Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe taking too much memory, slows down computer


  • This topic is locked This topic is locked
14 replies to this topic

#1 DeleteSystem32

DeleteSystem32

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 29 March 2015 - 11:25 AM

One of the svchost.exe processes seems to suck up a ton of memory for some reason (up to around 700mb). The process goes away by itself if I leave it alone, but it has caused a few out-of-memory game crashes in the past and generally slows down all programs while running. I can end the process, but the problem usually comes back randomly during another session.

 

I noticed the svchost.exe group name was netsvcs, which I believe were in charge of these services: AeLookupSvc, BITS, EapHost, IKEEXT, iphlpsvc, LanmanServer, MMCSS, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, and wuauserv. Malwarebytes and Avast turn up nothing, so I'm not sure what it could be.

I have attached the logs from Farbar Recovery Scan Tool for review.

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:07 AM

Posted 31 March 2015 - 07:56 AM

Can you please post the logs directly into the thread rather than attaching them? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 DeleteSystem32

DeleteSystem32
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 31 March 2015 - 08:29 AM

I figured it would keep the thread neater, but If you insist...
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Matthew (administrator) on MATTHEW-VAIO on 26-03-2015 19:07:27
Running from C:\Users\Matthew.MaryAnne-VAIO\Desktop
Loaded Profiles: Matthew (Available profiles: Mary Anne & Matthew & Work & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {18f93fd0-3c8d-11e4-8d45-0024bebcd108} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {a89104b8-c8fd-11e0-93d4-0024bebcd108} - H:\LaunchU3.exe -a
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {97950DD2-A4C0-4591-85AF-3E5B0E395389} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {CA97608C-89FE-44C5-8BA2-5B202A771DC8} URL = http://www.urbandictionary.com/define.php?term={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {DCE81AC7-4A1E-49D2-8828-DFF14DA5697B} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-31] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin HKU\S-1-5-21-2119633729-2506518566-2012215298-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2119633729-2506518566-2012215298-1005: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2008-07-08] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-01-06] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010-12-24]
FF Extension: YoYo Games InstantPlay - C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default\Extensions\yyginstantplay@yoyogames.com [2011-03-21]
FF Extension: NoScript - C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-24]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-07]
CHR Extension: (Google Drive) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2013-10-14]
CHR Extension: (Google Search) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Block site) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2013-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-13]
CHR Extension: (Morpheon Dark) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2013-10-07]
CHR Extension: (Google Wallet) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR Extension: (RSS Feed Reader) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-07-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-08-23] (Adobe Systems) [File not signed]
S4 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-24] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-02] (Disc Soft Ltd)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-02] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-19] ()
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-07] (EnTech Taiwan)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-24] (Avast Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
U3 a1drmc5i; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 MSSQL$DDNI; No ImagePath
U2 Oasis2Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 19:07 - 2015-03-26 19:08 - 00025912 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\FRST.txt
2015-03-23 17:30 - 2015-03-26 19:07 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Farbar Recovery Scan Tool
2015-03-23 09:29 - 2015-03-26 19:07 - 00000000 ____D () C:\FRST
2015-03-23 09:28 - 2015-03-23 09:28 - 02095616 _____ (Farbar) C:\Users\Matthew.MaryAnne-VAIO\Desktop\FRST64.exe
2015-03-22 09:07 - 2015-03-22 09:07 - 00003166 _____ () C:\Windows\PFRO.log
2015-03-19 21:27 - 2015-03-26 18:23 - 00000616 _____ () C:\Windows\setupact.log
2015-03-19 21:27 - 2015-03-19 21:27 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-19 15:34 - 2015-03-19 15:45 - 00000000 ____D () C:\MGtools
2015-03-19 13:25 - 2015-03-19 13:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-19 13:25 - 2015-03-19 13:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-18 22:23 - 2015-03-20 08:12 - 00000730 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\witchery notes.txt
2015-03-18 12:15 - 2015-03-19 15:33 - 00000611 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Untitled.txt
2015-03-15 09:22 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-15 09:22 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-15 09:22 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-15 09:22 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-15 09:21 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-15 09:21 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-15 09:21 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-15 09:21 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-15 09:21 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-15 09:21 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-15 09:21 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-15 09:21 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-15 09:21 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-15 09:21 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-15 09:21 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-15 09:20 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-15 09:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-15 09:20 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-15 09:20 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-15 09:20 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-15 09:20 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-15 09:20 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-15 09:20 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-15 09:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-15 09:20 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-15 09:20 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-15 09:20 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-15 09:20 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-15 09:20 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-15 09:14 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-15 09:14 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-15 09:14 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-15 09:14 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-15 09:13 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-15 09:13 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-15 09:13 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-15 09:13 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-15 09:13 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-15 09:13 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-15 09:13 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-15 09:13 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-15 09:13 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-15 09:13 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-15 09:13 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-15 09:12 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-15 09:12 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-15 09:12 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-15 09:12 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-15 09:12 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-15 09:12 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-15 09:12 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-15 09:12 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-15 09:12 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-15 09:12 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-15 09:11 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-15 09:11 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-15 09:11 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-15 09:11 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-15 09:11 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-15 09:11 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-15 09:11 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-15 09:11 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-15 09:11 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-15 09:11 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-15 09:11 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-15 09:11 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-15 09:11 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-15 09:11 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-15 09:11 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-15 09:11 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-15 09:11 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-15 09:11 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-15 09:11 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-15 09:11 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-15 09:11 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-15 09:11 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-15 09:11 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-15 09:11 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-15 09:11 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-15 09:11 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-15 09:11 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-15 09:11 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-15 09:11 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-15 09:11 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-15 09:11 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-15 09:11 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-15 09:11 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-15 09:11 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-15 09:11 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-15 09:11 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-15 09:11 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-15 09:11 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-15 09:11 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-15 09:11 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-15 09:11 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-15 09:11 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-15 09:11 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-15 09:11 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-15 09:10 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-15 09:10 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-15 09:10 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-15 09:10 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-15 09:10 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-15 09:10 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-15 09:10 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-15 09:10 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-15 09:10 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-15 09:10 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-15 09:10 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-15 09:10 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-15 09:10 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-15 09:09 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-15 09:09 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 09:02 - 2015-03-10 09:02 - 00000995 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Minecraft.exe - Shortcut.lnk
2015-03-07 16:45 - 2015-03-22 09:14 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-03-06 18:40 - 2015-03-06 18:40 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformice.lnk
2015-03-04 11:50 - 2015-03-04 11:50 - 00000000 _____ () C:\Windows\SysWOW64\REN5C37.tmp
2015-03-04 11:45 - 2015-03-04 11:45 - 00000000 _____ () C:\Windows\SysWOW64\REN4702.tmp
2015-02-28 16:15 - 2015-02-28 16:15 - 00003396 _____ () C:\Windows\System32\Tasks\{921C1405-608D-4919-84B8-986BB9AA590B}
2015-02-26 04:02 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 04:02 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 18:46 - 2013-07-12 21:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f66eccfad1d.job
2015-03-26 18:36 - 2009-07-14 00:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 18:36 - 2009-07-14 00:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 18:35 - 2010-07-21 15:49 - 01461742 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 18:26 - 2013-12-24 15:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-26 18:25 - 2011-10-31 18:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 18:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 10:14 - 2012-04-02 09:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 09:46 - 2010-12-31 20:00 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\.minecraft
2015-03-23 19:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-23 09:38 - 2014-01-20 14:04 - 00000000 ____D () C:\Program Files (x86)\Tiled
2015-03-23 09:35 - 2011-02-15 23:34 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\BitTorrent
2015-03-23 07:50 - 2009-07-14 01:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-21 19:48 - 2013-02-12 11:27 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\TSVNCache
2015-03-19 13:51 - 2014-08-13 12:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 12:47 - 2011-02-20 18:28 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\DAEMON Tools Lite
2015-03-19 12:42 - 2013-02-09 23:08 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-19 12:42 - 2010-11-14 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-19 12:42 - 2010-11-14 23:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-18 12:07 - 2011-12-28 12:02 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-18 12:07 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-18 12:03 - 2009-07-14 00:45 - 00519312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-18 11:33 - 2010-07-21 15:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-18 11:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-18 11:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-18 11:33 - 2009-07-13 22:34 - 00000513 _____ () C:\Windows\win.ini
2015-03-18 11:32 - 2014-08-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-18 11:20 - 2013-07-27 12:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-18 10:59 - 2010-08-08 21:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-15 08:48 - 2009-07-14 01:13 - 00878458 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 09:34 - 2011-05-13 12:29 - 00862768 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-07 18:08 - 2014-04-06 22:37 - 00000000 ____D () C:\Update
2015-03-07 16:45 - 2011-08-29 10:06 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-03-07 16:45 - 2009-12-25 18:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-07 16:45 - 2009-12-25 17:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-06 23:01 - 2013-07-02 11:36 - 00000000 ____D () C:\my_stuff
2015-03-06 19:08 - 2012-12-20 22:33 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Transformice
2015-03-06 18:40 - 2014-10-05 20:41 - 00031232 ___SH () C:\Users\Matthew.MaryAnne-VAIO\Downloads\Thumbs.db
2015-03-04 11:50 - 2013-12-22 19:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 11:39 - 2013-10-25 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 11:37 - 2015-02-15 00:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-04 11:37 - 2015-02-15 00:08 - 00000000 ____D () C:\Program Files\Java
2015-02-24 15:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-24 04:17 - 2010-07-21 14:41 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-04-18 16:30 - 2014-04-18 16:40 - 0000169 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\licecap.ini
2013-12-09 12:27 - 2013-12-09 12:27 - 0035328 ___SH () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Thumbs.db
2014-04-28 23:31 - 2014-04-28 23:31 - 0003072 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\recently-used.xbel
2011-10-31 20:12 - 2011-10-31 20:12 - 0000017 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\resmon.resmoncfg
2012-04-06 12:16 - 2012-04-06 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-01-21 18:30 - 2014-01-21 18:34 - 0000088 __RSH () C:\ProgramData\C9EFA86EE0.sys
2010-07-21 20:09 - 2010-10-05 14:09 - 0001177 _____ () C:\ProgramData\hpzinstall.log
2014-01-21 18:30 - 2014-01-21 18:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some content of TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\GLF8D58.EXE
C:\Users\Matthew\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Matthew\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Work\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaves56.dll
C:\Users\Work\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-23 18:52
 
