Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange things are happening on my laptop....no sound, unresponsive driver...


  • This topic is locked This topic is locked
6 replies to this topic

#1 dmez

dmez

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:49 AM

Posted 08 April 2015 - 03:12 AM

I have a sony laptop (VPCEB11FM) with window 7 home premium sp1. I have been having issues for a few weeks. When I login I can navigate for a few seconds then there is a slight delay and I notice the screen subtly flashes as though there is an open window behind the browser. My laptop freezes, I have strange folders with long odd names, some folder are not accessible, and the fan makes noise as thought I am downloading 10 million applications at once. I frequently clear the cache, delete temporary files, and uninstalled software I no longer use.....but the next time I login I notice the files are back!
 
Last week I was having issues connecting to wifi and I noticed the sound on my laptop completely stopped working and the Atheros AR9285 wireless network adapter suddenly became unresponsive. I opened the driver manager and there was a yellow triangle so I tried to update the driver and received a message stating the driver was up to date. I received the same message when I attempted to update the Realtek High Definition Audio driver.
 
To troubelshoot the issue I downloaded the Realtek HIgh Definition Audio driver and the Atheros AR9285 wireless network adapter driver from sony. I manually checked each service setting (msc.services) and was not able to configure the settings for all services that were defaulted to start automatically. I have sound and I was able to connect to my wifi hotspot with my iphone and usb however I cannot connect to my wifi router and I am worried I have a virus on my machine.
 
I downloaded Combo Fix and I have attached the file. Please advise.Attached File  CF_4.8.2015.txt   24.04KB   9 downloads

ComboFix 15-04-01.01 - Tom 04/08/2015 3:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1657 [GMT -4:00]
Running from: c:\users\Tom\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Outdated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Tom\AppData\Local\assembly\tmp
c:\users\Tom\GoProStudioPC-2.5.4.404.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-03-08 to 2015-04-08 )))))))))))))))))))))))))))))))
.
.
2015-04-08 06:43 . 2015-03-23 06:32 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08D086BA-0571-4FAC-853A-FB6E006D7DDC}\mpengine.dll
2015-04-08 05:27 . 2015-03-25 21:21 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC32150B-FE63-66C2-8ABE-7A250BD1D39A}\GapaEngine.dll
2015-04-08 05:03 . 2015-03-25 21:21 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{593B4292-EA75-480A-B0FB-89A2ED4CA852}\gapaengine.dll
2015-04-08 04:45 . 2015-04-08 04:45 -------- d-----w- C:\Update
2015-04-04 01:32 . 2015-04-04 01:32 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4414C710-1468-4B52-B061-BB2507F5DCF0}\offreg.dll
2015-04-02 19:34 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4414C710-1468-4B52-B061-BB2507F5DCF0}\mpengine.dll
2015-03-29 21:13 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-27 15:36 . 2015-04-08 06:34 -------- d-----w- c:\users\Tom\AppData\Roaming\Everything
2015-03-27 15:36 . 2015-03-27 15:36 -------- d-----w- c:\program files\Everything
2015-03-24 23:43 . 2015-03-24 23:43 -------- d-----w- c:\users\Tom\AppData\Local\Apps
2015-03-23 16:53 . 2015-03-23 16:53 -------- d-----w- c:\users\Tom\AppData\Roaming\TechSmith
2015-03-20 20:21 . 2015-03-20 20:21 -------- d-----w- c:\users\Tom\AppData\Roaming\SolidDocuments
2015-03-20 05:29 . 2015-03-25 02:51 -------- d-----r- C:\S-1-5-21-1742532388-2945474315-2233388834-1000
2015-03-20 02:00 . 2015-03-20 02:00 -------- d-----w- c:\windows\CheckSur
2015-03-18 22:05 . 2015-03-18 22:05 -------- d-----w- c:\users\Tom\AppData\Local\Mozilla
2015-03-18 22:03 . 2015-03-23 20:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-03-18 22:03 . 2015-03-22 23:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-03-18 19:49 . 2015-03-18 19:49 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2015-03-13 08:20 . 2015-03-13 08:20 -------- d-----w- c:\users\Tom\AppData\Local\Programs
2015-03-13 05:09 . 2015-03-13 05:09 -------- d-----w- c:\users\Tom\AppData\Roaming\PDAppFlex
2015-03-13 04:00 . 2015-03-28 02:41 -------- d-----w- c:\users\Tom\AppData\Roaming\iolo
2015-03-13 01:50 . 2015-03-13 01:50 -------- d-----w- C:\perflogs
2015-03-13 00:50 . 2015-03-13 00:50 -------- d-----w- c:\program files\Intel
2015-03-12 23:48 . 2015-03-12 23:48 -------- d-----w- c:\users\Tom\AppData\Local\Macromedia
2015-03-11 06:05 . 2015-03-11 06:05 -------- d-----w- c:\users\Tom\AppData\Roaming\VSRevoGroup
2015-03-11 03:30 . 2015-03-19 10:47 -------- d-----w- c:\users\Tom\AppData\Local\Intel
2015-03-11 00:28 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-11 00:28 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-11 00:28 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-11 00:28 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-11 00:28 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-11 00:28 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-11 00:28 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-11 00:28 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-11 00:28 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-11 00:28 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-11 00:28 . 2015-02-03 03:30 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-03-11 00:26 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-11 00:26 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 00:26 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-03-11 00:24 . 2015-02-13 05:22 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-03-11 00:23 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 00:23 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-09 17:40 . 2015-03-09 18:08 -------- d-----w- c:\programdata\BSD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-08 05:26 . 2014-07-27 19:45 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-25 21:21 . 2014-07-28 02:12 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-23 18:28 . 2014-07-30 23:01 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-23 18:28 . 2014-07-30 23:01 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-17 10:15 . 2014-07-27 19:45 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 10:15 . 2014-07-27 19:45 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 10:15 . 2014-07-27 19:45 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-11 00:40 . 2014-07-27 17:27 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 08:17 . 2014-07-27 16:24 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-19 00:13 . 2015-02-19 00:13 129752 ----a-w- c:\windows\system32\drivers\750E60A3.sys
2015-02-10 11:55 . 2015-01-15 02:22 907984 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-06 05:15 . 2015-02-06 05:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2015-02-06 05:12 . 2015-02-06 05:15 13792 ----a-w- c:\windows\system32\drivers\semav6thermal64ro.sys
2015-02-05 00:52 . 2015-02-05 00:52 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-04 03:16 . 2015-02-12 04:46 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-12 04:46 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-12 04:46 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-12 04:46 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-12 04:46 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-12 04:46 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-12 04:46 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-12 04:46 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-10 03:02 . 2015-01-10 03:02 129752 ----a-w- c:\windows\system32\drivers\39E92D30.sys
2015-01-09 03:14 . 2015-02-14 05:19 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-14 05:19 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-14 05:19 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-14 05:19 76800 ----a-w- c:\windows\SysWow64\wdi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-02 02:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SampleCollector;Intel® System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
R4 TechSmith Uploader Service;TechSmith Uploader Service;c:\program files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe;c:\program files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsne64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9636896]
"Everything"="c:\program files\Everything\Everything.exe" [2014-08-06 1441792]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.reddit.com/r/todayilearned/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 172.20.10.1
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/r/todayilearned/search?q=til&sort=relevance&restrict_sr=on&t=all
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1742532388-2945474315-2233388834-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\Wow6432Node\CLSID\{1a7c7dd7-15af-43a6-aa70-a580678fb340}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000045
"Therad"=dword:00000008
.
[HKEY_USERS\S-1-5-21-1742532388-2945474315-2233388834-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ce,ab,e9,74,7b,84,43,88,a2,d3,85,7a,7f,2e,21,af,5c,2c,f0,03,e1,
79,58,8a,8a,fb,3d,4e,61,4a,6d,b6,7d,15,a1,4a,0d,77,eb,d8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1742532388-2945474315-2233388834-1000_Classes\Wow6432Node\CLSID\{1a7c7dd7-15af-43a6-aa70-a580678fb340}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000045
"Therad"=dword:00000008
.
[HKEY_USERS\S-1-5-21-1742532388-2945474315-2233388834-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ce,ab,e9,74,7b,84,43,88,a2,d3,85,7a,7f,2e,21,af,5c,2c,f0,03,e1,
79,58,8a,8a,fb,3d,4e,61,4a,6d,b6,7d,15,a1,4a,0d,77,eb,d8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-08 03:17:12
ComboFix-quarantined-files.txt 2015-04-08 07:17
.
Pre-Run: 430,071,156,736 bytes free
Post-Run: 429,573,042,176 bytes free
.
- - End Of File - - CBC64DF390C03138F2FA52754D298C3F
A36C5E4F47E84449FF07ED3517B43A31

