Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Gmail) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-02-27] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-03] (Digital Delivery Networks, Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-06-13] (Power Admin LLC) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-19] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-01] ()
U2 MSSQL$DDNI; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 02:41 - 2015-03-20 02:41 - 00000576 _____ () C:\Windows\PFRO.log
2015-03-20 02:34 - 2015-03-20 02:40 - 00000000 ____D () C:\AdwCleaner
2015-03-20 01:03 - 2015-03-20 18:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-20 01:03 - 2015-03-13 23:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-20 01:03 - 2015-03-13 23:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-20 01:03 - 2015-03-13 22:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 01:03 - 2015-03-11 20:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-20 01:00 - 2015-03-14 02:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 01:00 - 2015-03-14 02:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-20 01:00 - 2015-03-14 02:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-19 15:55 - 2015-03-20 19:42 - 00000000 ____D () C:\FRST
2015-03-19 08:18 - 2015-03-20 18:39 - 00001588 _____ () C:\Windows\setupact.log
2015-03-19 08:18 - 2015-03-19 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-17 21:24 - 2015-03-20 05:24 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a.job
2015-03-17 21:24 - 2015-03-20 02:00 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6.job
2015-03-17 21:24 - 2015-03-17 21:24 - 00003570 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6
2015-03-17 21:24 - 2015-03-17 21:24 - 00003496 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a
2015-03-17 21:23 - 2015-03-17 21:23 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 21:22 - 2015-03-17 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-17 21:22 - 2015-03-17 21:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-17 21:22 - 2015-03-17 21:22 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-03-17 21:22 - 2015-03-17 21:22 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-17 19:41 - 2015-03-17 19:44 - 00000860 _____ () C:\Users\g2\Desktop\NON OPENVPN NUMBERS THAT CONNECT.txt
2015-03-17 01:30 - 2015-03-17 01:30 - 00000786 _____ () C:\Users\g2\Desktop\ADD TO CM FLYER.txt
2015-03-16 11:35 - 2015-03-16 11:35 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-16 11:35 - 2015-03-16 11:35 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-16 11:35 - 2015-03-16 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-16 11:35 - 2015-03-16 11:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-16 07:53 - 2015-03-16 07:53 - 00000150 _____ () C:\Users\g2\Desktop\COPY AND POST TO BYZ SITES.txt
2015-03-14 10:22 - 2015-03-14 10:22 - 00000106 _____ () C:\Users\g2\Desktop\SEXUAL ESCALATION.txt
2015-03-14 02:53 - 2015-03-14 02:53 - 01328084 _____ () C:\Users\g2\Desktop\pg3600.epub
2015-03-14 02:40 - 2015-03-14 02:40 - 00000156 _____ () C:\Users\g2\Desktop\HOW STUFF WORKS.txt
2015-03-11 10:03 - 2015-02-24 10:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 10:03 - 2015-02-24 09:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 10:03 - 2015-02-21 07:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 10:03 - 2015-02-21 07:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 10:03 - 2015-02-21 07:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 10:03 - 2015-02-21 07:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 10:03 - 2015-02-21 06:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:03 - 2015-02-21 06:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 10:03 - 2015-02-20 10:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:03 - 2015-02-20 10:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 10:03 - 2015-02-20 09:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 10:03 - 2015-02-20 09:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:03 - 2015-02-20 09:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 10:03 - 2015-02-20 09:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:03 - 2015-02-20 09:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 10:03 - 2015-02-20 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:03 - 2015-02-20 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 10:03 - 2015-02-20 09:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 10:03 - 2015-02-20 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:03 - 2015-02-20 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 10:03 - 2015-02-20 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 10:03 - 2015-02-20 09:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:03 - 2015-02-20 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 10:03 - 2015-02-20 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 10:03 - 2015-02-20 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:03 - 2015-02-20 09:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 10:03 - 2015-02-20 09:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 10:03 - 2015-02-20 09:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 10:03 - 2015-02-20 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:03 - 2015-02-20 09:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 10:03 - 2015-02-20 09:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 10:03 - 2015-02-20 09:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 10:03 - 2015-02-20 08:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 10:03 - 2015-02-20 08:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 10:03 - 2015-02-20 08:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 10:03 - 2015-02-20 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:03 - 2015-02-20 08:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 10:03 - 2015-02-20 