==================== End Of Log ============================
 
 
-----------------------------------------------------------------
-----------------------------------------------------------------
-----------------------------------------------------------------
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Matthew at 2015-03-26 19:08:31
Running from C:\Users\Matthew.MaryAnne-VAIO\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Professional CS5 (HKLM-x32\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version:  - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version:  - GNU)
AutoHotkey 1.1.15.00 (HKLM\...\AutoHotkey) (Version: 1.1.15.00 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
BYOND (HKLM-x32\...\BYOND) (Version: 498.1163 - BYOND)
C309a (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
CodeBlocks (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DiskCheckup v3.2 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.)
Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
GameMaker-Studio 1.2 (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
GitHub (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version:  - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2342.2 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.2.0.15040 - Sony Corporation)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team)
Media Preview (HKLM\...\{21BF695F-4A50-43D0-8E6B-83C3C64EFD49}) (Version: 1.4.2.417 - BabelSoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Game Studio 3.1 (HKLM-x32\...\XNA Game Studio 3.1) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NUnit 2.6.2 (HKLM-x32\...\{002B407D-DE66-4601-A10C-45941586C767}) (Version: 2.6.2.12296 - nunit.org)
NY Reboot (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\NY Reboot) (Version:  - )
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de verification linguistique 2013 de Microsoft Office?- Francais (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.0.00.09250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.0.00.09250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.0.01.11230 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.0.01.11230 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.0.00.10150 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.0.00.10150 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.0.01.12010 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.0.01.12010 - Sony Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 2.7.4 (64-bit) (HKLM\...\{84ADC96C-B7E0-4938-9D6E-2B640D5DA225}) (Version: 2.7.4150 - Python Software Foundation)
QuickBooks Financial Center (HKLM-x32\...\{0F962B79-D0DC-40D9-96BA-ED1355120CBA}) (Version: 1.30.0000 - Intuit Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.0.0.15090 - Sony Corporation) Hidden
Remote Play with PlayStationR3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06210 - Sony Corporation)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Rosetta Stone 2.1.3.0A (HKLM-x32\...\Rosetta Stone 2.1.3.0A) (Version: 2.1.3.0 - Fairfield Language Technologies)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64 (Version: 3.9.0.09270 - Sony Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype? 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.9.4.20091005.2246 - Sony)
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.13270 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version:  - )
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care (x32 Version: 6.4.1.05290 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (x32 Version: 2.4.1.09180 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.1.07160 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.0.00.09240 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.13200 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}) (Version: 10.00.1029 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.14250 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.0.0.07030 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.0.00.09240 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO OOBE and Startup Assistant (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 2.00.1110 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{BAD9A7B0-FA18-4247-A6F5-BDCF64B40C4C}) (Version: 3.0.2.05260 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.2.2.3 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.2.2.3 - Sony Corporation) Hidden
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.1028 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO オリジナル機能の設定 (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.13120 - Sony Corporation)
VAIO コンテンツ監視の設定 (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.13120 - Sony Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VSDC Free Video Editor version 1.3.3.22 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 1.3.3.22 - Flash-Integro LLC)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Wakfu (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\wakfu) (Version:  - Ankama Games)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\WinDirStat) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yume Nikki 0.10 English (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\Yume Nikki 0.10 English) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
18-11-2014 11:22:47 Windows Update
20-11-2014 04:00:22 Windows Update
24-11-2014 02:41:17 avast! antivirus system restore point
25-11-2014 13:46:51 Windows Update
02-12-2014 14:24:48 Windows Update
06-12-2014 19:03:16 Installed Java 7 Update 80 (64-bit)
08-12-2014 17:24:58 Installed TortoiseSVN 1.8.8.25755 (64 bit)
09-12-2014 12:48:54 Windows Update
12-12-2014 04:01:22 Windows Update
16-12-2014 11:41:07 Windows Update
19-12-2014 13:53:46 Windows Update
23-12-2014 13:26:24 Windows Update
30-12-2014 14:31:31 Windows Update
31-12-2014 00:23:32 Windows Update
31-12-2014 20:37:43 Installed SUABnR
02-01-2015 17:02:57 Removed SUABnR
11-01-2015 18:35:54 Scheduled Checkpoint
19-01-2015 18:35:27 Scheduled Checkpoint
27-01-2015 20:50:18 Scheduled Checkpoint
30-01-2015 19:12:46 Removed Java 7 Update 80 (64-bit)
07-02-2015 10:20:11 Windows Update
08-02-2015 04:00:29 Windows Update
12-02-2015 04:02:19 Windows Update
13-02-2015 04:00:32 Windows Update
14-02-2015 23:49:11 Removed Java 8 Update 31
17-02-2015 10:08:54 Windows Update
20-02-2015 10:53:46 Windows Update
24-02-2015 09:30:42 Windows Update
26-02-2015 04:00:38 Windows Update
04-03-2015 11:26:52 Windows Update
04-03-2015 11:49:37 Removed Java 8 Update 40
07-03-2015 16:43:39 Removed VAIO Update
07-03-2015 16:44:52 Installed VAIO Update
10-03-2015 09:17:30 Windows Update
10-03-2015 09:24:22 Windows Update
15-03-2015 09:09:29 Windows Update
18-03-2015 10:36:34 Windows Update
24-03-2015 10:03:43 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2012-09-19 15:23 - 00000882 ___RA C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0EF0DA1D-E16D-4A72-BED7-79B814D1046A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-30] (Adobe Systems Incorporated)
Task: {1047AF7B-4B9C-4F62-BADB-217EAD679247} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {115B4C64-4D1F-45D2-93B5-C26F8DC55FCC} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {28AB9743-9A7B-466E-B6C0-92C5BD216129} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {2A22AD07-3080-453E-BCDB-4C4B7069405F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {2B395719-3420-47DD-9869-2DD1115B68AE} - System32\Tasks\AdobeAAMUpdater-1.0-MaryAnne-VAIO-Matthew => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {313C1196-2FE8-453D-A6DF-59E441443382} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {330C8FE5-42D1-4470-93AD-57DD41498C46} - System32\Tasks\GoogleUpdateTaskMachineUA1ce7f66eccfad1d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {3B0D95F5-756E-4624-90AE-C79D05855E5C} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3ED4C8D7-06E0-4687-ABAE-698D38BCC879} - System32\Tasks\{E0AEF2B5-D627-454D-8112-ECB46211B3D1} => pcalua.exe -a "C:\Program Files (x86)\RTPセットアップ\RPG2000RTP.exe" -d "C:\Program Files (x86)\RTPセットアップ"
Task: {40B543A6-BD24-4FCC-892E-2459DF6AAEAB} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {44F4FAB9-4077-4FF8-9260-CC80EBD15C96} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4A57DA35-34B9-4666-89B4-F862BB8B0C49} - System32\Tasks\{DA21326C-22FE-47B0-A37F-536928A717E6} => pcalua.exe -a C:\Windows\TADSUINS.EXE -c C:\Saved Downloads\IF\IF\Interpreters\TADS\UnInst53CD.inf
Task: {4DF4CF1B-3820-41E0-BA7C-8D0FB3AA906E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {51F2D30B-326F-4D0C-96ED-94D5CA25F4E0} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {54C48B20-4F75-486C-8D4D-5491CFE1F2C9} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {563798F0-9D98-46A2-81C4-F8AA806F81F3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {583A8068-6950-4790-826B-A99C4AA1C387} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files\Sony\First Experience\OOBESendInfo.exe [2009-11-05] ()
Task: {58C72AF3-1C0E-4CAE-94B5-DA617CB3B08C} - System32\Tasks\mytask
Task: {5B40477C-A14F-496E-A48D-A8E9477DF1FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5D4EF639-9952-4090-B896-A8853DD94FBE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {64CB7EC5-F11D-442A-8BA9-A0F120D7479A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {7784EAE8-12E2-4050-82FE-703185CABA73} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {78DC6681-4426-4F50-9075-CE0D1FD5C19F} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {7FD360C2-56DF-40E0-AFD9-2FEE4B00D23F} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {83F3022C-C5EF-46D5-9CF2-9A864E2AA943} - System32\Tasks\{AEF519F1-1B28-4C76-9417-B34D56DE5FC3} => C:\Users\Matthew\Downloads\RTPセットアップ\RPG2000RTP.exe