Edited by Oh My!, 11 April 2015 - 08:39 PM.
moved from Windows 7 to the approrpropiate forum Combo Fix is allowed only in Malware Removal Logs forum


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 11 April 2015 - 08:42 PM

Greetings dmez and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 14 April 2015 - 08:27 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 dmez

dmez
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:49 AM

Posted 16 April 2015 - 12:23 AM

Hi Gary,
 
I am sorry for not responding sooner. I was having issues getting online and I didn't realize I should have clicked follow this topic :blush:
 
I have attached the files listed below. Please advise.
  • FRST results
  • Addition log
  • System Summary Information
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Tom (administrator) on ZEE-PC on 16-04-2015 01:04:43
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available profiles: Tom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618168 2015-03-31] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1742532388-2945474315-2233388834-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1742532388-2945474315-2233388834-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1742532388-2945474315-2233388834-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1742532388-2945474315-2233388834-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reddit.com/r/todayilearned/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-01-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default
FF DefaultSearchEngine.US: Bing
FF Homepage: hxxp://www.reddit.com/r/todayilearned/search?q=til&sort=relevance&restrict_sr=on&t=all
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-14] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-01-14] (Microsoft Corporation)
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\fbp@fbpurity.com.xpi [2015-03-27]
FF Extension: Gmail Notifier (restartless) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-03-27]
FF Extension: Google search link fix - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2015-04-16]
FF Extension: URL Fixer - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2015-03-27]
FF Extension: Flagfox - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-03-19]
FF Extension: NoScript - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-27]
FF Extension: Adblock Plus - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-18]
FF Extension: QuickJava - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w3bcwa02.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-03-27]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)
S3 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-03-31] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S4 TechSmith Uploader Service; "C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-03-31] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-16] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-02-06] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-12-11] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 1661F9C9E4B0049FA0A5E30264375A87
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys F20F9CA602E05222E16755AD6B52E9F8
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 073A606333B6F7BBF20AA856DF7F0997
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys C458A0B66D11CBABD113EAC828276A8C
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 0F144E5F46CB9043004B5E84AA4BCA6A
C:\Windows\System32\DRIVERS\IntcDAud.sys AE594CC17C33AC146739494615E14851
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 56ED3EE5FED6BF2FC1305CF872042868
C:\Windows\System32\Drivers\ksecpkg.sys 8BA90F480705D7153AD0060CCA62222A
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 68C3B11D1ED8C97648BEEFEC37E93E74
C:\Windows\system32\drivers\mbam.sys CF12E148C6FC151335B7D7FE03F1C7A2
C:\Windows\system32\drivers\MBAMSwissArmy.sys E9CD058C79EA15B4AA93E259FA713B07
C:\Windows\system32\drivers\mwac.sys 0CE2F3E26C770CBAEB50787A2C1FD09E
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\System32\DRIVERS\MpFilter.sys FBA4CDA6B3B00D7A116DCC2B5C7E9790
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys E10B84385C3FEEF4BDE8E6A980535522
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rimssne64.sys 5CA4ABD888B602551B59BAA26941C167
C:\Windows\System32\DRIVERS\risdsne64.sys BB6E138AEB351728959DA5E2731D8140
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\semav6thermal64ro.sys 1ED7A8574A28357097A5CB4063C96B00
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 70F9C476B62DE4F2823E918A6C181ADE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpnva64-6.sys 5932B2999AEF21C4599A792599F28D89
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 01:04 - 2015-04-16 01:05 - 00029987 _____ () C:\Users\Tom\Desktop\FRST.txt
2015-04-16 01:03 - 2015-04-16 01:04 - 00000000 ____D () C:\FRST
2015-04-16 01:02 - 2015-04-16 01:02 - 02097664 _____ (Farbar) C:\Users\Tom\Downloads\FRST64(1).exe
2015-04-16 01:01 - 2015-04-16 01:01 - 02097664 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2015-04-13 00:50 - 2015-04-13 00:50 - 00652800 _____ () C:\Users\Tom\Downloads\MicrosoftFixit50362.msi
2015-04-13 00:38 - 2015-04-13 00:38 - 00003136 _____ () C:\Windows\System32\Tasks\{C7A211C2-614A-429F-B07D-3263D6E61446}
2015-04-13 00:31 - 2015-04-13 00:49 - 00000000 ____D () C:\Users\Tom\Desktop\mbar
2015-04-13 00:31 - 2015-04-13 00:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-13 00:31 - 2015-04-13 00:31 - 00065232 _____ (Malwarebytes) C:\Users\Tom\Downloads\regassassin-setup-1.03.exe
2015-04-13 00:30 - 2015-04-14 02:36 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-13 00:30 - 2015-04-13 00:31 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Tom\Downloads\mbar-1.09.1.1004.exe
2015-04-13 00:30 - 2015-04-13 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-13 00:30 - 2015-04-13 00:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-13 00:29 - 2015-04-13 00:29 - 03020520 _____ (Malwarebytes ) C:\Users\Tom\Downloads\mbae-setup-1.06.1.1018.exe
2015-04-13 00:22 - 2015-04-13 00:22 - 14160536 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\mseinstall.exe
2015-04-12 23:57 - 2015-04-12 23:57 - 04770168 _____ () C:\Users\Tom\Downloads\SOAVCC-00227805-1040.EXE
2015-04-12 23:12 - 2015-04-12 23:12 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-04-12 23:11 - 2015-04-12 23:11 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2015-04-12 22:37 - 2015-04-12 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-12 22:36 - 2015-04-12 22:37 - 114571272 _____ (Sony Corporation) C:\Users\Tom\Downloads\SOAVCA-P0322708-1042.EXE
2015-04-12 22:25 - 2015-04-12 22:25 - 00003800 _____ () C:\Windows\System32\Tasks\VAIO Health Report
2015-04-12 22:25 - 2015-04-12 22:25 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VAIO Health Report
2015-04-09 10:58 - 2015-04-09 11:02 - 00000000 ___SD () C:\ComboFix
2015-04-09 10:51 - 2015-04-09 10:51 - 00015478 _____ () C:\Users\Tom\Desktop\gggggg.txt
2015-04-09 07:02 - 2015-04-09 07:02 - 00112232 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-09 06:02 - 2015-04-09 06:02 - 00000000 ____D () C:\Users\Tom\AppData\Local\VirtualStore
2015-04-09 03:08 - 2015-04-09 03:08 - 00021094 _____ () C:\energy-report.html
2015-04-09 02:50 - 2015-04-09 02:51 - 00262144 _____ () C:\Windows\Minidump\040915-17503-01.dmp
2015-04-08 04:16 - 2015-04-09 21:10 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-08 04:16 - 2015-04-08 04:16 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-08 03:20 - 2015-04-08 04:14 - 00024614 _____ () C:\Users\Tom\Desktop\CF_4.8.2015.txt
