Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected DNSUnlocker, DNSMohawk.exe, Ads in Browsers, DNS Changed


  • This topic is locked This topic is locked
17 replies to this topic

#1 0@sis

0@sis

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 31 August 2015 - 01:12 PM

I noticed the DNSunlocker ads and attempted to fix with repair software loaded from another computer and didn't discover this forum until later while searching for additional repair options.

 

I used rkill, hitman pro, malwarebytes and ran combofix. Sorry about running combofix, after finding this forum, I should have waited until I could have the scan logs checked here first.

 

After looking over the logs (and trying to understand what I'm looking at), I realize there are possibly still some unresolved issues. I can post rkill and combofix logs by request as well. Thanks!

 

==============

 

FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by *********** (administrator) on ****** (31-08-2015 02:00:41)
Running from D:\Scans
Loaded Profiles: *********** (Available Profiles: boinc_master & ***********)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-25] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-09-26]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-25] (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

FireFox:
========
FF ProfilePath: C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxps://duckduckgo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\***********\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @talk.google.com/O1DPlugin -> C:\Users\***********\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @tools.google.com/Google Update;version=3 -> C:\Users\***********\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @tools.google.com/Google Update;version=9 -> C:\Users\***********\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\***********\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\***********\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Ghostery - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\firefox@ghostery.com.xpi [2015-08-30]
FF Extension: Flash Control - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-08-30]
FF Extension: RequestPolicy - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\requestpolicy@requestpolicy.com.xpi [2015-08-30]
FF Extension: uBlock Origin - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\uBlock0@raymondhill.net.xpi [2015-08-30]
FF Extension: Zoom Page - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\zoompage@DW-dev.xpi [2015-08-30]
FF Extension: Adblock Plus - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-23]

Chrome:
=======
CHR Profile: C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Adblock Plus) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-30]
CHR Extension: (uBlock Origin) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-08-30]
CHR Extension: (Google Search) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Flashcontrol) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-08-30]
CHR Extension: (Ghostery) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (ScriptSafe) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-08-30]
CHR Extension: (Gmail) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\***********\AppData\Local\Temp\crx6F7C.tmp <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-13]

 

 

================================================================================================================

 

 

FRST Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by *********** (2015-08-31 01:59:35)
Running from D:\Scans
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3293407027-2010405097-4186800853-500 - Administrator - Disabled)
boinc_master (S-1-5-21-3293407027-2010405097-4186800853-1000 - Limited - Enabled) => C:\Users\boinc_master
boinc_project (S-1-5-21-3293407027-2010405097-4186800853-1001 - Limited - Enabled)
*********** (S-1-5-21-3293407027-2010405097-4186800853-1006 - Administrator - Enabled) => C:\Users\***********
Guest (S-1-5-21-3293407027-2010405097-4186800853-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3293407027-2010405097-4186800853-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.804 - Corel Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 6510 series Product Improvement Study (HKLM\...\{85CB0687-0239-473E-943B-E8AFEE6E044C}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 3.4 (HKLM-x32\...\{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}) (Version: 3.4.302 - LibreOffice)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.1 - DDNi)
OOBE (x32 Version: 3.10.0630 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.3.00.06040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Remote Play with PlayStation 3 (x32 Version: 1.1.0.12240 - Sony Corporation) Hidden
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.11.4.20100722.2739 - Sony Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VAIO - Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.3.00.06040 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.12240 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.3.0.05310 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (x32 Version: 2.2.00.05120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.2.0.07020 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}) (Version: 12.00.0622 - Sony Corporation)
VAIO Manual (x32 Version: 1.1.0.05280 - Sony Corporation) Hidden
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Quick Web Access (x32 Version: 1.3.4.2 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.2.0.06230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\***********\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\***********\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