Task: {873C5B42-5FE5-4352-87B9-991F70DA7A71} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8BCEC55C-B485-4E86-B623-8BAEB094BAFD} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {8C96B5E8-BD4B-4D23-B228-2B59657D1D5E} - System32\Tasks\{B68D2B34-B848-4186-A966-362CE4EBB62F} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/ja/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {8D98B390-0BA9-40C3-A582-DA9C17BC2922} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {8F2E1C93-6FCE-43E8-BE9C-511D4A5C4061} - System32\Tasks\{D82C702E-647B-44BB-9FA4-0BEB6FD93898} => pcalua.exe -a "C:\Users\Mary Anne\Downloads\AGbIC - All Entries v2\Windows Games\Ruins_V1.1\Ruins_V1.1\setup.exe" -d "C:\Users\Mary Anne\Downloads\AGbIC - All Entries v2\Windows Games\Ruins_V1.1\Ruins_V1.1"
Task: {91435F71-7AD3-4B18-A360-34A8A4AA0519} - System32\Tasks\{4B93C0E1-1F6F-4103-AAEC-065350DD438A} => pcalua.exe -a "C:\Internet Games\Eternally Us\winsetup.exe" -d "C:\Internet Games\Eternally Us"
Task: {93671569-5438-437E-9484-E6EB3C983ACA} - System32\Tasks\{CA86AA5F-7CD6-4F27-B56C-1ACA6A868F8A} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Users\Matthew.MaryAnne-VAIO\Downloads\IF\ST6UNST.LOG"
Task: {99C3BD4B-206E-4CA6-A852-18BB492D9C18} - System32\Tasks\{78625FE2-A827-40A3-98EF-6E2041767A90} => pcalua.exe -a C:\Users\Matthew.MaryAnne-VAIO\Downloads\Kuma_Story_2010\winsetup.exe -d C:\Users\Matthew.MaryAnne-VAIO\Downloads\Kuma_Story_2010
Task: {B62B83FD-2DB3-478F-AE54-7A3EF40CFBBE} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {B67CCB39-5973-4C0E-BB37-93FF51627F2E} - System32\Tasks\{9E8CAD45-0C27-47D9-A830-A1368D659C29} => pcalua.exe -a C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\ACR_Demo_v2.2\ACR_Demo_Setup_v2.2.exe -d C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\ACR_Demo_v2.2
Task: {B841FD1D-16CE-4224-8475-4F4CB8A53182} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {BCEEF375-B2C6-4EC8-8D76-E76E3646458B} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {BFEDA474-3CA7-4D62-92C7-B24461D17277} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C1CB9D9D-5427-4D65-B69C-B47EF317075C} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {D29844B6-4919-45B8-A515-F4B9633333B5} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {D2ECB790-A2EE-44FD-A674-16E7E1FC0C21} - System32\Tasks\{CE522A19-286F-4912-80FB-E4E5410D7B0D} => pcalua.exe -a C:\Users\Matthew\Downloads\RTPセットアップ\RPG2000RTP.exe -d C:\Users\Matthew\Downloads\RTPセットアップ
Task: {D34ED8D7-54A5-4DE3-BB66-898C9F90B44F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D4B3BA34-DDE6-4763-BFF9-D11D0B68C1C7} - System32\Tasks\{921C1405-608D-4919-84B8-986BB9AA590B} => pcalua.exe -a "C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\The Black Hand Gang\The Black Hand Gang\winsetup.exe" -d "C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\The Black Hand Gang\The Black Hand Gang"
Task: {E690984C-CE56-4117-98A7-2BABB3902951} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E8A1060A-4DE6-448D-8F5D-E248A21E08A3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {EA20C5F5-EB87-4995-957B-5393EFBE2935} - System32\Tasks\{56F7BD45-2722-4632-9153-BCC790F59DE9} => C:\Users\Matthew.MaryAnne-VAIO\Downloads\core0012\ROA\ROA.exe
Task: {EBC70444-445B-48D9-AF07-5076FD41CC9F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {ECA58D5A-3272-45A1-9CE3-AC51AE924CA3} - System32\Tasks\Sony\OOBEReminder => C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe [2009-11-05] (Sony Electronics, Inc.)
Task: {F7A0AE5E-0CDC-4E93-A262-DA51E3F703AF} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {F8908A5F-81E6-4F92-B04D-5166D3A088BF} - System32\Tasks\{125E5CA0-0023-4D7C-A8FF-554CC8AC52B2} => pcalua.exe -a "C:\Users\Matthew.MaryAnne-VAIO\Downloads\Terraria Leak 2 May 12\XNAGS40_setup.exe" -d "C:\Users\Matthew.MaryAnne-VAIO\Downloads\Terraria Leak 2 May 12"
Task: {FE88DCBA-3C3C-4D39-AEB0-9BBDC116BC0C} - System32\Tasks\{BBDBD2E7-48D6-4A4F-BDAE-1B19DECDAA38} => C:\Users\Matthew.MaryAnne-VAIO\Downloads\core0073\ROA\up1864\ROATGO03S\ROA03S8020\ROA03S.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f66eccfad1d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-21 15:59 - 2015-01-21 15:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-10 17:10 - 2014-08-10 17:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 17:10 - 2014-08-10 17:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-08-11 21:48 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-08-09 16:21 - 2012-08-09 16:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-24 02:42 - 2014-11-24 02:42 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-24 02:42 - 2014-11-24 02:42 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-03-24 09:43 - 2015-03-24 09:43 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032400\algo.dll
2014-11-24 02:42 - 2014-11-24 02:42 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-26 18:27 - 2015-03-26 18:27 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032601\algo.dll
2015-03-15 08:49 - 2015-03-15 08:49 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-12-25 17:59 - 2009-11-20 19:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-10 16:40 - 2014-08-10 16:40 - 00065792 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2015-03-26 18:46 - 2015-03-23 19:14 - 01404744 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2342.2\libglesv2.dll
2015-03-26 18:46 - 2015-03-23 19:14 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2342.2\libegl.dll
2015-03-26 18:46 - 2015-03-23 19:14 - 14978376 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2342.2\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft:jlT4ZrSFJP1pXmZx7vGhUtuXXvu
AlternateDataStreams: C:\ProgramData\Microsoft:Ycjb9rwAxxwif2oByyT
AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp:Xqk5tl7Zj9EmzlSzKwJu
AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temporary Internet Files:JHtTlV2Y4gvaEeas7QQRqoUaIB3
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Akamai => 3
MSCONFIG\Services: btwdins => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: MSSQL$SQLEXPRESS => 3
MSCONFIG\Services: MySQL55 => 2
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: Roxio UPnP Renderer 10 => 3
MSCONFIG\Services: Roxio Upnp Server 10 => 2
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: SQLWriter => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: VAIO Entertainment TV Device Arbitration Service => 3
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: VUAgent => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Matthew.MaryAnne-VAIO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desura => C:\Program Files (x86)\Desura\desura.exe -autostart
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Photosmart 7510 series (NET) => "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN214340Q105T5:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SmartWiHelper => "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2119633729-2506518566-2012215298-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2119633729-2506518566-2012215298-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2119633729-2506518566-2012215298-1002 - Limited - Enabled)
Mary Anne (S-1-5-21-2119633729-2506518566-2012215298-1004 - Administrator - Enabled) => C:\Users\Mary Anne
Matthew (S-1-5-21-2119633729-2506518566-2012215298-1005 - Administrator - Enabled) => C:\Users\Matthew.MaryAnne-VAIO
Work (S-1-5-21-2119633729-2506518566-2012215298-1014 - Administrator - Enabled) => C:\Users\Work
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Plus B210 series
Description: Photosmart Plus B210 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: A14AKYGV IDE Controller
Description: A14AKYGV IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: a1drmc5i
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2015 10:03:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2119633729-2506518566-2012215298-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e57a1ab7-c842-4cb1-bb36-86afcef66919}
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2015 06:52:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2015 06:52:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2015 06:52:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2015 06:52:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/21/2015 11:17:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe91c7b401
Faulting process id: 0xda8
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3
 
 
System errors:
=============
Error: (03/26/2015 06:26:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error: 
%%268439616
 
Error: (03/26/2015 06:25:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5
 
Error: (03/26/2015 06:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/23/2015 09:23:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error: 
%%268439616
 
Error: (03/23/2015 09:23:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5
 
Error: (03/23/2015 09:23:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
 
Error: (03/23/2015 09:22:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastVBox COM Service service failed to start due to the following error: 
%%1053
 
Error: (03/23/2015 09:22:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.
 