2015-04-08 02:56 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-08 02:56 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-08 02:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-08 02:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-08 02:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-08 02:56 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-08 02:56 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-08 02:56 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-08 02:53 - 2015-04-09 10:59 - 00000000 ____D () C:\Qoobox
2015-04-08 02:51 - 2015-04-08 03:13 - 00000000 ____D () C:\Windows\erdnt
2015-04-08 02:45 - 2015-04-08 02:45 - 05617096 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe
2015-04-08 01:58 - 2015-04-08 01:58 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2015-04-08 01:25 - 2015-04-08 01:25 - 00262144 _____ () C:\Windows\Minidump\040815-26520-01.dmp
2015-04-08 00:45 - 2015-04-12 22:49 - 00000000 ____D () C:\Update
2015-04-07 23:47 - 2015-04-08 00:25 - 00023340 _____ () C:\Users\Tom\Desktop\driverquery47.txt
2015-04-07 22:48 - 2015-04-07 22:48 - 00269672 _____ () C:\Windows\Minidump\040715-27861-01.dmp
2015-04-07 22:46 - 2015-04-07 22:46 - 00266288 _____ () C:\Windows\Minidump\040715-23743-01.dmp
2015-04-07 21:27 - 2015-04-07 21:27 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-04-07 17:13 - 2015-04-07 17:13 - 00003110 _____ () C:\Windows\System32\Tasks\{04F87711-BCD4-46C1-BE5A-9C927F707A70}
2015-04-07 17:13 - 2015-04-07 17:13 - 00003104 _____ () C:\Windows\System32\Tasks\{1EE854CE-26DC-4AE6-AAF0-8E7F3271DDE8}
2015-04-07 16:44 - 2015-04-07 16:44 - 00003124 _____ () C:\Windows\System32\Tasks\{9D8252E6-9C09-4E84-9F77-D88E209E06BA}
2015-04-07 16:43 - 2015-04-07 16:43 - 00004750 _____ () C:\Windows\DPINST.LOG
2015-04-07 16:29 - 2015-04-07 16:29 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-07 16:29 - 2015-04-07 16:29 - 00000000 ____D () C:\Program Files\Realtek
2015-04-07 16:29 - 2015-04-07 16:29 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-07 16:29 - 2010-01-12 17:22 - 02719504 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 02212640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-04-07 16:29 - 2010-01-12 17:22 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 01692192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 01638432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 01201184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00838176 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00612384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-04-07 16:29 - 2010-01-12 17:22 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00449056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00363008 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00325904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00321536 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00198656 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00168864 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00095744 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00073216 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-04-07 16:29 - 2010-01-12 17:22 - 00066592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2015-04-07 16:27 - 2015-04-12 23:57 - 00000000 _____ () C:\Windows\Model.log
2015-04-04 02:45 - 2015-04-04 02:45 - 00266288 _____ () C:\Windows\Minidump\040415-22807-01.dmp
2015-04-04 00:34 - 2015-04-04 00:34 - 00196608 _____ () C:\Users\Tom\Desktop\27F2AA8A-011C-4CDB-AB48-C4D288DCE390.Diagnose.0.etl.txt
2015-03-30 22:32 - 2015-03-30 22:32 - 00262144 _____ () C:\Windows\Minidump\033015-36629-01.dmp
2015-03-30 22:25 - 2015-03-30 22:25 - 00262144 _____ () C:\Windows\Minidump\033015-31590-01.dmp
2015-03-30 22:24 - 2015-03-30 22:24 - 00262144 _____ () C:\Windows\Minidump\033015-29016-01.dmp
2015-03-30 22:22 - 2015-03-30 22:22 - 00262144 _____ () C:\Windows\Minidump\033015-29764-01.dmp
2015-03-30 22:20 - 2015-03-30 22:20 - 00262144 _____ () C:\Windows\Minidump\033015-28532-01.dmp
2015-03-30 22:19 - 2015-03-30 22:19 - 00262144 _____ () C:\Windows\Minidump\033015-31418-01.dmp
2015-03-30 22:03 - 2015-03-30 22:03 - 00262144 _____ () C:\Windows\Minidump\033015-28376-01.dmp
2015-03-30 15:05 - 2015-03-30 15:05 - 00269672 _____ () C:\Windows\Minidump\033015-28766-01.dmp
2015-03-30 15:04 - 2015-03-30 15:04 - 00262144 _____ () C:\Windows\Minidump\033015-23914-01.dmp
2015-03-30 15:03 - 2015-03-30 15:03 - 00262144 _____ () C:\Windows\Minidump\033015-28782-01.dmp
2015-03-30 14:15 - 2015-03-30 14:15 - 00262144 _____ () C:\Windows\Minidump\033015-30030-01.dmp
2015-03-30 14:14 - 2015-04-09 02:50 - 470677214 _____ () C:\Windows\MEMORY.DMP
2015-03-30 14:14 - 2015-04-08 01:25 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 14:14 - 2015-03-30 14:14 - 00266288 _____ () C:\Windows\Minidump\033015-31652-01.dmp
2015-03-27 22:41 - 2015-03-27 22:41 - 00000000 _____ () C:\Windows\SysWOW64\smrgdf.txt
2015-03-27 18:21 - 2015-03-27 18:21 - 00000049 _____ () C:\Windows\certdump.txt
2015-03-27 18:19 - 2015-03-27 18:19 - 00000113 _____ () C:\Windows\templatelist.txt
2015-03-27 11:36 - 2015-04-10 18:57 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Everything
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\Program Files\Everything
2015-03-26 10:28 - 2015-03-26 10:28 - 00305664 _____ (Secure By Design Inc.) C:\Users\Tom\Downloads\Ninite Everything Installer.exe
2015-03-26 00:02 - 2015-03-26 10:58 - 00000000 ____D () C:\Users\Tom\Documents\Outlook Files
2015-03-25 15:15 - 2015-04-09 10:56 - 00010062 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-24 19:43 - 2015-03-24 19:43 - 00000000 ____D () C:\Users\Tom\AppData\Local\Apps\2.0
2015-03-23 16:57 - 2015-03-23 16:57 - 00824157 _____ () C:\Windows\system32\directory.txt
2015-03-23 16:56 - 2015-03-23 16:56 - 00824127 _____ () C:\Windows\system32\.txt
2015-03-23 16:35 - 2015-04-15 23:25 - 00004705 _____ () C:\Windows\setupact.log
2015-03-23 16:35 - 2015-04-13 01:29 - 00005374 _____ () C:\Windows\PFRO.log
2015-03-23 16:35 - 2015-03-23 16:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-23 16:06 - 2015-03-23 16:07 - 00000085 _____ () C:\Windows\wininit.ini
2015-03-23 12:53 - 2015-03-23 12:53 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TechSmith
2015-03-21 18:35 - 2015-03-21 18:35 - 00034225 _____ () C:\Users\Tom\Downloads\contacts.csv
2015-03-20 01:29 - 2015-03-24 22:51 - 00000000 ___RD () C:\S-1-5-21-1742532388-2945474315-2233388834-1000
2015-03-19 22:00 - 2015-03-19 22:00 - 00000000 ____D () C:\Windows\CheckSur
2015-03-19 18:06 - 2015-03-19 18:06 - 00112232 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-03-19 13:09 - 2015-03-19 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-19 13:02 - 2015-03-19 13:02 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-19 13:02 - 2015-03-19 13:02 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-18 20:20 - 2015-03-18 20:20 - 00039073 _____ () C:\Users\Tom\AppData\Local\Perfmon.PerfmonCfg
2015-03-18 18:05 - 2015-03-18 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Mozilla
2015-03-18 18:05 - 2015-03-18 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Mozilla
2015-03-18 18:04 - 2015-04-09 06:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-18 18:03 - 2015-04-13 01:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-18 18:03 - 2015-03-18 18:03 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-18 15:49 - 2015-03-18 15:49 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-16 14:03 - 2015-03-16 14:03 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-13 18:44 - 2015-04-09 01:46 - 00010852 _____ () C:\Users\Tom\Desktop\notes.txt
2015-03-13 01:09 - 2015-03-13 01:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\PDAppFlex
2015-03-13 00:00 - 2015-04-12 23:05 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\iolo
2015-03-12 23:49 - 2015-03-12 23:49 - 00046574 _____ () C:\driver.txt
2015-03-12 23:30 - 2015-03-12 23:30 - 00053714 _____ () C:\drvlist.csv
2015-03-12 20:50 - 2015-03-12 20:50 - 00000000 ____D () C:\Program Files\Intel
2015-03-12 19:48 - 2015-03-12 19:48 - 00000000 ____D () C:\Users\Tom\AppData\Local\Macromedia