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 10:03 - 2015-02-20 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:03 - 2015-02-20 08:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:03 - 2015-02-20 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 10:03 - 2015-02-20 08:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 10:03 - 2015-02-20 08:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 10:03 - 2015-02-20 08:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:03 - 2015-02-20 08:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 10:03 - 2015-02-20 08:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 10:03 - 2015-02-20 08:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 10:03 - 2015-02-20 08:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:03 - 2015-02-20 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 10:03 - 2015-02-20 08:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 10:03 - 2015-02-20 07:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 10:03 - 2015-02-20 07:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 10:03 - 2015-02-03 10:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:03 - 2015-02-03 10:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 10:03 - 2015-02-03 10:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 10:03 - 2015-02-03 10:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 10:03 - 2015-02-03 10:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 10:03 - 2015-02-03 10:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 10:03 - 2015-02-03 10:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 10:03 - 2015-02-03 10:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 10:03 - 2015-02-03 10:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 10:03 - 2015-02-03 10:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 10:03 - 2015-02-03 10:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 10:03 - 2015-02-03 10:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 10:03 - 2015-02-03 10:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 10:03 - 2015-02-03 10:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 10:03 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 10:03 - 2015-02-03 10:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 10:03 - 2015-02-03 10:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 10:03 - 2015-02-03 10:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 10:03 - 2015-02-03 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 10:03 - 2015-02-03 10:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 10:03 - 2015-02-03 09:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 10:03 - 2014-11-01 05:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 10:02 - 2015-02-21 08:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:02 - 2015-02-20 11:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 10:02 - 2015-02-20 11:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 10:02 - 2015-02-20 10:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:02 - 2015-02-20 10:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 10:02 - 2015-02-03 10:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 10:02 - 2015-02-03 10:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 10:02 - 2015-01-31 10:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 10:02 - 2015-01-31 10:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 10:02 - 2015-01-31 06:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 10:01 - 2015-03-06 12:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 10:01 - 2015-03-06 12:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 10:01 - 2015-03-06 12:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 10:01 - 2015-03-06 12:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 10:01 - 2015-03-06 12:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 10:01 - 2015-03-06 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 10:01 - 2015-03-06 12:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 10:01 - 2015-03-06 12:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 10:01 - 2015-03-06 12:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 10:01 - 2015-03-06 12:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 10:01 - 2015-03-06 12:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 10:01 - 2015-03-06 12:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 10:01 - 2015-03-06 12:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 10:01 - 2015-02-13 12:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:01 - 2015-02-03 10:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:01 - 2015-02-03 10:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 10:01 - 2015-01-31 06:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 10:00 - 2015-02-26 10:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:00 - 2015-02-13 12:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 10:00 - 2015-02-04 10:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:00 - 2015-02-04 09:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 10:00 - 2015-01-17 09:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:00 - 2015-01-17 09:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 11:53 - 2015-03-10 11:53 - 00000508 _____ () C:\Users\g2\Desktop\COMPUTER SHUTTING DOWN.txt
2015-03-10 09:33 - 2015-03-10 09:34 - 00000102 _____ () C:\Users\g2\Desktop\NEW GEHEIM ZOHO KENNWORT.txt
2015-03-10 09:00 - 2015-03-17 22:04 - 00000218 _____ () C:\Users\g2\Desktop\MARXIAN ECONOMICS COURSE.txt
2015-03-09 05:28 - 2015-03-15 04:41 - 00000402 _____ () C:\Users\g2\Desktop\KNARR MAINTENANCE.txt
2015-03-09 04:55 - 2015-03-09 05:08 - 00000392 _____ () C:\Users\g2\Desktop\YOUTUBE GF SITES.txt
2015-03-08 12:02 - 2015-03-08 12:02 - 00000088 _____ () C:\Users\g2\Desktop\EAR TRAINING SITE.txt
2015-03-08 02:22 - 2015-03-08 02:22 - 00000000 ____D () C:\Users\g2\Desktop\FREE MOVIES
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8