Error: (03/23/2015 09:22:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}
 
Error: (03/23/2015 09:21:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (03/24/2015 10:03:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2119633729-2506518566-2012215298-1003.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e57a1ab7-c842-4cb1-bb36-86afcef66919}
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll
 
Error: (03/23/2015 06:54:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll
 
Error: (03/23/2015 06:52:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
 
Error: (03/23/2015 06:52:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe
 
Error: (03/23/2015 06:52:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe
 
Error: (03/23/2015 06:52:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
 
Error: (03/21/2015 11:17:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fe91c7b401da801d06196565b774aC:\Program Files\Sony\VAIO Care\VCAgent.exeunknownf31df38f-d041-11e4-a7e0-0024bebcd108
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 42%
Total physical RAM: 3758.1 MB
Available physical RAM: 2152.68 MB
Total Pagefile: 7514.38 MB
Available Pagefile: 5407.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:437.35 GB) (Free:50.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BB24B39D)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=437.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=05)
 
==================== End Of Log ============================


#4 DeleteSystem32

DeleteSystem32
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 31 March 2015 - 08:33 AM

And the slowdown happened again just as I was posting. The process peaked at 1GB before I shut it down.



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:07 AM

Posted 31 March 2015 - 09:38 AM

Hey,
well done. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      • Enable free trial of Malwarebytes Anti-Malware Premium
      • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.
    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 DeleteSystem32

DeleteSystem32
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 31 March 2015 - 07:23 PM

I have ran all the programs, and they managed to find a few things (even Malwarebytes found something in firefox this time, although I use chrome) including conduit, which I haven't seen in a long time.

 

I noticed that my windows network firewall is telling me it's "not running or set up incorrectly", Which may or may not be related to my current problem... This is after I ran the scans and restarted my computer.

 

 

AdwCleaner[S0].txt:

# AdwCleaner v4.200 - Logfile created 31/03/2015 at 17:33:14
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Matthew - MATTHEW-VAIO
# Running from : C:\Users\Matthew.MaryAnne-VAIO\Desktop\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Ask.com
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1:9421;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v43.0.2351.3
 
 
*************************
 
AdwCleaner[R0].txt - [2173 bytes] - [31/03/2015 17:30:46]
AdwCleaner[S0].txt - [2024 bytes] - [31/03/2015 17:33:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2083  bytes] ##########
 
 
 
JRT.txt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.9 (03.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by Matthew on 03/31/2015 Tue at 19:53:23.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Matthew.MaryAnne-VAIO\appdata\locallow\conduit"
Successfully deleted: [Empty Folder] C:\Users\Matthew.MaryAnne-VAIO\appdata\local\{C00DA928-198E-42A6-8B9E-C3CFD553C5C0}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/31/2015 Tue at 19:57:44.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
mbam scan log 3.31.2015.txt:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/31/2015
Scan Time: 5:42:57 PM
Logfile: mbam scan log 3.31.2015.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.31.07
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Matthew
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 664688
Time Elapsed: 55 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Spigot.A, C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");), Replaced,[1af96be16b1f5bdb8b681420b35356aa]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
FRST.txt (forgot this step before I restarted my computer):
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Matthew (administrator) on MATTHEW-VAIO on 31-03-2015 20:24:49
Running from C:\Users\Matthew.MaryAnne-VAIO\Desktop
Loaded Profiles: Matthew (Available profiles: Mary Anne & Matthew & Work & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {18f93fd0-3c8d-11e4-8d45-0024bebcd108} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {a89104b8-c8fd-11e0-93d4-0024bebcd108} - H:\LaunchU3.exe -a
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {97950DD2-A4C0-4591-85AF-3E5B0E395389} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {CA97608C-89FE-44C5-8BA2-5B202A771DC8} URL = http://www.urbandictionary.com/define.php?term={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {DCE81AC7-4A1E-49D2-8828-DFF14DA5697B} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-31] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin HKU\S-1-5-21-2119633729-2506518566-2012215298-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2119633729-2506518566-2012215298-1005: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2008-07-08] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-01-06] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010-12-24]
FF Extension: YoYo Games InstantPlay - C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default\Extensions\yyginstantplay@yoyogames.com [2011-03-21]
FF Extension: NoScript - C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-24]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-07]
CHR Extension: (Google Drive) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2013-10-14]
CHR Extension: (Google Search) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Block site) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2013-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-13]
CHR Extension: (Morpheon Dark) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2013-10-07]
CHR Extension: (Google Wallet) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR Extension: (RSS Feed Reader) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-07-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-08-23] (Adobe Systems) [File not signed]
S4 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-24] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-02] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-31] (Malwarebytes Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-02] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-19] ()
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-07] (EnTech Taiwan)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-24] (Avast Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
U3 arybcmgt; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 MSSQL$DDNI; No ImagePath
U2 Oasis2Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-31 20:24 - 2015-03-31 20:25 - 00025237 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\FRST.txt
2015-03-31 19:48 - 2015-03-31 19:48 - 01418897 _____ (Thisisu) C:\Users\Matthew.MaryAnne-VAIO\Desktop\JRT.exe
2015-03-31 17:40 - 2015-03-31 19:57 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\Desktop\log
2015-03-31 17:30 - 2015-03-31 17:33 - 00000000 ____D () C:\AdwCleaner
2015-03-31 17:29 - 2015-03-31 17:29 - 02208768 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\adwcleaner_4.200.exe
2015-03-30 09:28 - 2015-03-30 09:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-30 09:28 - 2015-03-30 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-29 11:25 - 2015-03-29 11:25 - 00000000 _____ () C:\Windows\Model.log
2015-03-23 17:30 - 2015-03-26 19:17 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Farbar Recovery Scan Tool
2015-03-23 09:29 - 2015-03-31 20:24 - 00000000 ____D () C:\FRST
2015-03-23 09:28 - 2015-03-23 09:28 - 02095616 _____ (Farbar) C:\Users\Matthew.MaryAnne-VAIO\Desktop\FRST64.exe
2015-03-22 09:07 - 2015-03-28 10:36 - 00004828 _____ () C:\Windows\PFRO.log
2015-03-19 21:27 - 2015-03-31 20:02 - 00001176 _____ () C:\Windows\setupact.log
2015-03-19 21:27 - 2015-03-19 21:27 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-19 15:34 - 2015-03-19 15:45 - 00000000 ____D () C:\MGtools
2015-03-19 13:25 - 2015-03-19 13:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-19 13:25 - 2015-03-19 13:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-18 22:23 - 2015-03-20 08:12 - 00000730 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\witchery notes.txt
2015-03-18 12:15 - 2015-03-19 15:33 - 00000611 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Untitled.txt
2015-03-15 09:22 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-15 09:22 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-15 09:22 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-15 09:22 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-15 09:21 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-15 09:21 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-15 09:21 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-15 09:21 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-15 09:21 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-15 09:21 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-15 09:21 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-15 09:21 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-15 09:21 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-15 09:21 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-15 09:21 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-15 09:20 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-15 09:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-15 09:20 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-15 09:20 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-15 09:20 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-15 09:20 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-15 09:20 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-15 09:20 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-15 09:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-15 09:20 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-15 09:20 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-15 09:20 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-15 09:20 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-15 09:20 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-15 09:14 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-15 09:14 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-15 09:14 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-15 09:14 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-15 09:13 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-15 09:13 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-15 09:13 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-15 09:13 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-15 09:13 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-15 09:13 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-15 09:13 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-15 09:13 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-15 09:13 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-15 09:13 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-15 09:13 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-15 09:12 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-15 09:12 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-15 09:12 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-15 09:12 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-15 09:12 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-15 09:12 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-15 09:12 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-15 09:12 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-15 09:12 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-15 09:12 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-15 09:11 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-15 09:11 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-15 09:11 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-15 09:11 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-15 09:11 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-15 09:11 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-15 09:11 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-15 09:11 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-15 09:11 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-15 09:11 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-15 09:11 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-15 09:11 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-15 09:11 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-15 09:11 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-15 09:11 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-15 09:11 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-15 09:11 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-15 09:11 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-15 09:11 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-15 09:11 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-15 09:11 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-15 09:11 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-15 09:11 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-15 09:11 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-15 09:11 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-15 09:11 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-15 09:11 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-15 09:11 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-15 09:11 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-15 09:11 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-15 09:11 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-15 09:11 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-15 09:11 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-15 09:11 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-15 09:11 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-15 09:11 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-15 09:11 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-15 09:11 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-15 09:11 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-15 09:11 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-15 09:11 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-15 09:11 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-15 09:11 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-15 09:11 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-15 09:10 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-15 09:10 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-15 09:10 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-15 09:10 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-15 09:10 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-15 09:10 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-15 09:10 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-15 09:10 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-15 09:10 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-15 09:10 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-15 09:10 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-15 09:10 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-15 09:10 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-15 09:09 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-15 09:09 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 09:02 - 2015-03-10 09:02 - 00000995 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Minecraft.exe - Shortcut.lnk
2015-03-07 16:45 - 2015-03-22 09:14 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-03-06 18:40 - 2015-03-06 18:40 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformice.lnk
2015-03-04 11:50 - 2015-03-04 11:50 - 00000000 _____ () C:\Windows\SysWOW64\REN5C37.tmp
2015-03-04 11:45 - 2015-03-04 11:45 - 00000000 _____ () C:\Windows\SysWOW64\REN4702.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-31 20:14 - 2012-04-02 09:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 20:10 - 2009-07-14 00:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-31 20:10 - 2009-07-14 00:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-31 20:07 - 2010-07-21 15:49 - 01639971 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 20:04 - 2011-10-31 18:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 20:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 20:00 - 2013-02-12 11:27 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\TSVNCache
2015-03-31 19:44 - 2013-07-12 21:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f66eccfad1d.job
2015-03-31 17:42 - 2014-08-13 12:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 10:28 - 2010-12-31 20:00 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\.minecraft
2015-03-31 09:32 - 2009-07-14 01:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 09:21 - 2013-12-24 15:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-30 09:27 - 2015-02-15 00:08 - 00000000 ____D () C:\Program Files\Java
2015-03-29 11:41 - 2010-07-21 16:35 - 00000000 ____D () C:\Program Files\Sony
2015-03-29 11:41 - 2009-12-25 18:58 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-03-29 11:35 - 2012-07-30 10:32 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Sony Corporation
2015-03-29 11:35 - 2010-07-21 16:04 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-03-29 11:35 - 2009-12-25 17:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 11:25 - 2010-07-21 16:08 - 00000021 _____ () C:\Windows\Model.txt
2015-03-29 11:22 - 2014-04-06 22:37 - 00000000 ____D () C:\Update
2015-03-26 20:12 - 2009-07-14 01:13 - 00878458 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 19:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-23 09:39 - 2010-08-16 13:08 - 00000000 ____D () C:\UDK
2015-03-23 09:38 - 2014-01-20 14:04 - 00000000 ____D () C:\Program Files (x86)\Tiled
2015-03-23 09:35 - 2011-02-15 23:34 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\BitTorrent
2015-03-19 12:47 - 2011-02-20 18:28 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\DAEMON Tools Lite
2015-03-19 12:42 - 2013-02-09 23:08 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-19 12:42 - 2010-11-14 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-19 12:42 - 2010-11-14 23:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-18 12:07 - 2011-12-28 12:02 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-18 12:07 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-18 12:03 - 2009-07-14 00:45 - 00519312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-18 11:33 - 2010-07-21 15:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-18 11:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-18 11:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-18 11:33 - 2009-07-13 22:34 - 00000513 _____ () C:\Windows\win.ini
2015-03-18 11:32 - 2014-08-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-18 11:20 - 2013-07-27 12:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-18 10:59 - 2010-08-08 21:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 09:34 - 2011-05-13 12:29 - 00862768 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-07 16:45 - 2011-08-29 10:06 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-03-07 16:45 - 2009-12-25 18:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-06 23:01 - 2013-07-02 11:36 - 00000000 ____D () C:\my_stuff
2015-03-06 19:08 - 2012-12-20 22:33 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Transformice
2015-03-06 18:40 - 2014-10-05 20:41 - 00031232 ___SH () C:\Users\Matthew.MaryAnne-VAIO\Downloads\Thumbs.db
2015-03-04 11:50 - 2013-12-22 19:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 11:39 - 2013-10-25 19:18 - 00000000 ____D () C:\ProgramData\Oracle
 