2015-03-11 02:05 - 2015-03-11 02:05 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\VSRevoGroup
2015-03-10 20:28 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 20:28 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 20:28 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:28 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 20:28 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 20:28 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 20:28 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 20:28 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 20:28 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:28 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 20:28 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 20:27 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:27 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 20:27 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 20:27 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 20:27 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 20:27 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 20:27 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 20:27 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 20:27 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 20:27 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 20:27 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 20:27 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 20:27 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 20:27 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 20:27 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 20:27 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 20:27 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 20:27 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 20:27 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 20:27 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 20:27 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 20:27 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 20:27 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 20:27 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 20:27 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 20:27 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 20:27 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 20:27 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 20:26 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 20:26 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 20:26 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 20:25 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 20:25 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 20:25 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 20:25 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 20:25 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 20:25 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 20:25 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 20:25 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 20:25 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 20:25 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 20:25 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 20:25 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 20:25 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 20:25 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 20:25 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 20:25 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 20:24 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:24 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 20:24 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 20:24 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 20:24 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 20:24 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 20:24 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 20:24 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 20:24 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 20:24 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 20:24 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 20:24 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 20:24 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 20:24 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 20:24 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 20:24 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 20:24 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 20:24 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 20:24 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 20:24 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 20:24 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 20:24 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 20:24 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 20:24 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 20:24 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 20:24 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 20:24 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 20:24 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 20:24 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 20:24 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 20:24 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 20:24 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 20:24 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 20:24 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 20:24 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 20:24 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 20:24 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 20:24 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 20:24 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 20:24 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 20:24 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 20:24 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 20:24 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 20:24 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 20:24 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 20:24 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 20:24 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 20:24 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 20:24 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 20:24 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 20:24 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 20:24 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 20:24 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 20:24 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 20:24 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 20:24 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 20:24 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 20:24 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 20:24 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 20:24 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:24 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 20:24 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 20:24 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 20:24 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:24 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 20:23 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:23 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-09 13:40 - 2015-03-09 14:08 - 00000000 ____D () C:\ProgramData\BSD
2015-03-05 17:24 - 2015-03-24 19:34 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Notepad++