2015-03-06 00:53 - 2015-03-06 00:53 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-03-05 03:10 - 2015-03-05 03:11 - 00000000 ____D () C:\Users\g2\Desktop\MARX ECON AND PHILOS MSS
2015-03-02 21:17 - 2015-03-02 21:17 - 00000943 _____ () C:\Users\g2\Desktop\Verse Perfect.lnk
2015-03-02 21:17 - 2015-03-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect
2015-03-02 21:17 - 2015-03-02 21:17 - 00000000 ____D () C:\Program Files (x86)\VersePerfect
2015-03-02 20:41 - 2015-03-02 20:41 - 00001736 _____ () C:\Users\g2\Desktop\OBJECT WRITING.txt
2015-02-28 09:18 - 2015-02-28 09:18 - 00000242 _____ () C:\Users\g2\Desktop\byz pol poss ally.txt
2015-02-27 12:46 - 2015-02-27 12:46 - 00018944 _____ (Softland) C:\Windows\system32\novamn8.dll
2015-02-27 12:46 - 2015-02-27 12:46 - 00015872 _____ (Softland) C:\Windows\system32\novami8.dll
2015-02-27 04:25 - 2015-02-27 04:25 - 00000138 _____ () C:\Users\g2\Desktop\SCHMUCK verkaufen TIP.txt
2015-02-27 01:43 - 2015-02-27 01:43 - 00000258 _____ () C:\Users\g2\Desktop\TO JOIN BYZ RELATED.txt
2015-02-25 19:35 - 2015-01-09 06:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:35 - 2015-01-09 06:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 01:07 - 2015-02-20 01:07 - 00000198 _____ () C:\Users\g2\Desktop\LINUX UBUNTU DEBIAN TAILS.txt
2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-02-19 05:04 - 2015-02-19 05:08 - 00006824 _____ () C:\Users\g2\Desktop\NSA SPYWARE ON HD'S.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 19:40 - 2014-11-04 04:56 - 00000000 ____D () C:\Users\g2\Desktop\BLEEPING SCAN
2015-03-20 19:05 - 2014-05-12 00:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 19:01 - 2014-05-09 20:12 - 01521598 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 18:58 - 2014-05-10 03:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 18:49 - 2009-07-14 11:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 18:49 - 2009-07-14 11:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 18:48 - 2014-05-09 22:19 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{366FA3D7-3A46-4571-8035-21FA6273315F}
2015-03-20 18:39 - 2014-11-16 06:51 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-20 18:39 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 02:39 - 2014-09-08 08:07 - 00000000 ____D () C:\Users\g2\AppData\Roaming\Audacity
2015-03-20 01:04 - 2014-06-13 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 01:03 - 2011-01-12 10:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 01:03 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\Help
2015-03-20 01:02 - 2014-06-13 14:03 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-20 00:33 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\tracing
2015-03-19 19:12 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-19 19:06 - 2009-07-14 12:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 16:04 - 2014-05-09 22:28 - 00000000 ____D () C:\Users\g2\Desktop\WIPER
2015-03-19 08:28 - 2014-05-10 00:45 - 00000000 ____D () C:\Users\g2\AppData\Roaming\Skype
2015-03-19 08:23 - 2014-05-10 01:10 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SoftGrid Client
2015-03-18 21:28 - 2015-02-07 01:43 - 00000626 _____ () C:\Users\g2\Desktop\PROTON RESERVATION GEHEIM EMAIL.txt
2015-03-18 20:35 - 2015-02-09 01:47 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SlimBrowser
2015-03-16 11:37 - 2011-01-12 10:06 - 00000000 ____D () C:\Windows\Panther
2015-03-16 05:20 - 2015-01-23 23:10 - 00000000 ____D () C:\Users\g2\Desktop\MARCUS AURELIUS
2015-03-14 02:05 - 2009-07-14 12:13 - 00782940 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 03:06 - 2014-05-12 00:51 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 03:03 - 2015-01-08 12:55 - 00000000 ____D () C:\Users\g2\Desktop\MUSIC SONGS CM 2014-1015
2015-03-12 16:22 - 2015-02-08 12:42 - 00000000 ____D () C:\Users\g2\Desktop\PHOTOS NEW SEA
2015-03-12 02:22 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 10:38 - 2014-05-09 22:16 - 00000000 ___RD () C:\Users\g2\Virtual Machines
2015-03-11 10:32 - 2009-07-14 11:45 - 00334488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 10:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 10:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 10:11 - 2014-05-13 16:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:06 - 2014-05-13 16:23 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 10:30 - 2015-01-02 22:32 - 00000654 _____ () C:\Users\g2\Desktop\METRONOME.txt
2015-03-08 08:18 - 2015-02-08 13:29 - 00000228 _____ () C:\Users\g2\Desktop\SPAN REVIEW AND DELETE.txt
2015-03-08 08:17 - 2014-05-19 22:06 - 00000000 ____D () C:\Users\g2\Desktop\MATCH HEAVEN
2015-03-08 05:57 - 2014-09-13 23:39 - 00000000 ____D () C:\Users\g2\Desktop\BANK  STUFF
2015-03-06 14:13 - 2014-08-31 04:26 - 00003556 _____ () C:\Windows\System32\Tasks\doPDF Update
2015-03-06 14:13 - 2014-08-13 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 14:12 - 2014-08-31 04:25 - 00000000 ____D () C:\Program Files\Softland
2015-03-06 04:49 - 2014-05-12 09:08 - 00000000 ____D () C:\Update
2015-03-06 00:53 - 2014-05-12 09:15 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-03-06 00:53 - 2011-01-12 23:48 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-06 00:52 - 2011-01-12 10:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-03 20:17 - 2014-05-09 20:47 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-25 02:07 - 2015-02-17 02:32 - 00000186 _____ () C:\Users\g2\Desktop\website name.txt
2015-02-25 02:07 - 2014-09-06 02:23 - 00000000 ____D () C:\Users\g2\Desktop\DNS
2015-02-24 05:53 - 2014-07-04 17:09 - 00001282 _____ () C:\Users\g2\Desktop\THINGS I HATE.txt
2015-02-19 21:20 - 2014-05-11 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-02-19 21:20 - 2014-05-11 17:39 - 00000000 ____D () C:\Program Files (x86)\KeyScrambler
2015-02-19 15:29 - 2014-11-04 04:09 - 00001063 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
 