==================== Files in the root of some directories =======
 
2014-04-18 16:30 - 2014-04-18 16:40 - 0000169 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\licecap.ini
2013-12-09 12:27 - 2013-12-09 12:27 - 0035328 ___SH () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Thumbs.db
2014-04-28 23:31 - 2014-04-28 23:31 - 0003072 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\recently-used.xbel
2011-10-31 20:12 - 2011-10-31 20:12 - 0000017 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\resmon.resmoncfg
2012-04-06 12:16 - 2012-04-06 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-01-21 18:30 - 2014-01-21 18:34 - 0000088 __RSH () C:\ProgramData\C9EFA86EE0.sys
2010-07-21 20:09 - 2010-10-05 14:09 - 0001177 _____ () C:\ProgramData\hpzinstall.log
2014-01-21 18:30 - 2014-01-21 18:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some content of TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\GLF8D58.EXE
C:\Users\Matthew\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Matthew\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp\GLF7C22.EXE
C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp\GLF9CCD.EXE
C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp\sqlite3.dll
C:\Users\Work\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaves56.dll
C:\Users\Work\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-28 12:53
 
==================== End Of Log ============================
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Matthew at 2015-03-31 20:25:57
Running from C:\Users\Matthew.MaryAnne-VAIO\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Professional CS5 (HKLM-x32\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version:  - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version:  - GNU)
AutoHotkey 1.1.15.00 (HKLM\...\AutoHotkey) (Version: 1.1.15.00 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
BYOND (HKLM-x32\...\BYOND) (Version: 498.1163 - BYOND)
C309a (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
CodeBlocks (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DiskCheckup v3.2 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.)
Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
GameMaker-Studio 1.2 (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
GitHub (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version:  - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2351.3 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team)
Media Preview (HKLM\...\{21BF695F-4A50-43D0-8E6B-83C3C64EFD49}) (Version: 1.4.2.417 - BabelSoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Game Studio 3.1 (HKLM-x32\...\XNA Game Studio 3.1) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NUnit 2.6.2 (HKLM-x32\...\{002B407D-DE66-4601-A10C-45941586C767}) (Version: 2.6.2.12296 - nunit.org)
NY Reboot (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\NY Reboot) (Version:  - )
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.0.00.09250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.0.00.09250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.0.01.11230 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.0.01.11230 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.0.00.10150 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.0.00.10150 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.0.01.12010 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.0.01.12010 - Sony Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 2.7.4 (64-bit) (HKLM\...\{84ADC96C-B7E0-4938-9D6E-2B640D5DA225}) (Version: 2.7.4150 - Python Software Foundation)
QuickBooks Financial Center (HKLM-x32\...\{0F962B79-D0DC-40D9-96BA-ED1355120CBA}) (Version: 1.30.0000 - Intuit Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.0.0.15090 - Sony Corporation) Hidden
Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06210 - Sony Corporation)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Rosetta Stone 2.1.3.0A (HKLM-x32\...\Rosetta Stone 2.1.3.0A) (Version: 2.1.3.0 - Fairfield Language Technologies)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64 (Version: 3.9.0.09270 - Sony Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.9.4.20091005.2246 - Sony)
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.13270 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version:  - )
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care (x32 Version: 6.4.1.05290 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (x32 Version: 2.4.1.09180 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.1.07160 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.0.00.09240 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.13200 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}) (Version: 10.00.1029 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.14250 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.0.0.07030 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.0.00.09240 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO OOBE and Startup Assistant (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 2.00.1110 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{BAD9A7B0-FA18-4247-A6F5-BDCF64B40C4C}) (Version: 3.0.2.05260 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.2.2.3 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.2.2.3 - Sony Corporation) Hidden
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.1028 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO オリジナル機能の設定 (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.13120 - Sony Corporation)
VAIO コンテンツ監視の設定 (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.13120 - Sony Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VSDC Free Video Editor version 1.3.3.22 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 1.3.3.22 - Flash-Integro LLC)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Wakfu (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\wakfu) (Version:  - Ankama Games)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\WinDirStat) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yume Nikki 0.10 English (HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\Yume Nikki 0.10 English) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
12-12-2014 04:01:22 Windows Update
16-12-2014 11:41:07 Windows Update
19-12-2014 13:53:46 Windows Update
23-12-2014 13:26:24 Windows Update
30-12-2014 14:31:31 Windows Update
31-12-2014 00:23:32 Windows Update
31-12-2014 20:37:43 Installed SUABnR
02-01-2015 17:02:57 Removed SUABnR
11-01-2015 18:35:54 Scheduled Checkpoint
19-01-2015 18:35:27 Scheduled Checkpoint
27-01-2015 20:50:18 Scheduled Checkpoint
30-01-2015 19:12:46 Removed Java 7 Update 80 (64-bit)
07-02-2015 10:20:11 Windows Update
08-02-2015 04:00:29 Windows Update
12-02-2015 04:02:19 Windows Update
13-02-2015 04:00:32 Windows Update
14-02-2015 23:49:11 Removed Java 8 Update 31
17-02-2015 10:08:54 Windows Update
20-02-2015 10:53:46 Windows Update
24-02-2015 09:30:42 Windows Update
26-02-2015 04:00:38 Windows Update
04-03-2015 11:26:52 Windows Update
04-03-2015 11:49:37 Removed Java 8 Update 40
07-03-2015 16:43:39 Removed VAIO Update
07-03-2015 16:44:52 Installed VAIO Update
10-03-2015 09:17:30 Windows Update
10-03-2015 09:24:22 Windows Update
15-03-2015 09:09:29 Windows Update
18-03-2015 10:36:34 Windows Update
24-03-2015 10:03:43 Windows Update
26-03-2015 20:14:40 Windows Backup
27-03-2015 15:46:31 Windows Update
29-03-2015 11:33:23 削除済み Media Gallery
29-03-2015 11:35:31 インストール済み Media Gallery
29-03-2015 14:02:30 Removed Java 8 Update 40 (64-bit)
29-03-2015 14:05:58 Installed Java 7 Update 75 (64-bit)
30-03-2015 09:22:50 Removed Java 7 Update 75 (64-bit)
30-03-2015 09:24:46 Removed Java 7 Update 75 (64-bit)
31-03-2015 09:30:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2012-09-19 15:23 - 00000882 ___RA C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0EF0DA1D-E16D-4A72-BED7-79B814D1046A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-30] (Adobe Systems Incorporated)
Task: {1047AF7B-4B9C-4F62-BADB-217EAD679247} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {115B4C64-4D1F-45D2-93B5-C26F8DC55FCC} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {28AB9743-9A7B-466E-B6C0-92C5BD216129} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {2A22AD07-3080-453E-BCDB-4C4B7069405F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {2B395719-3420-47DD-9869-2DD1115B68AE} - System32\Tasks\AdobeAAMUpdater-1.0-MaryAnne-VAIO-Matthew => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {313C1196-2FE8-453D-A6DF-59E441443382} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {330C8FE5-42D1-4470-93AD-57DD41498C46} - System32\Tasks\GoogleUpdateTaskMachineUA1ce7f66eccfad1d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {3B0D95F5-756E-4624-90AE-C79D05855E5C} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3ED4C8D7-06E0-4687-ABAE-698D38BCC879} - System32\Tasks\{E0AEF2B5-D627-454D-8112-ECB46211B3D1} => pcalua.exe -a "C:\Program Files (x86)\RTPセットアップ\RPG2000RTP.exe" -d "C:\Program Files (x86)\RTPセットアップ"
Task: {40B543A6-BD24-4FCC-892E-2459DF6AAEAB} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {44F4FAB9-4077-4FF8-9260-CC80EBD15C96} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4A57DA35-34B9-4666-89B4-F862BB8B0C49} - System32\Tasks\{DA21326C-22FE-47B0-A37F-536928A717E6} => pcalua.exe -a C:\Windows\TADSUINS.EXE -c C:\Saved Downloads\IF\IF\Interpreters\TADS\UnInst53CD.inf