2015-03-05 17:24 - 2015-03-05 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-05 17:24 - 2015-03-05 17:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-03-05 17:23 - 2015-03-05 17:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-05 17:04 - 2015-02-23 18:59 - 00009816 ____T () C:\Users\Tom\Downloads\72505DE2.xlsx
2015-03-05 16:58 - 2015-03-05 16:58 - 00352755 _____ () C:\Users\Tom\Downloads\bookmarks_3.5.2015.html
2015-03-05 13:20 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-03-05 13:20 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-04 02:31 - 2015-03-04 02:31 - 00001236 _____ () C:\Users\Tom\Documents\hosts.txt
2015-02-27 03:33 - 2015-02-27 03:36 - 694375585 _____ () C:\Users\Tom\Downloads\CrystalRpts_Designer_2011.zip
2015-02-27 02:53 - 2015-02-27 02:53 - 00029592 _____ () C:\Users\Tom\Documents\CA.xlsx
2015-02-25 04:04 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 04:04 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 18:44 - 2015-03-26 11:28 - 00000000 ___RD () C:\Users\Tom\Desktop\DZ
2015-02-23 17:36 - 2015-02-23 17:36 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-23 17:34 - 2015-03-05 22:39 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-23 17:34 - 2015-03-05 22:39 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-02-23 17:34 - 2015-03-05 22:39 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-23 15:24 - 2015-02-23 15:29 - 1120114051 _____ () C:\Users\Tom\Downloads\IPHONE PHOTOS.zip
2015-02-18 20:13 - 2015-02-18 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\750E60A3.sys
2015-02-14 01:19 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-14 01:19 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-14 01:19 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-14 01:19 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 00:46 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 00:46 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 00:46 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 00:46 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 00:46 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 00:46 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 00:46 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 00:46 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 00:45 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 00:45 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 00:44 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 00:44 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-06 01:18 - 2015-02-06 01:18 - 00000000 ____D () C:\Users\Tom\AppData\Local\Sony Corporation
2015-02-06 01:15 - 2015-02-06 01:21 - 00000000 ____D () C:\ProgramData\iolo
2015-02-06 01:15 - 2015-02-06 01:15 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2015-02-06 01:15 - 2015-02-06 01:12 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2015-02-06 01:15 - 2013-11-01 15:59 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2015-02-06 01:15 - 2013-11-01 15:59 - 00021176 _____ (iolo technologies, LLC) C:\Windows\system32\iolorgdf64.exe
2015-02-06 01:14 - 2015-04-07 21:27 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2015-01-17 13:25 - 2015-01-17 13:30 - 165161344 _____ () C:\Users\Tom\Desktop\GoPro_Stratton_2015.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 01:02 - 2014-10-20 18:48 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashDumps
2015-04-16 00:05 - 2014-07-27 11:56 - 01620919 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 23:33 - 2009-07-14 00:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 23:33 - 2009-07-14 00:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 23:27 - 2014-07-27 15:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 23:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 23:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-13 00:22 - 2014-07-27 15:45 - 00002198 _____ () C:\Windows\epplauncher.mif
2015-04-12 23:57 - 2014-07-27 12:15 - 00000021 _____ () C:\Windows\Model.txt
2015-04-12 22:46 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 22:29 - 2014-07-27 12:55 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-04-12 22:25 - 2014-07-27 12:53 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-12 22:24 - 2014-07-27 12:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-12 21:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-12 21:33 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-09 02:42 - 2014-10-18 00:41 - 00007606 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2015-04-09 00:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-08 03:11 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-08 03:09 - 2014-07-27 12:03 - 00000000 ____D () C:\Users\Tom
2015-04-07 21:26 - 2014-07-27 12:55 - 00000000 ____D () C:\Program Files\Sony
2015-04-07 19:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-07 16:30 - 2014-07-27 12:29 - 00002289 _____ () C:\RHDSetup.log
2015-04-07 16:30 - 2014-07-27 12:29 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-04 03:02 - 2014-07-27 12:03 - 00000000 ____D () C:\Recovery
2015-03-26 08:55 - 2014-10-09 22:29 - 00000000 ____D () C:\Users\Tom\AppData\Local\Microsoft Help
2015-03-25 15:14 - 2014-12-01 00:10 - 00000000 ____D () C:\Windows\pss
2015-03-25 04:05 - 2014-10-04 23:12 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-25 03:49 - 2015-01-08 07:33 - 00000000 ____D () C:\Users\Tom\Documents\HO_DOCS
2015-03-24 20:00 - 2014-07-28 20:29 - 00000000 ____D () C:\Program Files\Apoint
2015-03-23 19:12 - 2014-07-27 15:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-23 14:29 - 2014-10-05 05:16 - 00000000 ____D () C:\Users\Tom\AppData\Local\Adobe
2015-03-22 19:07 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-20 18:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-20 18:50 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-20 09:57 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-20 01:12 - 2014-07-27 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-19 14:35 - 2015-01-14 22:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-19 06:47 - 2015-01-03 13:21 - 00000000 ____D () C:\Users\Tom\AppData\Local\GoPro
2015-03-19 06:47 - 2014-07-27 12:03 - 00000000 ___RD () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-19 06:47 - 2014-07-27 12:03 - 00000000 ___RD () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-19 06:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-19 06:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-03-19 06:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-17 06:15 - 2014-07-27 15:45 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-27 15:45 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-07-27 15:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-03-18 20:20 - 2015-03-18 20:20 - 0039073 _____ () C:\Users\Tom\AppData\Local\Perfmon.PerfmonCfg
2014-10-18 00:41 - 2015-04-09 02:42 - 0007606 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\GLF17E.EXE
C:\Users\Tom\AppData\Local\Temp\GLF1879.EXE
C:\Users\Tom\AppData\Local\Temp\GLF18F6.EXE
C:\Users\Tom\AppData\Local\Temp\GLF399B.EXE
C:\Users\Tom\AppData\Local\Temp\GLF3F2C.EXE
C:\Users\Tom\AppData\Local\Temp\GLF4159.EXE
C:\Users\Tom\AppData\Local\Temp\GLF47.EXE
C:\Users\Tom\AppData\Local\Temp\GLF640.EXE
C:\Users\Tom\AppData\Local\Temp\GLF680E.EXE
C:\Users\Tom\AppData\Local\Temp\GLF6DCA.EXE
C:\Users\Tom\AppData\Local\Temp\GLF8B81.EXE
C:\Users\Tom\AppData\Local\Temp\GLF8FF5.EXE
C:\Users\Tom\AppData\Local\Temp\GLFAD3.EXE
C:\Users\Tom\AppData\Local\Temp\GLFC3A1.EXE
C:\Users\Tom\AppData\Local\Temp\GLFC6EF.EXE
C:\Users\Tom\AppData\Local\Temp\GLFCDDF.EXE
C:\Users\Tom\AppData\Local\Temp\GLFD5BB.EXE
C:\Users\Tom\AppData\Local\Temp\GLFDC61.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {6a86a7d2-15ae-11e4-af4b-c785118fb183}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {6a86a7d4-15ae-11e4-af4b-c785118fb183}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {6a86a7d2-15ae-11e4-af4b-c785118fb183}
nx OptIn