31-08-2015 01:17:05 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-08-30 19:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04199D50-2935-4184-B950-7AF1D95DB899} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
Task: {04298E1A-97B1-4975-A7EC-DE09CD2D45CF} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {0912426F-92C7-4159-BAC4-11CD1A3C4495} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {17656D5E-E007-44F8-828B-3561E8D17E57} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)
Task: {20B2056C-9B18-4EEC-9A83-5450024ED8B6} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {249AAE9D-57EB-42E2-8766-E1C03CE61623} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {25515BF0-28C3-4F59-9076-8911F55B0267} - System32\Tasks\{A61ECBE8-940B-44AD-96AC-BDE8616DC981} => pcalua.exe -a "C:\Users\***********\Downloads\Program Downloads\jxpiinstall.exe" -d "C:\Users\***********\Downloads\Program Downloads"
Task: {25D4C478-00D1-40A4-88C3-106ED23B762C} - System32\Tasks\{ACA1C63D-1850-48D1-98FE-1605A6E53088} => pcalua.exe -a "C:\Users\***********\Downloads\Program Downloads\AdobeAIRInstaller.exe" -d "C:\Users\***********\Downloads\Program Downloads"
Task: {2CBD1754-42F1-44AC-81B4-4837608B2E96} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {2DBC158D-5F29-40E2-B510-574DA71210D4} - System32\Tasks\SONY\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {2F611C97-FC0D-4EF1-92B4-CBEF7A5436F9} - \GeniusBox -> No File <==== ATTENTION
Task: {3A1E4E62-F5E0-48B5-9D13-4AF093125D16} - \DonutQuotes -> No File <==== ATTENTION
Task: {3FB9EA0B-6D92-4A55-8633-AF05DF94D54C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: {414A2366-C8BC-4D61-9640-5E71954F25F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4BB1E49C-BC46-4384-B422-8744F51CA9AA} - System32\Tasks\avastBCLRestartS-1-5-21-3293407027-2010405097-4186800853-1006 => Chrome.exe
Task: {50BB6F9F-B6B6-4C1C-A34B-BD1200B33F4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-30] (Adobe Systems Incorporated)
Task: {5374FAD8-C223-4595-8DA2-4C379A50C589} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2012-10-26] (Sony Corporation)
Task: {54B4BBD0-69B3-41F9-9A2C-B0C5FED7EB57} - \ArcadeTwist Support -> No File <==== ATTENTION
Task: {5CE1403B-3D58-43DD-A749-EA4312FCBCA6} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {6FF57625-E8F7-469B-A952-68C0CDA48062} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {7CFC2B2D-6D16-4EEE-8DA3-E03E09075CF4} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {7D5E2E80-B186-4E31-B937-8F19691C29D6} - System32\Tasks\{89271065-19C5-4ED8-8FEB-7AE7B956D486} => pcalua.exe -a "C:\Users\***********\Downloads\Program Downloads\SOAOTH-00263500-1040.EXE" -d "C:\Users\***********\Downloads\Program Downloads"
Task: {7DF6673B-2029-4180-9CB8-BB58DB139C87} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {870B6D14-E1ED-4E43-B75B-7E63B7FA624B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (AVAST Software)
Task: {8DD46D3F-2906-44B7-8501-605B87BDA140} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {954D9729-DDED-4721-8E59-420081A22850} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {95CC060D-44A3-41DF-B6AB-E36E78CEBD8D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {9F0105A6-5DB6-4BDD-8C51-687E3BD0BC78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A43CC6B3-4E4F-44DD-B0EF-E75746CDBE15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {AAEFFFD9-A364-459D-82B9-57B44DC5A36A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {B0AC0B35-84F2-4257-8686-4921BA3E4FB6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {B4758DBA-FC22-4A0A-AF4E-3384848475AF} - \LaunchSignup -> No File <==== ATTENTION
Task: {BF743497-4285-4B68-A09A-C8CC65A68F5E} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {C09505FD-F20D-4B53-A647-D36D2217F4AE} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {C3DB091B-7D16-4502-AD3A-B988DA3D8BA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D5EBE446-4E0B-4F22-87C1-064497FC406E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {DA058E63-109B-4980-AA8E-5B7E074CEDB1} - \ArcadeTwist Updater -> No File <==== ATTENTION
Task: {E45268E6-CFCE-4281-9768-995BD80B9303} - System32\Tasks\Sony\ATI Catalyst => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-20] (Advanced Micro Devices, Inc.)
Task: {EA765F64-27CC-4869-A649-9E3FCF46FBF1} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-05-26 11:55 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00471464 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00148904 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_foreground_window_input.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00022504 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00023552 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00040952 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00184816 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
2012-01-02 00:12 - 2011-02-25 18:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2015-08-25 20:16 - 2015-08-25 20:16 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-25 20:16 - 2015-08-25 20:16 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-30 15:48 - 2015-08-30 15:48 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15083002\algo.dll
2010-09-26 02:13 - 2010-05-31 22:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-09-26 02:13 - 2010-05-31 22:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-04-13 19:13 - 2015-04-13 19:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00131072 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00015872 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00109568 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
2014-12-20 10:29 - 2014-12-20 10:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-07-12 17:29 - 2010-03-03 23:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2012-12-18 15:08 - 2012-12-18 15:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\***********\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^***********^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\***********\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_62942BFCAE6D711F261C0BCDE4F08C48 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EC41491FFFB82719F333251D3E47D044 => "C:\Users\***********\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C27FB7A0-9176-4448-9E22-84EA4F3B6040}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98544CE9-C918-47E6-B5AD-74795065C524}] => (Allow) svchost.exe
FirewallRules: [{D8957376-7B9F-4719-B292-35C375AE94D2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0FF9A673-6892-4BB3-9FBA-BAC2C1C765DD}] => (Allow) C:\Users\***********\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{957820F8-C05E-498A-8675-11B9E544C3D0}] => (Allow) C:\Users\***********\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3F94DA65-34F1-4BCB-9300-832F71C5413B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C3296F8-9B4F-4883-AA3E-4D17F17BEAFB}] => (Allow) LPort=2869
FirewallRules: [{7F06C403-3DBC-4EB3-886E-2EE52BF61B86}] => (Allow) LPort=1900
FirewallRules: [{91E2D94A-ACE6-49DD-BA00-CC62DD851604}] => (Allow) C:\Users\***********\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{C620E821-0BE8-4BF4-B8E5-E569FE83F96B}] => (Allow) C:\Users\***********\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E7415822-9D98-402C-9AB7-5887F84E457C}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{56041CF5-6C1E-499E-B4BE-EAB28111F107}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{58C29BC8-35BA-4593-B31C-234A1C122DE0}] => (Allow) C:\Users\***********\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{EC0E32DE-0AE2-4F65-8749-DEB021F27058}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1E16D9F-4D3F-48B9-81E6-D5C92031C283}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42F649AA-F706-45EF-8D8F-FAC78A36E113}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: wStLib64
Description: wStLib64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wStLib64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2015 07:55:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x800706be).