Task: {4C3BC241-28CC-4B1C-B499-F12C53E9C650} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {4DF4CF1B-3820-41E0-BA7C-8D0FB3AA906E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {51F2D30B-326F-4D0C-96ED-94D5CA25F4E0} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {54C48B20-4F75-486C-8D4D-5491CFE1F2C9} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {563798F0-9D98-46A2-81C4-F8AA806F81F3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {583A8068-6950-4790-826B-A99C4AA1C387} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files\Sony\First Experience\OOBESendInfo.exe [2009-11-05] ()
Task: {58C72AF3-1C0E-4CAE-94B5-DA617CB3B08C} - System32\Tasks\mytask
Task: {5B40477C-A14F-496E-A48D-A8E9477DF1FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5D4EF639-9952-4090-B896-A8853DD94FBE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {7784EAE8-12E2-4050-82FE-703185CABA73} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {78DC6681-4426-4F50-9075-CE0D1FD5C19F} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {7FD360C2-56DF-40E0-AFD9-2FEE4B00D23F} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {83F3022C-C5EF-46D5-9CF2-9A864E2AA943} - System32\Tasks\{AEF519F1-1B28-4C76-9417-B34D56DE5FC3} => C:\Users\Matthew\Downloads\RTPセットアップ\RPG2000RTP.exe
Task: {873C5B42-5FE5-4352-87B9-991F70DA7A71} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8BCEC55C-B485-4E86-B623-8BAEB094BAFD} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {8C96B5E8-BD4B-4D23-B228-2B59657D1D5E} - System32\Tasks\{B68D2B34-B848-4186-A966-362CE4EBB62F} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/ja/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {8D98B390-0BA9-40C3-A582-DA9C17BC2922} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {8F2E1C93-6FCE-43E8-BE9C-511D4A5C4061} - System32\Tasks\{D82C702E-647B-44BB-9FA4-0BEB6FD93898} => pcalua.exe -a "C:\Users\Mary Anne\Downloads\AGbIC - All Entries v2\Windows Games\Ruins_V1.1\Ruins_V1.1\setup.exe" -d "C:\Users\Mary Anne\Downloads\AGbIC - All Entries v2\Windows Games\Ruins_V1.1\Ruins_V1.1"
Task: {91435F71-7AD3-4B18-A360-34A8A4AA0519} - System32\Tasks\{4B93C0E1-1F6F-4103-AAEC-065350DD438A} => pcalua.exe -a "C:\Internet Games\Eternally Us\winsetup.exe" -d "C:\Internet Games\Eternally Us"
Task: {93671569-5438-437E-9484-E6EB3C983ACA} - System32\Tasks\{CA86AA5F-7CD6-4F27-B56C-1ACA6A868F8A} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Users\Matthew.MaryAnne-VAIO\Downloads\IF\ST6UNST.LOG"
Task: {99C3BD4B-206E-4CA6-A852-18BB492D9C18} - System32\Tasks\{78625FE2-A827-40A3-98EF-6E2041767A90} => pcalua.exe -a C:\Users\Matthew.MaryAnne-VAIO\Downloads\Kuma_Story_2010\winsetup.exe -d C:\Users\Matthew.MaryAnne-VAIO\Downloads\Kuma_Story_2010
Task: {9DBEC7FD-825C-4DA1-857B-475A3262FA10} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {B62B83FD-2DB3-478F-AE54-7A3EF40CFBBE} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {B67CCB39-5973-4C0E-BB37-93FF51627F2E} - System32\Tasks\{9E8CAD45-0C27-47D9-A830-A1368D659C29} => pcalua.exe -a C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\ACR_Demo_v2.2\ACR_Demo_Setup_v2.2.exe -d C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\ACR_Demo_v2.2
Task: {B841FD1D-16CE-4224-8475-4F4CB8A53182} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {BCEEF375-B2C6-4EC8-8D76-E76E3646458B} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {BFEDA474-3CA7-4D62-92C7-B24461D17277} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C1CB9D9D-5427-4D65-B69C-B47EF317075C} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {D29844B6-4919-45B8-A515-F4B9633333B5} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {D2ECB790-A2EE-44FD-A674-16E7E1FC0C21} - System32\Tasks\{CE522A19-286F-4912-80FB-E4E5410D7B0D} => pcalua.exe -a C:\Users\Matthew\Downloads\RTPセットアップ\RPG2000RTP.exe -d C:\Users\Matthew\Downloads\RTPセットアップ
Task: {D34ED8D7-54A5-4DE3-BB66-898C9F90B44F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D4B3BA34-DDE6-4763-BFF9-D11D0B68C1C7} - System32\Tasks\{921C1405-608D-4919-84B8-986BB9AA590B} => pcalua.exe -a "C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\The Black Hand Gang\The Black Hand Gang\winsetup.exe" -d "C:\Users\Matthew.MaryAnne-VAIO\Downloads\recent\The Black Hand Gang\The Black Hand Gang"
Task: {E690984C-CE56-4117-98A7-2BABB3902951} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E8A1060A-4DE6-448D-8F5D-E248A21E08A3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {EA20C5F5-EB87-4995-957B-5393EFBE2935} - System32\Tasks\{56F7BD45-2722-4632-9153-BCC790F59DE9} => C:\Users\Matthew.MaryAnne-VAIO\Downloads\core0012\ROA\ROA.exe
Task: {EBC70444-445B-48D9-AF07-5076FD41CC9F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {ECA58D5A-3272-45A1-9CE3-AC51AE924CA3} - System32\Tasks\Sony\OOBEReminder => C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe [2009-11-05] (Sony Electronics, Inc.)
Task: {F7A0AE5E-0CDC-4E93-A262-DA51E3F703AF} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {F8908A5F-81E6-4F92-B04D-5166D3A088BF} - System32\Tasks\{125E5CA0-0023-4D7C-A8FF-554CC8AC52B2} => pcalua.exe -a "C:\Users\Matthew.MaryAnne-VAIO\Downloads\Terraria Leak 2 May 12\XNAGS40_setup.exe" -d "C:\Users\Matthew.MaryAnne-VAIO\Downloads\Terraria Leak 2 May 12"
Task: {FE88DCBA-3C3C-4D39-AEB0-9BBDC116BC0C} - System32\Tasks\{BBDBD2E7-48D6-4A4F-BDAE-1B19DECDAA38} => C:\Users\Matthew.MaryAnne-VAIO\Downloads\core0073\ROA\up1864\ROATGO03S\ROA03S8020\ROA03S.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f66eccfad1d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-21 15:59 - 2015-01-21 15:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-10 17:10 - 2014-08-10 17:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 17:10 - 2014-08-10 17:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-08-11 21:48 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-24 02:42 - 2014-11-24 02:42 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-24 02:42 - 2014-11-24 02:42 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2012-08-09 16:21 - 2012-08-09 16:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-31 17:27 - 2015-03-31 17:27 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033101\algo.dll
2014-11-24 02:42 - 2014-11-24 02:42 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-15 08:49 - 2015-03-15 08:49 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-12-25 17:59 - 2009-11-20 19:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-03-31 14:48 - 2015-03-30 18:17 - 01269576 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2351.3\libglesv2.dll
2015-03-31 14:48 - 2015-03-30 18:17 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2351.3\libegl.dll
2010-08-15 14:34 - 2010-08-15 14:34 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2011-07-18 17:07 - 2011-07-18 17:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 19:42 - 2015-01-26 23:16 - 02748416 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2007-08-04 21:10 - 2007-08-04 21:10 - 00250368 _____ () C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll
2002-12-21 01:41 - 2002-12-21 01:41 - 01364823 _____ () C:\Program Files (x86)\Aspell\bin\aspell-15.dll
2014-08-10 16:40 - 2014-08-10 16:40 - 00065792 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-08-10 16:40 - 2014-08-10 16:40 - 00071936 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft:jlT4ZrSFJP1pXmZx7vGhUtuXXvu
AlternateDataStreams: C:\ProgramData\Microsoft:Ycjb9rwAxxwif2oByyT
AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp:Xqk5tl7Zj9EmzlSzKwJu
AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temporary Internet Files:JHtTlV2Y4gvaEeas7QQRqoUaIB3
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Akamai => 3
MSCONFIG\Services: btwdins => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: MSSQL$SQLEXPRESS => 3
MSCONFIG\Services: MySQL55 => 2
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: Roxio UPnP Renderer 10 => 3
MSCONFIG\Services: Roxio Upnp Server 10 => 2
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: SQLWriter => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: VAIO Entertainment TV Device Arbitration Service => 3
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: VUAgent => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Matthew.MaryAnne-VAIO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desura => C:\Program Files (x86)\Desura\desura.exe -autostart
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Photosmart 7510 series (NET) => "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN214340Q105T5:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SmartWiHelper => "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2119633729-2506518566-2012215298-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2119633729-2506518566-2012215298-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2119633729-2506518566-2012215298-1002 - Limited - Enabled)
Mary Anne (S-1-5-21-2119633729-2506518566-2012215298-1004 - Administrator - Enabled) => C:\Users\Mary Anne
Matthew (S-1-5-21-2119633729-2506518566-2012215298-1005 - Administrator - Enabled) => C:\Users\Matthew.MaryAnne-VAIO
Work (S-1-5-21-2119633729-2506518566-2012215298-1014 - Administrator - Enabled) => C:\Users\Work
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Plus B210 series
Description: Photosmart Plus B210 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: A14AKYGV IDE Controller
Description: A14AKYGV IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: arybcmgt
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (03/31/2015 08:05:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error: 
%%268439616
 