Windows Boot Loader
-------------------
identifier {6a86a7d4-15ae-11e4-af4b-c785118fb183}
device ramdisk=[C:]\Recovery\6a86a7d4-15ae-11e4-af4b-c785118fb183\Winre.wim,{6a86a7d5-15ae-11e4-af4b-c785118fb183}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\6a86a7d4-15ae-11e4-af4b-c785118fb183\Winre.wim,{6a86a7d5-15ae-11e4-af4b-c785118fb183}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {6a86a7d2-15ae-11e4-af4b-c785118fb183}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {6a86a7d5-15ae-11e4-af4b-c785118fb183}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\6a86a7d4-15ae-11e4-af4b-c785118fb183\boot.sdi



LastRegBack: 2015-04-04 10:35

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Tom at 2015-04-16 01:05:36
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
Intel® Chipset Device Software (x32 Version: 10.0.24 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Malwarebytes Anti-Exploit version 1.06.1.1018 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1018 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Snagit 12 (HKLM-x32\...\{BCD4C446-A778-4B65-B9BC-2360ED5AA5E3}) (Version: 12.3.1 - TechSmith Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.1.07160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Personalization Manager (HKLM\...\{95E0A642-69BB-45ED-98E0-5ECB58FE8E28}) (Version: 4.2.4.07160 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