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (08/30/2015 07:57:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/30/2015 07:56:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
wStLib64

Error: (08/30/2015 07:45:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/30/2015 07:45:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/30/2015 07:41:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/30/2015 07:31:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The VAIO Care Performance Service service hung on starting.

Error: (08/30/2015 07:27:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (08/30/2015 07:27:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (08/30/2015 07:26:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/30/2015 07:26:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Microsoft Office:
=========================
Error: (08/30/2015 07:55:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x800706be

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


CodeIntegrity:
===================================
  Date: 2015-08-30 19:45:10.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-30 19:45:10.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3950.1 MB
Available physical RAM: 1248.11 MB
Total Virtual: 7898.4 MB
Available Virtual: 4475.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.02 GB) (Free:324.56 GB) NTFS
Drive d: () (Fixed) (Total:29.8 GB) (Free:8.27 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 30E49EA1)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 50F07916)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

 

 

 

 


Edited by 0@sis, 31 August 2015 - 01:16 PM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 AM

Posted 01 September 2015 - 03:40 AM

Hey, :)

Please post all logs you have so far (RKILL & COMBOFIX). Thank you.

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
  •  

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • JRT.txt
  • AdwCleaner[C1].txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 01 September 2015 - 01:24 PM

Hello and thank you for your assistance!