Error: (03/31/2015 08:04:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/31/2015 08:03:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 40%
Total physical RAM: 3758.1 MB
Available physical RAM: 2225.71 MB
Total Pagefile: 7514.38 MB
Available Pagefile: 5705.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:437.35 GB) (Free:50.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BB24B39D)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=437.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=05)
 
==================== End Of Log ============================

Edited by DeleteSystem32, 31 March 2015 - 07:31 PM.


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:07 AM

Posted 01 April 2015 - 06:24 AM

Hey,
well done. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
    HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: H - H:\LaunchU3.exe -a
    HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {18f93fd0-3c8d-11e4-8d45-0024bebcd108} - G:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {a89104b8-c8fd-11e0-93d4-0024bebcd108} - H:\LaunchU3.exe -a
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
    BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    AlternateDataStreams: C:\ProgramData\Microsoft:jlT4ZrSFJP1pXmZx7vGhUtuXXvu
    AlternateDataStreams: C:\ProgramData\Microsoft:Ycjb9rwAxxwif2oByyT
    AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp:Xqk5tl7Zj9EmzlSzKwJu
    AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temporary Internet Files:JHtTlV2Y4gvaEeas7QQRqoUaIB3
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 DeleteSystem32

DeleteSystem32
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 01 April 2015 - 04:00 PM

I used this url for the scanner: www.eset.com/us/online-scanner/

After over two hours of scanning(had to restart halfway because "internet explorer encountered a problem and had to restart" <_<), the scanner reported no threat was detected, so there wasn't any log to save. The only issue I have now is my Windows Network firewall is still reporting it's "turned off or not set up correctly" at startup, which is a bit annoying. Otherwise, I haven't encountered the memory problem yet, but it was appearing sporadically before so I'll keep an eye on it.

Thanks Machiavelli for your continued assistance, and I'll let you know if anything changes  :)

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by Matthew at 2015-04-01 08:11:01 Run:1
Running from C:\Users\Matthew.MaryAnne-VAIO\Desktop
Loaded Profiles: Matthew (Available profiles: Mary Anne & Matthew & Work & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {18f93fd0-3c8d-11e4-8d45-0024bebcd108} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\...\MountPoints2: {a89104b8-c8fd-11e0-93d4-0024bebcd108} - H:\LaunchU3.exe -a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
AlternateDataStreams: C:\ProgramData\Microsoft:jlT4ZrSFJP1pXmZx7vGhUtuXXvu
AlternateDataStreams: C:\ProgramData\Microsoft:Ycjb9rwAxxwif2oByyT
AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp:Xqk5tl7Zj9EmzlSzKwJu
AlternateDataStreams: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temporary Internet Files:JHtTlV2Y4gvaEeas7QQRqoUaIB3
EmptyTemp:
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon" => Key deleted successfully.
"HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => Key deleted successfully.
"HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18f93fd0-3c8d-11e4-8d45-0024bebcd108}" => Key deleted successfully.
HKCR\CLSID\{18f93fd0-3c8d-11e4-8d45-0024bebcd108} => Key not found. 
"HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a89104b8-c8fd-11e0-93d4-0024bebcd108}" => Key deleted successfully.
HKCR\CLSID\{a89104b8-c8fd-11e0-93d4-0024bebcd108} => Key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\McAfee\SiteAdvisor not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\ProgramData\Microsoft => ":jlT4ZrSFJP1pXmZx7vGhUtuXXvu" ADS removed successfully.
C:\ProgramData\Microsoft => ":Ycjb9rwAxxwif2oByyT" ADS removed successfully.
C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temp => ":Xqk5tl7Zj9EmzlSzKwJu" ADS removed successfully.
"C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Temporary Internet Files" => ":JHtTlV2Y4gvaEeas7QQRqoUaIB3" ADS not found.
EmptyTemp: => Removed 1.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:14:07 ====


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:07 AM

Posted 02 April 2015 - 07:27 AM

What's with Step #2? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 DeleteSystem32

DeleteSystem32
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 02 April 2015 - 07:46 AM

Sorry, read too quickly I guess.

svchost.exe also peaked at 1.3GB when I first opened chrome, then down to 400MB. Afterwards, my UAC asked me to allow VAIO care to run, which I did. Now svchost.exe is at 24MB. Nothing popped up after that, but I notice I'm missing some updates in VAIO Update. I'm installing the important ones now...