==================== Files in the root of some directories =======
 
2014-10-31 10:09 - 2014-10-31 07:35 - 0005962 _____ () C:\Program Files\frootvpn.ovpn
2014-08-26 02:30 - 2014-10-29 10:09 - 0000600 _____ () C:\Users\g2\AppData\Local\PUTTY.RND
2014-05-13 17:41 - 2014-09-24 23:02 - 0007620 _____ () C:\Users\g2\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 04:59
 
==================== End Of Log ============================


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:39 PM

Posted 20 March 2015 - 08:10 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {84e7a181-d78d-11e3-a1a5-f0bf975a39df} - "E:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {a12da19a-5dfe-11e4-920b-c0f8daf303f6} - E:\Emtec.exe
    HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {dbd834e7-66ca-11e4-8190-f0bf975a39df} - E:\Emtec.exe
    HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {e8be39f2-d792-11e3-b543-f0bf975a39df} - U:\Emtec.exe
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites02_14_19_ff&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyByD0AtAzy0D0FyEtCtD0CtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0DyB0DyB0D0BtG0E0A0DtDtGyE0B0AtBtG0A0F0CyEtGyDzztBtA0DyD0AtC0EyB0D0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEtDtBtDtB0EtCtGtBtCtByEtGyDtAyEtBtG0DzytD0CtGyBtAtD0F0E0C0DyCtAtDyDyD2Q&cr=2121657886&ir=
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    Toolbar: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    2014-10-31 10:09 - 2014-10-31 07:35 - 0005962 _____ () C:\Program Files\frootvpn.ovpn
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 20 March 2015 - 09:09 AM

I think I made a mistake with the FRST scan.  I thought the FRST64.exe was what I should use since I have a 64 bit system. The scan report is from FRST64. 

 

Should I run FRST now?



#13 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 20 March 2015 - 09:25 AM

FRST.txt part 1
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by g2 (administrator) on G2-VAIO on 20-03-2015 21:21:10
Running from C:\Users\g2\Desktop
Loaded Profiles: g2 (Available profiles: boinc_master & g2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(EMTEC) C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\87ab079d-d124-47b4-bb8d-523657de826f.com
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-16] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-16] (QFX Software Corporation)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {84e7a181-d78d-11e3-a1a5-f0bf975a39df} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {a12da19a-5dfe-11e4-920b-c0f8daf303f6} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {dbd834e7-66ca-11e4-8190-f0bf975a39df} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {e8be39f2-d792-11e3-b543-f0bf975a39df} - U:\Emtec.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk
ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{078FEFC6-B447-49B3-A3F0-083FD6572DC1}: [NameServer] 10.4.0.1
Tcpip\..\Interfaces\{17DAB472-8A82-41B7-B1E9-E4F5E63406E1}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DFCEFB80-BB55-447B-81AF-92826A8CB8D4}: [NameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-11-04] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-11-04] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://whatismyipaddress.com/
CHR StartupUrls: Default -> "hxxp://whatismyipaddress.com/"
CHR DefaultSearchKeyword: Default -> %7bsearchterms%7d
CHR DefaultSearchURL: Default -> http://{searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Torrent Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-01-09]
CHR Extension: (Google Drive) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (The Pirate Bay Redirector) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnminlhlpmekadljcjaogaaodpmlpkmk [2015-01-09]
CHR Extension: (Google Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Gmail) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-02-27] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-03] (Digital Delivery Networks, Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-06-13] (Power Admin LLC) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-19] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-01] ()
U2 MSSQL$DDNI; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 21:19 - 2015-03-20 21:19 - 00003476 _____ () C:\Users\g2\Desktop\Fixlist.txt
2015-03-20 02:41 - 2015-03-20 02:41 - 00000576 _____ () C:\Windows\PFRO.log
2015-03-20 02:34 - 2015-03-20 02:40 - 00000000 ____D () C:\AdwCleaner