 

rkill log:

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2015 07:29:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\Windows\AppPatch\nbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 08/30/2015 07:34:43 PM
Execution time: 0 hours(s), 5 minute(s), and 26 seconds(s)
 

===============================================================================================================

 

Combofix log:

 

ComboFix 15-08-27.01 - *********** 08/30/2015  19:38:22.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3950.1862 [GMT -4:00]
Running from: D:\Scans\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\security\Database\tmp.edb


(((((((((((((((((((((((((   Files Created from 2015-07-28 to 2015-08-30  )))))))))))))))))))))))))))))))


2015-08-30 23:45:51 . 2015-08-30 23:45:51    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2015-08-30 23:45:51 . 2015-08-30 23:45:51    --------    d-----w-    C:\Users\boinc_master\AppData\Local\temp
2015-08-30 23:41:42 . 2015-08-30 23:41:43    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8B0700B-30D5-4384-83D3-688D624912A0}\offreg.6564.dll
2015-08-30 23:11:52 . 2015-08-30 23:11:52    --------    d-----w-    C:\Program Files (x86)\Common Files\Java
2015-08-30 23:10:38 . 2015-08-30 23:10:14    97888    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-30 22:47:41 . 2015-08-30 22:47:41    778440    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-30 22:47:41 . 2015-08-30 22:47:41    142536    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-30 22:42:40 . 2015-08-30 22:42:40    --------    d-----w-    C:\Program Files\VideoLAN
2015-08-30 22:12:01 . 2015-08-30 22:12:02    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8B0700B-30D5-4384-83D3-688D624912A0}\offreg.7004.dll
2015-08-30 19:44:42 . 2015-08-30 19:44:42    --------    d-----w-    C:\Windows\SysWow64\config\systemprofile\.oracle_jre_usage
2015-08-30 19:40:48 . 2015-08-20 08:18:02    11745192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8B0700B-30D5-4384-83D3-688D624912A0}\mpengine.dll
2015-08-30 19:37:04 . 2015-08-30 19:37:04    --------    d-----w-    C:\Users\***********\.oracle_jre_usage
2015-08-30 18:34:20 . 2015-08-30 18:34:20    --------    d-----w-    C:\Program Files\HitmanPro
2015-08-30 16:39:53 . 2015-08-30 16:39:53    --------    d-----w-    C:\ProgramData\9164af1000002e85
2015-08-26 00:16:07 . 2015-08-26 00:16:06    378880    ----a-w-    C:\Windows\system32\aswBoot.exe
2015-08-26 00:16:02 . 2015-08-26 00:16:02    43112    ----a-w-    C:\Windows\avastSS.scr
2015-08-25 02:17:55 . 2015-08-27 05:53:20    --------    d-----w-    C:\ProgramData\a6f07fe0000056a5
2015-08-19 07:01:14 . 2015-08-11 01:20:28    25191936    ----a-w-    C:\Windows\system32\mshtml.dll
2015-08-19 07:01:13 . 2015-08-11 01:14:35    2724864    ----a-w-    C:\Windows\system32\mshtml.tlb
2015-08-19 07:01:12 . 2015-08-11 00:33:19    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2015-08-12 07:18:40 . 2015-07-30 13:13:38    103120    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:18:40 . 2015-07-30 13:13:11    124624    ----a-w-    C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 22:31:39 . 2015-07-20 18:12:45    3154944    ----a-w-    C:\Windows\system32\wucltux.dll
2015-08-11 22:30:31 . 2015-07-10 17:51:19    3722752    ----a-w-    C:\Windows\system32\mstscax.dll
2015-08-11 22:30:31 . 2015-07-10 17:34:02    3221504    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2015-08-11 22:30:30 . 2015-07-10 17:51:27    44032    ----a-w-    C:\Windows\system32\tsgqec.dll
2015-08-11 22:30:30 . 2015-07-10 17:51:10    158720    ----a-w-    C:\Windows\system32\aaclient.dll
2015-08-11 22:30:30 . 2015-07-10 17:34:09    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2015-08-11 22:30:30 . 2015-07-10 17:33:50    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2015-08-11 22:30:14 . 2015-07-15 03:19:45    52736    ----a-w-    C:\Windows\system32\basesrv.dll
2015-08-11 22:19:01 . 2015-05-09 18:26:06    493504    ----a-w-    C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 23:24:47 . 2015-08-09 23:24:58    --------    d-----w-    C:\Users\***********\AppData\Local\Chromium