23-03-2015 16:45:21 Windows Modules Installer
23-03-2015 17:51:27 Windows Modules Installer
23-03-2015 18:08:23 Windows Update
07-04-2015 19:32:09 Scheduled Checkpoint
07-04-2015 21:26:32 Installed VAIO Update
07-04-2015 21:36:22 Installed Security Update
07-04-2015 21:38:23 Installed Security Update
08-04-2015 00:46:02 Windows Update
08-04-2015 02:41:30 Windows Update
08-04-2015 04:15:39 Windows Update
12-04-2015 21:08:06 Device Driver Package Install: Microsoft Network adapters
12-04-2015 21:47:46 Windows Update
12-04-2015 22:22:44 Installed VAIO Peripherals Metadata
12-04-2015 22:23:02 Installed VAIO Care
12-04-2015 22:52:47 Removed VAIO Care
12-04-2015 22:56:18 Installed VAIO Care
13-04-2015 00:51:08 Installed Microsoft Fix it 50362
15-04-2015 23:49:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-08 03:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11EFE151-0589-4696-AFF0-A7D95B652D96} - \{FA35E2B1-B585-4528-8F8B-78FD7ECD15BA} No Task File <==== ATTENTION
Task: {16DA0083-7F11-4D1C-B644-05EDE7489046} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {1E81C982-23AE-42CB-9766-E4C3F61B273D} - System32\Tasks\{C7A211C2-614A-429F-B07D-3263D6E61446} => pcalua.exe -a C:\Users\Tom\Downloads\regassassin-setup-1.03.exe -d C:\Users\Tom\Downloads
Task: {28E526EA-8ACB-4965-8D8D-B0F85C592068} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION
Task: {2F4BDDBC-8A37-4ACA-A56B-46AB3391C773} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {2FE453AF-9CBA-4F45-926C-786682456800} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3203C416-C602-4710-AE3F-E91F3C7CCD81} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {36F8F507-99B3-4649-B9B6-5C3F4F16F4B4} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {381E2B4B-EB59-4BA6-A6B3-16BE2271028F} - System32\Tasks\{951BFF05-F0F9-4536-9C82-460360D859B9} => pcalua.exe -a "C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3SH0H4A\RIDMSC-00203446-764.EXE" -d C:\Users\Tom\Desktop
Task: {3BAF70F2-9AC0-4FCE-A374-3AFECFB97FB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {49C47F66-2BC7-420C-A43E-5AF63B5EA4DC} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4BC0A8A0-713C-485C-AFA4-8394A45303CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {51A16211-5526-42A2-BDE7-3C57B9884869} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {5D3A492D-B5B0-4B65-9803-F3AB9E4B53B5} - \TechSmith Updater No Task File <==== ATTENTION
Task: {5D927AD2-0096-49A6-871D-7AF08341A35B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {5F08D399-7C1C-422B-8F29-777B3CF6DB23} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {5FB7C99F-938D-4E6D-946A-5A807C97362A} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {61F23EE4-1049-496F-9691-4E4F9602FB97} - \User_Feed_Synchronization-{AC5CD782-08D4-4FEA-A50E-313E97B63E4D} No Task File <==== ATTENTION
Task: {70D72A21-58F3-4456-A551-695791454EF1} - System32\Tasks\{04F87711-BCD4-46C1-BE5A-9C927F707A70} => pcalua.exe -a "H:\New Folder\SOAOTH-00263500-1040(1).EXE" -d "H:\New Folder"
Task: {730A147A-BF4F-4240-8B63-718AE60EECBD} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {74497EE1-F66A-4003-A20A-0B43D9A9E4FE} - System32\Tasks\{9D8252E6-9C09-4E84-9F77-D88E209E06BA} => pcalua.exe -a C:\Users\Tom\Desktop\MRDETH-00211232-0042.EXE -d C:\Users\Tom\Desktop
Task: {7955539C-34B5-470F-8FBB-31A936B3CC9C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8492DE89-1E9F-4D4E-ACBB-5C9EFF0D2B3F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {86C1E78A-8AD9-4B1D-A891-21AB01F07A6A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8B03620B-042E-45B6-AD1F-F74036D6077D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {92744929-7A40-4DA0-B95A-01B145EA339D} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {95147263-2C85-4978-B0A0-1CE37EE673A9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A104245A-4E2A-4B97-9424-228F72763058} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A1EC190F-7709-41C1-99FA-3F84FF04AA00} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {A7429301-BE04-4639-8D3D-DC81751485A5} - System32\Tasks\{1EE854CE-26DC-4AE6-AAF0-8E7F3271DDE8} => pcalua.exe -a "H:\New Folder\HIFOPD-00264794-1040.EXE" -d "H:\New Folder"
Task: {B0C17126-6E62-4B0D-BC97-3FC635383401} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B8824326-89C9-43B7-B573-095B7170B7A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BC878FF6-50EF-4CD6-BB1A-7CEC17C998FB} - \GlaryInitialize 5 No Task File <==== ATTENTION
Task: {C6227F18-846B-41CA-BB75-CA422446BE00} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C69DE7BE-7E3C-40A8-B295-137CAFCACEE9} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {CB598CD3-9F54-48AE-AAC4-F109FD55FF1B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {CEFE5C66-A9AE-42C7-BB4A-284122E9718A} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {DA55C1FA-1308-4944-BD27-1D21327281C0} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E3151CD1-497B-4030-A871-FDDA7BE4FCE5} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {E9360934-812C-4415-B159-D99BE67BD35E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {EAA69958-2F0E-411E-9C68-AF1B4B246866} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F000EE1E-3327-4405-BBEA-E6BB2EA552FF} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {F376BB4F-E85E-466B-9BF7-CA708992C000} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {F4F43AC9-FDFE-4A4C-9D64-F62A934BDA93} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {F7F02F0D-706C-410B-AF7A-9948D8B58EE5} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FA45EDE4-5C91-4A96-AF6C-9BAF18A48CAD} - \USER_ESRV_SVC No Task File <==== ATTENTION
Task: {FF2FD270-EF30-45B3-BB1F-86E3D29F7A2A} - \Adobe Acrobat Update Task No Task File <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-03-19 13:31 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-03-19 13:33 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-15 17:02 - 2014-08-15 17:02 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2014-08-15 17:02 - 2014-08-15 17:02 - 00050688 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll
2014-08-15 17:02 - 2014-08-15 17:02 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1742532388-2945474315-2233388834-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: TechSmith Uploader Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\Windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 12.lnk => C:\Windows\pss\Snagit 12.lnk.CommonStartup
MSCONFIG\startupreg: Everything => "C:\Program Files\Everything\Everything.exe" -startup
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey

==================== Accounts: =============================

Administrator (S-1-5-21-1742532388-2945474315-2233388834-500 - Administrator - Disabled)
Guest (S-1-5-21-1742532388-2945474315-2233388834-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1742532388-2945474315-2233388834-1006 - Limited - Enabled)
Tom (S-1-5-21-1742532388-2945474315-2233388834-1000 - Administrator - Enabled) => C:\Users\Tom

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 01:01:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCSystemTray.exe, version: 8.4.2.12030, time stamp: 0x5476d133
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0xa28
Faulting application start time: 0xVCSystemTray.exe0
Faulting application path: VCSystemTray.exe1
Faulting module path: VCSystemTray.exe2
Report Id: VCSystemTray.exe3

Error: (04/16/2015 01:01:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/16/2015 00:51:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCSystemTray.exe, version: 8.4.2.12030, time stamp: 0x5476d133
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x608
Faulting application start time: 0xVCSystemTray.exe0
Faulting application path: VCSystemTray.exe1
Faulting module path: VCSystemTray.exe2
Report Id: VCSystemTray.exe3

Error: (04/16/2015 00:51:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/16/2015 00:41:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCSystemTray.exe, version: 8.4.2.12030, time stamp: 0x5476d133
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0xfb8
Faulting application start time: 0xVCSystemTray.exe0
Faulting application path: VCSystemTray.exe1
Faulting module path: VCSystemTray.exe2
Report Id: VCSystemTray.exe3

Error: (04/16/2015 00:41:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/16/2015 00:30:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCSystemTray.exe, version: 8.4.2.12030, time stamp: 0x5476d133
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x1398
Faulting application start time: 0xVCSystemTray.exe0
Faulting application path: VCSystemTray.exe1
Faulting module path: VCSystemTray.exe2
Report Id: VCSystemTray.exe3

Error: (04/16/2015 00:30:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()

Error: (04/16/2015 00:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCSystemTray.exe, version: 8.4.2.12030, time stamp: 0x5476d133
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x137c
Faulting application start time: 0xVCSystemTray.exe0
Faulting application path: VCSystemTray.exe1
Faulting module path: VCSystemTray.exe2
Report Id: VCSystemTray.exe3

Error: (04/16/2015 00:20:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()


System errors:
=============
Error: (04/15/2015 11:25:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (04/15/2015 11:25:54 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (04/15/2015 11:25:54 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (04/15/2015 11:25:17 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver RISD returned invalid ID for a child device (0001).