2015-03-20 01:03 - 2015-03-20 18:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-20 01:03 - 2015-03-13 23:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-20 01:03 - 2015-03-13 23:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-20 01:03 - 2015-03-13 22:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 01:03 - 2015-03-11 20:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-20 01:00 - 2015-03-14 02:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 01:00 - 2015-03-14 02:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-20 01:00 - 2015-03-14 02:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-19 15:55 - 2015-03-20 21:21 - 00023395 _____ () C:\Users\g2\Desktop\FRST.txt
2015-03-19 15:55 - 2015-03-20 21:21 - 00000000 ____D () C:\FRST
2015-03-19 15:54 - 2015-03-19 15:54 - 02095616 _____ (Farbar) C:\Users\g2\Desktop\FRST64.exe
2015-03-19 08:18 - 2015-03-20 18:39 - 00001588 _____ () C:\Windows\setupact.log
2015-03-19 08:18 - 2015-03-19 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-17 21:24 - 2015-03-20 05:24 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a.job
2015-03-17 21:24 - 2015-03-20 02:00 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6.job
2015-03-17 21:24 - 2015-03-17 21:24 - 00003570 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6
2015-03-17 21:24 - 2015-03-17 21:24 - 00003496 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a
2015-03-17 21:23 - 2015-03-17 21:23 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 21:22 - 2015-03-20 19:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-17 21:22 - 2015-03-17 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-17 21:22 - 2015-03-17 21:22 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-03-17 21:22 - 2015-03-17 21:22 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-17 19:41 - 2015-03-17 19:44 - 00000860 _____ () C:\Users\g2\Desktop\NON OPENVPN NUMBERS THAT CONNECT.txt
2015-03-17 01:30 - 2015-03-17 01:30 - 00000786 _____ () C:\Users\g2\Desktop\ADD TO CM FLYER.txt
2015-03-16 11:35 - 2015-03-16 11:35 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-16 11:35 - 2015-03-16 11:35 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-16 11:35 - 2015-03-16 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-16 11:35 - 2015-03-16 11:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-16 07:53 - 2015-03-16 07:53 - 00000150 _____ () C:\Users\g2\Desktop\COPY AND POST TO BYZ SITES.txt
2015-03-14 10:22 - 2015-03-14 10:22 - 00000106 _____ () C:\Users\g2\Desktop\SEXUAL ESCALATION.txt
2015-03-14 02:53 - 2015-03-14 02:53 - 01328084 _____ () C:\Users\g2\Desktop\pg3600.epub
2015-03-14 02:40 - 2015-03-14 02:40 - 00000156 _____ () C:\Users\g2\Desktop\HOW STUFF WORKS.txt
2015-03-11 10:03 - 2015-02-24 10:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 10:03 - 2015-02-24 09:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 10:03 - 2015-02-21 07:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 10:03 - 2015-02-21 07:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 10:03 - 2015-02-21 07:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 10:03 - 2015-02-21 07:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 10:03 - 2015-02-21 06:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:03 - 2015-02-21 06:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 10:03 - 2015-02-20 10:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:03 - 2015-02-20 10:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 10:03 - 2015-02-20 09:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 10:03 - 2015-02-20 09:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:03 - 2015-02-20 09:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 10:03 - 2015-02-20 09:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:03 - 2015-02-20 09:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 10:03 - 2015-02-20 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:03 - 2015-02-20 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 10:03 - 2015-02-20 09:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 10:03 - 2015-02-20 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:03 - 2015-02-20 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 10:03 - 2015-02-20 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 10:03 - 2015-02-20 09:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:03 - 2015-02-20 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 10:03 - 2015-02-20 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 10:03 - 2015-02-20 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:03 - 2015-02-20 09:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