2015-08-09 23:16:32 . 2015-08-12 05:16:10    --------    d-----w-    C:\Users\***********\AppData\Local\{5F17694B-7BBF-05F3-1627-201B324FDC83}
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-08-30 23:25:56 . 2014-07-15 18:35:55    113880    ----a-w-    C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-08-26 00:16:56 . 2013-05-23 21:01:12    1048344    ----a-w-    C:\Windows\system32\drivers\aswsnx.sys
2015-08-26 00:16:06 . 2014-04-21 22:19:40    28656    ----a-w-    C:\Windows\system32\drivers\aswHwid.sys
2015-08-26 00:16:06 . 2014-01-06 14:38:52    150672    ----a-w-    C:\Windows\system32\drivers\aswStm.sys
2015-08-26 00:16:06 . 2013-05-23 21:01:14    447944    ----a-w-    C:\Windows\system32\drivers\aswSP.sys
2015-08-26 00:16:06 . 2013-05-23 21:01:13    93528    ----a-w-    C:\Windows\system32\drivers\aswRdr2.sys
2015-08-26 00:16:06 . 2013-05-23 21:01:11    274808    ----a-w-    C:\Windows\system32\drivers\aswVmm.sys
2015-08-26 00:16:06 . 2013-05-23 21:01:09    65224    ----a-w-    C:\Windows\system32\drivers\aswRvrt.sys
2015-08-26 00:16:06 . 2013-05-23 21:01:04    90968    ----a-w-    C:\Windows\system32\drivers\aswMonFlt.sys
2015-08-12 07:02:18 . 2011-04-26 18:25:06    132483416    ----a-w-    C:\Windows\system32\MRT.exe
2015-07-15 17:54:40 . 2015-08-11 22:31:09    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2015-07-04 18:07:11 . 2015-07-15 14:15:05    2087424    ----a-w-    C:\Windows\system32\ole32.dll
2015-07-04 17:48:36 . 2015-07-15 14:15:05    1414656    ----a-w-    C:\Windows\SysWow64\ole32.dll
2015-06-23 17:30:20 . 2011-04-26 18:17:55    300704    ------w-    C:\Windows\system32\MpSigStub.exe
2015-06-18 12:41:56 . 2014-07-15 18:35:20    63704    ----a-w-    C:\Windows\system32\drivers\mwac.sys
2015-06-18 12:41:44 . 2014-07-15 18:35:20    109272    ----a-w-    C:\Windows\system32\drivers\mbamchameleon.sys
2015-06-18 12:41:40 . 2014-01-18 16:26:09    25816    ----a-w-    C:\Windows\system32\drivers\mbam.sys
2015-06-17 17:47:05 . 2015-07-15 14:21:20    404992    ----a-w-    C:\Windows\system32\gdi32.dll
2015-06-17 17:37:03 . 2015-07-15 14:21:20    312320    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2015-06-15 21:50:42 . 2015-07-15 14:14:33    112064    ----a-w-    C:\Windows\system32\consent.exe
2015-06-15 21:45:42 . 2015-07-15 14:14:34    3242496    ----a-w-    C:\Windows\system32\msi.dll
2015-06-15 21:45:42 . 2015-07-15 14:14:31    504320    ----a-w-    C:\Windows\system32\msihnd.dll
2015-06-15 21:45:34 . 2015-07-15 14:14:34    1941504    ----a-w-    C:\Windows\system32\authui.dll
2015-06-15 21:45:34 . 2015-07-15 14:14:31    70656    ----a-w-    C:\Windows\system32\appinfo.dll
2015-06-15 21:44:47 . 2015-07-15 14:14:33    128000    ----a-w-    C:\Windows\system32\msiexec.exe
2015-06-15 21:43:35 . 2015-07-15 14:14:34    2364416    ----a-w-    C:\Windows\SysWow64\msi.dll
2015-06-15 21:43:35 . 2015-07-15 14:14:33    337408    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2015-06-15 21:43:24 . 2015-07-15 14:14:34    1805824    ----a-w-    C:\Windows\SysWow64\authui.dll
2015-06-15 21:42:49 . 2015-07-15 14:14:33    73216    ----a-w-    C:\Windows\SysWow64\msiexec.exe
2015-06-15 21:42:46 . 2015-07-15 14:14:31    25088    ----a-w-    C:\Windows\system32\msimsg.dll
2015-06-15 21:37:15 . 2015-07-15 14:14:31    25088    ----a-w-    C:\Windows\SysWow64\msimsg.dll
2015-06-02 00:07:15 . 2015-07-15 14:21:53    254976    ----a-w-    C:\Windows\system32\cewmdm.dll
2015-06-01 23:47:09 . 2015-07-15 14:21:52    210432    ----a-w-    C:\Windows\SysWow64\cewmdm.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6510 series (NET)"="C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 16:31:08 2676584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 03:16:04 284696]
"SmartWiHelper"="C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 18:07:40 89080]
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 00:01:52 673136]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-21 01:34:04 102400]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" [2015-08-26 00:17:23 6111824]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 18:50:10 96056]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 16:47:26 597552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""