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Matthew (administrator) on MATTHEW-VAIO on 02-04-2015 08:30:59
Running from C:\Users\Matthew.MaryAnne-VAIO\Desktop
Loaded Profiles: Matthew (Available profiles: Mary Anne & Matthew & Work & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKU\S-1-5-21-2119633729-2506518566-2012215298-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {97950DD2-A4C0-4591-85AF-3E5B0E395389} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {CA97608C-89FE-44C5-8BA2-5B202A771DC8} URL = http://www.urbandictionary.com/define.php?term={searchTerms}
SearchScopes: HKU\S-1-5-21-2119633729-2506518566-2012215298-1005 -> {DCE81AC7-4A1E-49D2-8828-DFF14DA5697B} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-31] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-31] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin HKU\S-1-5-21-2119633729-2506518566-2012215298-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matthew.MaryAnne-VAIO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2119633729-2506518566-2012215298-1005: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2008-07-08] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-01-06] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010-12-24]
FF Extension: YoYo Games InstantPlay - C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default\Extensions\yyginstantplay@yoyogames.com [2011-03-21]
FF Extension: NoScript - C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\vn1rcv65.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-24]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-07]
CHR Extension: (Google Drive) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2013-10-14]
CHR Extension: (Google Search) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Block site) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2013-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-13]
CHR Extension: (Morpheon Dark) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2013-10-07]
CHR Extension: (Google Wallet) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR Extension: (RSS Feed Reader) - C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-07-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-08-23] (Adobe Systems) [File not signed]
S4 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-24] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-02] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-31] (Malwarebytes Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-02] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-19] ()
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-07] (EnTech Taiwan)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-24] (Avast Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
U3 aop76wgi; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U2 MSSQL$DDNI; No ImagePath
U2 Oasis2Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 08:30 - 2015-04-02 08:32 - 00023619 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\FRST.txt
2015-04-01 09:58 - 2015-04-01 09:58 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\CrashDumps
2015-04-01 08:33 - 2015-04-01 08:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-31 17:30 - 2015-03-31 17:33 - 00000000 ____D () C:\AdwCleaner
2015-03-30 09:28 - 2015-03-30 09:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-30 09:28 - 2015-03-30 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-29 11:25 - 2015-03-29 11:25 - 00000000 _____ () C:\Windows\Model.log
2015-03-23 09:29 - 2015-04-02 08:31 - 00000000 ____D () C:\FRST
2015-03-23 09:28 - 2015-03-23 09:28 - 02095616 _____ (Farbar) C:\Users\Matthew.MaryAnne-VAIO\Desktop\FRST64.exe
2015-03-22 09:07 - 2015-03-28 10:36 - 00004828 _____ () C:\Windows\PFRO.log
2015-03-19 21:27 - 2015-04-02 08:17 - 00001456 _____ () C:\Windows\setupact.log
2015-03-19 21:27 - 2015-03-19 21:27 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-19 15:34 - 2015-03-19 15:45 - 00000000 ____D () C:\MGtools
2015-03-19 13:25 - 2015-03-19 13:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-19 13:25 - 2015-03-19 13:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-18 22:23 - 2015-03-20 08:12 - 00000730 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\witchery notes.txt
2015-03-18 12:15 - 2015-03-19 15:33 - 00000611 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Untitled.txt
2015-03-15 09:22 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-15 09:22 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-15 09:22 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-15 09:22 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-15 09:22 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-15 09:22 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-15 09:21 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-15 09:21 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-15 09:21 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-15 09:21 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-15 09:21 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-15 09:21 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-15 09:21 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-15 09:21 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-15 09:21 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-15 09:21 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-15 09:21 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-15 09:21 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-15 09:21 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-15 09:21 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-15 09:21 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-15 09:20 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-15 09:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-15 09:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-15 09:20 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-15 09:20 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-15 09:20 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-15 09:20 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-15 09:20 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-15 09:20 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-15 09:20 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-15 09:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-15 09:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-15 09:20 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-15 09:20 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-15 09:20 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-15 09:20 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-15 09:20 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-15 09:14 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-15 09:14 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-15 09:14 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-15 09:14 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-15 09:13 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-15 09:13 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-15 09:13 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-15 09:13 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-15 09:13 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-15 09:13 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-15 09:13 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-15 09:13 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-15 09:13 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-15 09:13 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-15 09:13 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-15 09:12 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-15 09:12 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-15 09:12 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-15 09:12 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-15 09:12 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-15 09:12 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-15 09:12 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-15 09:12 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-15 09:12 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-15 09:12 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-15 09:12 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-15 09:12 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-15 09:11 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-15 09:11 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-15 09:11 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-15 09:11 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-15 09:11 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-15 09:11 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-15 09:11 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-15 09:11 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-15 09:11 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-15 09:11 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-15 09:11 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-15 09:11 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-15 09:11 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-15 09:11 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-15 09:11 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-15 09:11 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-15 09:11 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-15 09:11 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-15 09:11 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-15 09:11 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-15 09:11 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-15 09:11 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-15 09:11 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-15 09:11 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-15 09:11 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-15 09:11 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-15 09:11 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-15 09:11 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-15 09:11 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-15 09:11 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-15 09:11 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-15 09:11 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-15 09:11 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-15 09:11 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-15 09:11 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-15 09:11 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-15 09:11 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-15 09:11 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-15 09:11 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-15 09:11 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-15 09:11 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-15 09:11 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-15 09:11 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-15 09:11 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-15 09:10 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-15 09:10 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-15 09:10 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-15 09:10 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-15 09:10 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-15 09:10 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-15 09:10 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-15 09:10 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-15 09:10 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-15 09:10 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-15 09:10 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-15 09:10 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-15 09:10 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-15 09:09 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-15 09:09 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 09:02 - 2015-03-10 09:02 - 00000995 _____ () C:\Users\Matthew.MaryAnne-VAIO\Desktop\Minecraft.exe - Shortcut.lnk
2015-03-07 16:45 - 2015-03-22 09:14 - 00001105 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-03-06 18:40 - 2015-03-06 18:40 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformice.lnk
2015-03-04 11:50 - 2015-03-04 11:50 - 00000000 _____ () C:\Windows\SysWOW64\REN5C37.tmp
2015-03-04 11:45 - 2015-03-04 11:45 - 00000000 _____ () C:\Windows\SysWOW64\REN4702.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 08:25 - 2010-07-21 15:49 - 01695095 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 08:25 - 2009-07-14 00:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 08:25 - 2009-07-14 00:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 08:18 - 2013-12-24 15:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-02 08:18 - 2011-10-31 18:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 08:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 23:44 - 2013-07-12 21:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f66eccfad1d.job
2015-04-01 23:14 - 2012-04-02 09:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 18:59 - 2010-12-31 20:00 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\.minecraft
2015-04-01 08:39 - 2014-10-05 20:41 - 00031232 ___SH () C:\Users\Matthew.MaryAnne-VAIO\Downloads\Thumbs.db
2015-03-31 20:00 - 2013-02-12 11:27 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\TSVNCache
2015-03-31 17:42 - 2014-08-13 12:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 09:32 - 2009-07-14 01:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-30 09:27 - 2015-02-15 00:08 - 00000000 ____D () C:\Program Files\Java
2015-03-29 11:41 - 2010-07-21 16:35 - 00000000 ____D () C:\Program Files\Sony
2015-03-29 11:41 - 2009-12-25 18:58 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-03-29 11:35 - 2012-07-30 10:32 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\Sony Corporation
2015-03-29 11:35 - 2010-07-21 16:04 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-03-29 11:35 - 2009-12-25 17:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 11:25 - 2010-07-21 16:08 - 00000021 _____ () C:\Windows\Model.txt
2015-03-29 11:22 - 2014-04-06 22:37 - 00000000 ____D () C:\Update
2015-03-26 20:12 - 2009-07-14 01:13 - 00878458 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 19:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-23 09:39 - 2010-08-16 13:08 - 00000000 ____D () C:\UDK
2015-03-23 09:38 - 2014-01-20 14:04 - 00000000 ____D () C:\Program Files (x86)\Tiled
2015-03-23 09:35 - 2011-02-15 23:34 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\BitTorrent
2015-03-19 12:47 - 2011-02-20 18:28 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\DAEMON Tools Lite
2015-03-19 12:42 - 2013-02-09 23:08 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-19 12:42 - 2010-11-14 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-19 12:42 - 2010-11-14 23:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-18 12:07 - 2011-12-28 12:02 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-18 12:07 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-18 12:03 - 2009-07-14 00:45 - 00519312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-18 11:33 - 2010-07-21 15:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-18 11:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-18 11:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-18 11:33 - 2009-07-13 22:34 - 00000513 _____ () C:\Windows\win.ini
2015-03-18 11:32 - 2014-08-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-18 11:20 - 2013-07-27 12:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-18 10:59 - 2010-08-08 21:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 09:34 - 2011-05-13 12:29 - 00862768 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-07 16:45 - 2011-08-29 10:06 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-03-07 16:45 - 2009-12-25 18:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-06 23:01 - 2013-07-02 11:36 - 00000000 ____D () C:\my_stuff
2015-03-06 19:08 - 2012-12-20 22:33 - 00000000 ____D () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Transformice
2015-03-04 11:50 - 2013-12-22 19:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 11:39 - 2013-10-25 19:18 - 00000000 ____D () C:\ProgramData\Oracle
 
==================== Files in the root of some directories =======
 
2014-04-18 16:30 - 2014-04-18 16:40 - 0000169 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\licecap.ini
2013-12-09 12:27 - 2013-12-09 12:27 - 0035328 ___SH () C:\Users\Matthew.MaryAnne-VAIO\AppData\Roaming\Thumbs.db
2014-04-28 23:31 - 2014-04-28 23:31 - 0003072 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\recently-used.xbel
2011-10-31 20:12 - 2011-10-31 20:12 - 0000017 _____ () C:\Users\Matthew.MaryAnne-VAIO\AppData\Local\resmon.resmoncfg
2012-04-06 12:16 - 2012-04-06 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-01-21 18:30 - 2014-01-21 18:34 - 0000088 __RSH () C:\ProgramData\C9EFA86EE0.sys
2010-07-21 20:09 - 2010-10-05 14:09 - 0001177 _____ () C:\ProgramData\hpzinstall.log
2014-01-21 18:30 - 2014-01-21 18:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-28 12:53
 
==================== End Of Log ============================


#11 DeleteSystem32

DeleteSystem32
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 02 April 2015 - 08:41 AM

VAIO Platform Update V1.1.0 installed successfully. There's also this security update, but I'm not sure if it applies to my laptop(it's also from 2012): http://esupport.sony.com/p/news-item.pl?news_id=443&template_id=1



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:07 AM

Posted 02 April 2015 - 06:55 PM

VAIO Platform Update V1.1.0 installed successfully. There's also this security update, but I'm not sure if it applies to my laptop(it's also from 2012): http://esupport.sony.com/p/news-item.pl?news_id=443&template_id=1

What do you want to say to me?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 DeleteSystem32

DeleteSystem32
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 03 April 2015 - 09:42 AM

Any clue as to what the culprit of the memory problem is/was? Did anything suspicious appear in the logs? Is there any more steps I should take, or should I just keep monitoring my memory? And finally... Do you take cash or credit?  :)



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:07 AM

Posted 03 April 2015 - 12:20 PM

It could have been so many things, so can't say what your exact culprit was, sorry.

Your logs look clean to me. If you haven't any further issues, we are done. If you like to donate then please via Paypal. Thanks. :)

 

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:07 AM

Posted 07 April 2015 - 01:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users