FRST.txt part 2
 
2015-03-11 10:03 - 2015-02-20 09:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 10:03 - 2015-02-20 09:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 10:03 - 2015-02-20 09:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 10:03 - 2015-02-20 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:03 - 2015-02-20 09:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 10:03 - 2015-02-20 09:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 10:03 - 2015-02-20 09:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 10:03 - 2015-02-20 08:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 10:03 - 2015-02-20 08:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 10:03 - 2015-02-20 08:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 10:03 - 2015-02-20 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:03 - 2015-02-20 08:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 10:03 - 2015-02-20 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 10:03 - 2015-02-20 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:03 - 2015-02-20 08:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:03 - 2015-02-20 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 10:03 - 2015-02-20 08:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 10:03 - 2015-02-20 08:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 10:03 - 2015-02-20 08:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:03 - 2015-02-20 08:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 10:03 - 2015-02-20 08:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 10:03 - 2015-02-20 08:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 10:03 - 2015-02-20 08:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:03 - 2015-02-20 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 10:03 - 2015-02-20 08:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 10:03 - 2015-02-20 07:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 10:03 - 2015-02-20 07:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 10:03 - 2015-02-03 10:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:03 - 2015-02-03 10:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 10:03 - 2015-02-03 10:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 10:03 - 2015-02-03 10:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 10:03 - 2015-02-03 10:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 10:03 - 2015-02-03 10:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 10:03 - 2015-02-03 10:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 10:03 - 2015-02-03 10:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 10:03 - 2015-02-03 10:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 10:03 - 2015-02-03 10:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 10:03 - 2015-02-03 10:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 10:03 - 2015-02-03 10:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 10:03 - 2015-02-03 10:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 10:03 - 2015-02-03 10:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 10:03 - 2015-02-03 10:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 10:03 - 2015-02-03 10:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 10:03 - 2015-02-03 10:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 10:03 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 10:03 - 2015-02-03 10:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 10:03 - 2015-02-03 10:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 10:03 - 2015-02-03 10:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 10:03 - 2015-02-03 10:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 10:03 - 2015-02-03 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 10:03 - 2015-02-03 10:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 10:03 - 2015-02-03 09:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 10:03 - 2014-11-01 05:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 10:02 - 2015-02-21 08:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:02 - 2015-02-20 11:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:02 - 2015-02-20 11:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 10:02 - 2015-02-20 11:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 10:02 - 2015-02-20 11:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 10:02 - 2015-02-20 10:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:02 - 2015-02-20 10:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 10:02 - 2015-02-03 10:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 10:02 - 2015-02-03 10:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 10:02 - 2015-01-31 10:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 10:02 - 2015-01-31 10:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 10:02 - 2015-01-31 06:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 10:01 - 2015-03-06 12:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 10:01 - 2015-03-06 12:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 10:01 - 2015-03-06 12:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 10:01 - 2015-03-06 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 10:01 - 2015-03-06 12:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 10:01 - 2015-03-06 12:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 10:01 - 2015-03-06 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 10:01 - 2015-03-06 12:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 10:01 - 2015-03-06 12:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 10:01 - 2015-03-06 12:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 10:01 - 2015-03-06 12:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 10:01 - 2015-03-06 12:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 10:01 - 2015-03-06 12:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 10:01 - 2015-03-06 12:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 10:01 - 2015-03-06 12:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 10:01 - 2015-02-13 12:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:01 - 2015-02-03 10:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:01 - 2015-02-03 10:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 10:01 - 2015-01-31 06:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 10:00 - 2015-02-26 10:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:00 - 2015-02-13 12:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 10:00 - 2015-02-04 10:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:00 - 2015-02-04 09:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 10:00 - 2015-01-17 09:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:00 - 2015-01-17 09:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 11:53 - 2015-03-10 11:53 - 00000508 _____ () C:\Users\g2\Desktop\COMPUTER SHUTTING DOWN.txt