R1 wStLib64;wStLib64; [x]
R2 aswStm;aswStm;C:\Windows\system32\drivers\aswStm.sys;C:\Windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys;C:\Windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys;C:\Windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys;C:\Windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;C:\Windows\system32\drivers\aswHwid.sys;C:\Windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe;C:\Program Files\Common Files\Motive\McciCMService.exe [x]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;C:\Windows\system32\drivers\regi.sys;C:\Windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys;C:\Windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys;C:\Windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [x]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys;C:\Windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys;C:\Windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys;C:\Windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys;C:\Windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;C:\Windows\system32\drivers\semav6thermal64ro.sys;C:\Windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys;C:\Windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe;C:\Program Files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe;C:\Program Files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-30 19:20:28    993608    ----a-w-    C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2015-08-30 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-30 22:47:42 . 2015-08-30 22:47:42]

2015-08-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-26 05:49:35 . 2015-08-30 04:07:25]

2015-08-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-26 05:49:35 . 2015-08-30 04:07:25]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 13:23:18    775496    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 13:23:18    775496    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 13:23:18    775496    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-26 00:16:06    778056    ----a-w-    C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 21:38:57 10775584]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 21:38:47 2040352]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = C:\Windows\system32\blank.htm
mSearch Page = https://www.google.com/search?q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - C:\Windows\System32\SPReview\SPReview.exe
HKLM-Run-Apoint - C:\Program Files (x86)\Apoint\Apoint.exe
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}\VAIO Messenger Setup 2.0.348.0.exe
 

================================================================================================================

 

MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/1/2015
Scan Time: 1:16 PM
Logfile: MBAM_Log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.01.04
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ***********

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432398
Time Elapsed: 41 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

================================================================================================================

 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by ************ on Tue 09/01/2015 at 14:01:41.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] wStLib64 [Reboot required]