Error: (04/15/2015 11:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RPC Endpoint Mapper service failed to start due to the following error:
%%3

Error: (04/15/2015 11:23:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Store Interface Service service failed to start due to the following error:
%%1053

Error: (04/15/2015 11:23:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.

Error: (04/15/2015 11:22:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Defender service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:
%%1068

Error: (04/15/2015 11:22:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:
%%1062

Error: (04/15/2015 11:22:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/16/2015 01:01:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCSystemTray.exe8.4.2.120305476d133KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940da2801d07801080a1633C:\Program Files\Sony\VAIO Care\VCSystemTray.exeC:\Windows\system32\KERNELBASE.dllb43b70e1-e3f5-11e4-93e9-54424905169a

Error: (04/16/2015 01:01:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/16/2015 00:51:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCSystemTray.exe8.4.2.120305476d133KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d60801d077ff965a6d43C:\Program Files\Sony\VAIO Care\VCSystemTray.exeC:\Windows\system32\KERNELBASE.dll42b217fc-e3f4-11e4-93e9-54424905169a

Error: (04/16/2015 00:51:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/16/2015 00:41:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCSystemTray.exe8.4.2.120305476d133KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940dfb801d077fe220eb70eC:\Program Files\Sony\VAIO Care\VCSystemTray.exeC:\Windows\system32\KERNELBASE.dllce4a70cb-e3f2-11e4-93e9-54424905169a

Error: (04/16/2015 00:41:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (04/16/2015 00:30:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCSystemTray.exe8.4.2.120305476d133KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d139801d077fcb2f10089C:\Program Files\Sony\VAIO Care\VCSystemTray.exeC:\Windows\system32\KERNELBASE.dll59f125d3-e3f1-11e4-93e9-54424905169a

Error: (04/16/2015 00:30:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()

Error: (04/16/2015 00:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCSystemTray.exe8.4.2.120305476d133KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d137c01d077fb43e965a9C:\Program Files\Sony\VAIO Care\VCSystemTray.exeC:\Windows\system32\KERNELBASE.dlledc9d709-e3ef-11e4-93e9-54424905169a

Error: (04/16/2015 00:20:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.ViewModel.MainWindowViewModel.CollectRSOCData(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()


CodeIntegrity Errors:
===================================
Date: 2015-04-08 03:09:52.279
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-08 03:09:52.248
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-07 15:37:32.347
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-07 15:37:32.206
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-27 15:56:57.778
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-27 15:56:57.528
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-27 15:52:04.309
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-27 15:52:04.229
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 65%
Total physical RAM: 3758.1 MB
Available physical RAM: 1292.59 MB
Total Pagefile: 7514.38 MB
Available Pagefile: 4347.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:397.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8489031A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 16 April 2015 - 08:51 AM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 16 April 2015 - 01:49 PM

Greetings and welcome.

Please be sure to copy and paste information in your replies unless we need to attach a file, and I will let you know if/when that is necesary.

Let's start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1742532388-2945474315-2233388834-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-12-11] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
C:\Users\Tom\AppData\Local\Temp\GLF17E.EXE
C:\Users\Tom\AppData\Local\Temp\GLF1879.EXE
C:\Users\Tom\AppData\Local\Temp\GLF18F6.EXE
C:\Users\Tom\AppData\Local\Temp\GLF399B.EXE
C:\Users\Tom\AppData\Local\Temp\GLF3F2C.EXE
C:\Users\Tom\AppData\Local\Temp\GLF4159.EXE
C:\Users\Tom\AppData\Local\Temp\GLF47.EXE
C:\Users\Tom\AppData\Local\Temp\GLF640.EXE
C:\Users\Tom\AppData\Local\Temp\GLF680E.EXE
C:\Users\Tom\AppData\Local\Temp\GLF6DCA.EXE
C:\Users\Tom\AppData\Local\Temp\GLF8B81.EXE
C:\Users\Tom\AppData\Local\Temp\GLF8FF5.EXE
C:\Users\Tom\AppData\Local\Temp\GLFAD3.EXE
C:\Users\Tom\AppData\Local\Temp\GLFC3A1.EXE
C:\Users\Tom\AppData\Local\Temp\GLFC6EF.EXE
C:\Users\Tom\AppData\Local\Temp\GLFCDDF.EXE
C:\Users\Tom\AppData\Local\Temp\GLFD5BB.EXE
C:\Users\Tom\AppData\Local\Temp\GLFDC61.EXE
Task: {11EFE151-0589-4696-AFF0-A7D95B652D96} - \{FA35E2B1-B585-4528-8F8B-78FD7ECD15BA} No Task File <==== ATTENTION
Task: {28E526EA-8ACB-4965-8D8D-B0F85C592068} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION
Task: {5D3A492D-B5B0-4B65-9803-F3AB9E4B53B5} - \TechSmith Updater No Task File <==== ATTENTION
Task: {61F23EE4-1049-496F-9691-4E4F9602FB97} - \User_Feed_Synchronization-{AC5CD782-08D4-4FEA-A50E-313E97B63E4D} No Task File <==== ATTENTION
Task: {BC878FF6-50EF-4CD6-BB1A-7CEC17C998FB} - \GlaryInitialize 5 No Task File <==== ATTENTION
Task: {F4F43AC9-FDFE-4A4C-9D64-F62A934BDA93} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {FA45EDE4-5C91-4A96-AF6C-9BAF18A48CAD} - \USER_ESRV_SVC No Task File <==== ATTENTION
Task: {FF2FD270-EF30-45B3-BB1F-86E3D29F7A2A} - \Adobe Acrobat Update Task No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 19 April 2015 - 02:06 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:49 PM

Posted 21 April 2015 - 09:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users