2015-03-10 09:33 - 2015-03-10 09:34 - 00000102 _____ () C:\Users\g2\Desktop\NEW GEHEIM ZOHO KENNWORT.txt
2015-03-10 09:00 - 2015-03-17 22:04 - 00000218 _____ () C:\Users\g2\Desktop\MARXIAN ECONOMICS COURSE.txt
2015-03-09 05:28 - 2015-03-15 04:41 - 00000402 _____ () C:\Users\g2\Desktop\KNARR MAINTENANCE.txt
2015-03-09 04:55 - 2015-03-09 05:08 - 00000392 _____ () C:\Users\g2\Desktop\YOUTUBE GF SITES.txt
2015-03-08 12:02 - 2015-03-08 12:02 - 00000088 _____ () C:\Users\g2\Desktop\EAR TRAINING SITE.txt
2015-03-08 02:22 - 2015-03-08 02:22 - 00000000 ____D () C:\Users\g2\Desktop\FREE MOVIES
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8
2015-03-06 00:53 - 2015-03-06 00:53 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-03-05 03:10 - 2015-03-05 03:11 - 00000000 ____D () C:\Users\g2\Desktop\MARX ECON AND PHILOS MSS
2015-03-02 21:17 - 2015-03-02 21:17 - 00000943 _____ () C:\Users\g2\Desktop\Verse Perfect.lnk
2015-03-02 21:17 - 2015-03-02 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect
2015-03-02 21:17 - 2015-03-02 21:17 - 00000000 ____D () C:\Program Files (x86)\VersePerfect
2015-03-02 20:41 - 2015-03-02 20:41 - 00001736 _____ () C:\Users\g2\Desktop\OBJECT WRITING.txt
2015-02-28 09:18 - 2015-02-28 09:18 - 00000242 _____ () C:\Users\g2\Desktop\byz pol poss ally.txt
2015-02-27 12:46 - 2015-02-27 12:46 - 00018944 _____ (Softland) C:\Windows\system32\novamn8.dll
2015-02-27 12:46 - 2015-02-27 12:46 - 00015872 _____ (Softland) C:\Windows\system32\novami8.dll
2015-02-27 04:25 - 2015-02-27 04:25 - 00000138 _____ () C:\Users\g2\Desktop\SCHMUCK verkaufen TIP.txt
2015-02-27 01:43 - 2015-02-27 01:43 - 00000258 _____ () C:\Users\g2\Desktop\TO JOIN BYZ RELATED.txt
2015-02-25 19:35 - 2015-01-09 06:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:35 - 2015-01-09 06:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 01:07 - 2015-02-20 01:07 - 00000198 _____ () C:\Users\g2\Desktop\LINUX UBUNTU DEBIAN TAILS.txt
2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-02-19 05:04 - 2015-02-19 05:08 - 00006824 _____ () C:\Users\g2\Desktop\NSA SPYWARE ON HD'S.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 21:19 - 2014-11-04 04:56 - 00000000 ____D () C:\Users\g2\Desktop\BLEEPING SCAN
2015-03-20 21:05 - 2014-05-12 00:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 21:00 - 2015-02-17 02:32 - 00000240 _____ () C:\Users\g2\Desktop\website name.txt
2015-03-20 20:59 - 2014-05-09 22:28 - 00000000 ____D () C:\Users\g2\Desktop\WIPER
2015-03-20 19:01 - 2014-05-09 20:12 - 01521598 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 18:58 - 2014-05-10 03:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 18:49 - 2009-07-14 11:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 18:49 - 2009-07-14 11:45 - 00025920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 18:48 - 2014-05-09 22:19 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{366FA3D7-3A46-4571-8035-21FA6273315F}
2015-03-20 18:39 - 2014-11-16 06:51 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-20 18:39 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 02:39 - 2014-09-08 08:07 - 00000000 ____D () C:\Users\g2\AppData\Roaming\Audacity
2015-03-20 01:04 - 2014-06-13 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 01:03 - 2011-01-12 10:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-20 01:03 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\Help
2015-03-20 01:02 - 2014-06-13 14:03 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-20 00:33 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\tracing
2015-03-19 19:12 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-19 19:06 - 2009-07-14 12:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 08:28 - 2014-05-10 00:45 - 00000000 ____D () C:\Users\g2\AppData\Roaming\Skype
2015-03-19 08:23 - 2014-05-10 01:10 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SoftGrid Client
2015-03-18 21:28 - 2015-02-07 01:43 - 00000626 _____ () C:\Users\g2\Desktop\PROTON RESERVATION GEHEIM EMAIL.txt
2015-03-18 20:35 - 2015-02-09 01:47 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SlimBrowser
2015-03-16 11:37 - 2011-01-12 10:06 - 00000000 ____D () C:\Windows\Panther
2015-03-16 05:20 - 2015-01-23 23:10 - 00000000 ____D () C:\Users\g2\Desktop\MARCUS AURELIUS
2015-03-14 02:05 - 2009-07-14 12:13 - 00782940 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 03:06 - 2014-05-12 00:51 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 03:03 - 2015-01-08 12:55 - 00000000 ____D () C:\Users\g2\Desktop\MUSIC SONGS CM 2014-1015
2015-03-12 16:22 - 2015-02-08 12:42 - 00000000 ____D () C:\Users\g2\Desktop\PHOTOS NEW SEA
2015-03-12 02:22 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 10:38 - 2014-05-09 22:16 - 00000000 ___RD () C:\Users\g2\Virtual Machines
2015-03-11 10:32 - 2009-07-14 11:45 - 00334488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 10:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 10:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 10:11 - 2014-05-13 16:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:06 - 2014-05-13 16:23 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 10:30 - 2015-01-02 22:32 - 00000654 _____ () C:\Users\g2\Desktop\METRONOME.txt
2015-03-08 08:18 - 2015-02-08 13:29 - 00000228 _____ () C:\Users\g2\Desktop\SPAN REVIEW AND DELETE.txt
2015-03-08 08:17 - 2014-05-19 22:06 - 00000000 ____D () C:\Users\g2\Desktop\MATCH HEAVEN
2015-03-08 05:57 - 2014-09-13 23:39 - 00000000 ____D () C:\Users\g2\Desktop\BANK  STUFF
2015-03-06 14:13 - 2014-08-31 04:26 - 00003556 _____ () C:\Windows\System32\Tasks\doPDF Update
2015-03-06 14:13 - 2014-08-13 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 14:12 - 2014-08-31 04:25 - 00000000 ____D () C:\Program Files\Softland
2015-03-06 04:49 - 2014-05-12 09:08 - 00000000 ____D () C:\Update
2015-03-06 00:53 - 2014-05-12 09:15 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-03-06 00:53 - 2011-01-12 23:48 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-06 00:52 - 2011-01-12 10:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-03 20:17 - 2014-05-09 20:47 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-25 02:07 - 2014-09-06 02:23 - 00000000 ____D () C:\Users\g2\Desktop\DNS
2015-02-24 05:53 - 2014-07-04 17:09 - 00001282 _____ () C:\Users\g2\Desktop\THINGS I HATE.txt
2015-02-19 21:20 - 2014-05-11 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-02-19 21:20 - 2014-05-11 17:39 - 00000000 ____D () C:\Program Files (x86)\KeyScrambler
2015-02-19 15:29 - 2014-11-04 04:09 - 00001063 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
 