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\Users\************\Appdata\Local\5f1c4f02d749a3bc692556b07193f019



~~~ Folders

Successfully deleted: [Folder] C:\Users\************\Appdata\Local\packageaware
Successfully deleted: [Folder] C:\ProgramData\9164af1000002e85
Successfully deleted: [Folder] C:\ProgramData\a6f07fe0000056a5



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj

[C:\Users\************\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\************\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\************\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\************\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  bejbohlohkkgompgecdcbbglkpjfjgdj,
  booedmolknjekdopkepjjeckmjkdpfgl,
  flpcjncodpafbgdpnkljologafpionhb,
  ndibdjnfmopecpmkdieinmbadjfpblof
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/01/2015 at 14:07:32.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

==============================================================================================================

 

ADWCleaner log:

 

# AdwCleaner v5.005 - Logfile created 01/09/2015 at 14:18:25
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : ********** - ************
# Running from : C:\Users\************\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : wStLib64

***** [ Folders ] *****

[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\13e0f113-2ca7-d467-7902-042ff88fbfd6
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Web browsers ] *****

[-] [C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\************\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : cassiopesa
[-] [C:\Users\************\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.cassiopessa.com/?f=1&a=csp_tight14_15_32&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0DzyyEyCyC0EtB0DtBzztN0D0Tzu0StCtAtCyCtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0EzztCzyyEyC0EtGtAyDyE0CtG0B0Dzz0CtGyB0AtAyCtGzz0CzzzytA0B0D0CtBzz0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyC0EyE0F0ByBtGtA0D0A0BtGyE0ByEyEtG0AyByBtCtGyCtAyDyCtCtCtByB0EyEzztA2QtN0A0LzuyE&cr=587282833&ir=&uref=chmm

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3038 bytes] ##########
 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 AM

Posted 01 September 2015 - 01:43 PM

Well done. :)

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 01 September 2015 - 02:40 PM

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by ************ (administrator) on ****** (01-09-2015 15:19:29)
Running from C:\Users\************\Desktop
Loaded Profiles: ************ (Available Profiles: boinc_master & ************)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\instup.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
(http://www.ruby-lang.org/) C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\************\AppData\Local\Temp\ocr909B.tmp\bin\rubyw.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-25] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-09-26]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
Tcpip\..\Interfaces\{945505D3-E045-4D91-A84D-0EE4554BB763}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-25] (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

FireFox:
========
FF ProfilePath: C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxps://duckduckgo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\************\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @talk.google.com/O1DPlugin -> C:\Users\************\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @tools.google.com/Google Update;version=3 -> C:\Users\************\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @tools.google.com/Google Update;version=9 -> C:\Users\************\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\************\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\************\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Ghostery - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\firefox@ghostery.com.xpi [2015-08-30]
FF Extension: Flash Control - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-08-30]
FF Extension: RequestPolicy - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\requestpolicy@requestpolicy.com.xpi [2015-08-30]
FF Extension: uBlock Origin - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\uBlock0@raymondhill.net.xpi [2015-08-30]
FF Extension: Zoom Page - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\zoompage@DW-dev.xpi [2015-08-30]
FF Extension: Adblock Plus - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-23]

Chrome:
=======
CHR Profile: C:\Users\************\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Adblock Plus) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-30]
CHR Extension: (uBlock Origin) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-08-30]
CHR Extension: (Google Search) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Flashcontrol) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-08-30]
CHR Extension: (Ghostery) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (ScriptSafe) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-08-30]
CHR Extension: (Gmail) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-25] (AVAST Software)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [53248 2012-02-09] (Digital Delivery Networks, Inc.) [File not signed]
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-25] (AVAST Software)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel® Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U2 MSSQL$DDNI; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 15:19 - 2015-09-01 15:20 - 00022374 _____ C:\Users\************\Desktop\FRST.txt
2015-09-01 15:19 - 2015-08-31 01:55 - 02188288 _____ (Farbar) C:\Users\************\Desktop\FRST64.exe
2015-09-01 14:59 - 2015-09-01 14:59 - 00003166 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-09-01 14:37 - 2015-09-01 14:37 - 03748507 _____ C:\Users\************\Desktop\bookmarks_9_1_15.html
2015-09-01 14:12 - 2015-09-01 14:18 - 00000000 ____D C:\AdwCleaner
2015-09-01 13:48 - 2015-09-01 13:16 - 01654272 _____ C:\Users\************\Desktop\AdwCleaner.exe
2015-09-01 13:48 - 2015-09-01 13:15 - 01799392 _____ (Malwarebytes Corporation) C:\Users\************\Desktop\JRT.exe
2015-09-01 13:10 - 2015-09-01 13:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1ED220B4.sys
2015-08-31 01:57 - 2015-09-01 15:19 - 00000000 ____D C:\FRST
2015-08-31 00:20 - 2015-08-31 00:20 - 00461353 _____ C:\Users\************\AppData\Local\census.cache
2015-08-31 00:19 - 2015-08-31 00:19 - 00182123 _____ C:\Users\************\AppData\Local\ars.cache
2015-08-30 20:28 - 2015-08-30 20:28 - 00000010 _____ C:\Users\************\AppData\Local\sponge.last.runtime.cache
2015-08-30 20:03 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-08-30 20:01 - 2015-08-30 20:01 - 00000036 _____ C:\Users\************\AppData\Local\housecall.guid.cache
2015-08-30 19:54 - 2015-08-30 19:54 - 00000000 ___SD C:\ComboFix
2015-08-30 19:48 - 2015-08-30 19:48 - 00027671 _____ C:\ComboFix.txt
2015-08-30 19:35 - 2015-08-30 19:47 - 00000000 ____D C:\Windows\erdnt
2015-08-30 19:35 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-30 19:10 - 2015-08-30 19:10 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 19:10 - 2015-08-30 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-30 18:49 - 2015-08-30 18:49 - 00003242 _____ C:\Windows\System32\Tasks\{A61ECBE8-940B-44AD-96AC-BDE8616DC981}
2015-08-30 18:47 - 2015-09-01 15:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 18:47 - 2015-08-30 18:47 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-30 18:47 - 2015-08-30 18:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-30 18:47 - 2015-08-30 18:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-30 18:42 - 2015-08-30 18:42 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-30 18:20 - 2015-08-30 18:20 - 00003254 _____ C:\Windows\System32\Tasks\{ACA1C63D-1850-48D1-98FE-1605A6E53088}