==================== Files in the root of some directories =======
 
2014-10-31 10:09 - 2014-10-31 07:35 - 0005962 _____ () C:\Program Files\frootvpn.ovpn
2014-08-26 02:30 - 2014-10-29 10:09 - 0000600 _____ () C:\Users\g2\AppData\Local\PUTTY.RND
2014-05-13 17:41 - 2014-09-24 23:02 - 0007620 _____ () C:\Users\g2\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 04:59
 
==================== End Of Log ============================


#14 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 20 March 2015 - 09:40 AM

FIXLOG.txt
 
==================================================================================================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by g2 at 2015-03-20 21:30:16 Run:1
Running from C:\Users\g2\Desktop
Loaded Profiles: g2 (Available profiles: boinc_master & g2)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {84e7a181-d78d-11e3-a1a5-f0bf975a39df} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {a12da19a-5dfe-11e4-920b-c0f8daf303f6} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {dbd834e7-66ca-11e4-8190-f0bf975a39df} - E:\Emtec.exe
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\MountPoints2: {e8be39f2-d792-11e3-b543-f0bf975a39df} - U:\Emtec.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\S-1-5-21-1348773421-1561231600-761306792-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2014-10-31 10:09 - 2014-10-31 07:35 - 0005962 _____ () C:\Program Files\frootvpn.ovpn
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1348773421-1561231600-761306792-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84e7a181-d78d-11e3-a1a5-f0bf975a39df}" => Key deleted successfully.
HKCR\CLSID\{84e7a181-d78d-11e3-a1a5-f0bf975a39df} => Key not found. 
"HKU\S-1-5-21-1348773421-1561231600-761306792-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a12da19a-5dfe-11e4-920b-c0f8daf303f6}" => Key deleted successfully.
HKCR\CLSID\{a12da19a-5dfe-11e4-920b-c0f8daf303f6} => Key not found. 
"HKU\S-1-5-21-1348773421-1561231600-761306792-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbd834e7-66ca-11e4-8190-f0bf975a39df}" => Key deleted successfully.
HKCR\CLSID\{dbd834e7-66ca-11e4-8190-f0bf975a39df} => Key not found. 
"HKU\S-1-5-21-1348773421-1561231600-761306792-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8be39f2-d792-11e3-b543-f0bf975a39df}" => Key deleted successfully.
HKCR\CLSID\{e8be39f2-d792-11e3-b543-f0bf975a39df} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1348773421-1561231600-761306792-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files\frootvpn.ovpn => Moved successfully.
EmptyTemp: => Removed 170.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:30:25 ====


#15 Achaemenid

Achaemenid
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 20 March 2015 - 09:44 AM

FRST.txt PART 1
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by g2 (administrator) on G2-VAIO on 20-03-2015 21:42:42
Running from C:\Users\g2\Desktop
Loaded Profiles: g2 (Available profiles: boinc_master & g2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EMTEC) C:\Users\g2\AppData\Local\Temp\Emtec\Emtec.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-16] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-16] (QFX Software Corporation)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-23] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk
ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-1348773421-1561231600-761306792-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-04] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{078FEFC6-B447-49B3-A3F0-083FD6572DC1}: [NameServer] 10.4.0.1
Tcpip\..\Interfaces\{17DAB472-8A82-41B7-B1E9-E4F5E63406E1}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DFCEFB80-BB55-447B-81AF-92826A8CB8D4}: [NameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-11-04] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-11-04] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://whatismyipaddress.com/
CHR StartupUrls: Default -> "hxxp://whatismyipaddress.com/"
CHR DefaultSearchKeyword: Default -> %7bsearchterms%7d
CHR DefaultSearchURL: Default -> http://{searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Torrent Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-01-09]
CHR Extension: (Google Drive) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (The Pirate Bay Redirector) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnminlhlpmekadljcjaogaaodpmlpkmk [2015-01-09]
CHR Extension: (Google Search) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Gmail) - C:\Users\g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-02-27] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-03] (Digital Delivery Networks, Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-06-13] (Power Admin LLC) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-19] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-01] ()
U2 MSSQL$DDNI; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 21:42 - 2015-03-20 21:42 - 00021662 _____ () C:\Users\g2\Desktop\FRST.txt
2015-03-20 21:21 - 2015-03-20 21:22 - 00032148 _____ () C:\Users\g2\Desktop\Addition.txt
2015-03-20 02:41 - 2015-03-20 21:32 - 00000924 _____ () C:\Windows\PFRO.log
2015-03-20 02:34 - 2015-03-20 02:40 - 00000000 ____D () C:\AdwCleaner
2015-03-20 01:03 - 2015-03-20 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-20 01:03 - 2015-03-13 23:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-20 01:03 - 2015-03-13 23:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-20 01:03 - 2015-03-13 23:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-20 01:03 - 2015-03-13 22:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 01:03 - 2015-03-11 20:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-20 01:00 - 2015-03-14 02:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 01:00 - 2015-03-14 02:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-20 01:00 - 2015-03-14 02:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-20 01:00 - 2015-03-14 02:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-19 15:55 - 2015-03-20 21:42 - 00000000 ____D () C:\FRST
2015-03-19 15:54 - 2015-03-19 15:54 - 02095616 _____ (Farbar) C:\Users\g2\Desktop\FRST64.exe
2015-03-19 08:18 - 2015-03-20 21:32 - 00001756 _____ () C:\Windows\setupact.log
2015-03-19 08:18 - 2015-03-19 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-17 21:24 - 2015-03-20 21:24 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a.job
2015-03-17 21:24 - 2015-03-20 02:00 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6.job
2015-03-17 21:24 - 2015-03-17 21:24 - 00003570 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task bfaf6bed-a2f7-4f70-9776-bf8ac8542aa6
2015-03-17 21:24 - 2015-03-17 21:24 - 00003496 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c044c029-caef-4a2b-a35f-2c7135ab435a
2015-03-17 21:23 - 2015-03-17 21:23 - 00000000 ____D () C:\Users\g2\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 21:22 - 2015-03-20 19:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-17 21:22 - 2015-03-17 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

Edited by Achaemenid, 20 March 2015 - 09:45 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users