2015-08-30 15:37 - 2015-08-30 15:37 - 00000000 ____D C:\Users\************\AppData\Roaming\Sun
2015-08-30 15:37 - 2015-08-30 15:37 - 00000000 ____D C:\Users\************\.oracle_jre_usage
2015-08-30 15:35 - 2015-08-30 15:35 - 00018230 _____ C:\Windows\system32\.crusader
2015-08-30 14:43 - 2015-08-30 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-30 14:34 - 2015-08-30 14:34 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-30 12:26 - 2015-08-30 12:26 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-28 20:36 - 2015-08-28 20:36 - 00000061 _____ C:\Windows\dcmvwr.INI
2015-08-25 20:16 - 2015-08-25 20:16 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-25 20:16 - 2015-08-25 20:16 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-24 21:05 - 2015-08-24 21:05 - 00000000 ____D C:\Users\************\Documents\Sony PMB
2015-08-19 03:01 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 03:01 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 03:01 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 03:01 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 03:18 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:18 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 18:35 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 18:35 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 18:35 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 18:35 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 18:35 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 18:35 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 18:35 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 18:35 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 18:35 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 18:35 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 18:35 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 18:35 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 18:35 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 18:35 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 18:35 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 18:35 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 18:35 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 18:35 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 18:35 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 18:35 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 18:35 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 18:35 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 18:35 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 18:35 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 18:35 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 18:35 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 18:35 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 18:35 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 18:35 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 18:35 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 18:35 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 18:35 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 18:35 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 18:35 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 18:35 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 18:35 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 18:35 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 18:35 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 18:35 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 18:35 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 18:35 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 18:35 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 18:35 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 18:35 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 18:35 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 18:35 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 18:35 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 18:35 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 18:35 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 18:35 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 18:35 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 18:35 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 18:35 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 18:35 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 18:35 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 18:35 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 18:31 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 18:31 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 18:31 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 18:31 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 18:31 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 18:31 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 18:31 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 18:31 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 18:31 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 18:31 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 18:31 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 18:31 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 18:31 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 18:31 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 18:31 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 18:31 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 18:31 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 18:31 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 18:31 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 18:31 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 18:31 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 18:31 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 18:31 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 18:31 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 18:31 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 18:31 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 18:31 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 18:31 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 18:31 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 18:30 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 18:30 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 18:30 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 18:30 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 18:30 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 18:30 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 18:30 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 18:28 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 18:28 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 18:28 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 18:28 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 18:28 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 18:28 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 18:28 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 18:28 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 18:28 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 18:28 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 18:28 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 18:28 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 18:28 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 18:28 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 18:28 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 18:28 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 18:28 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 18:28 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 18:28 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 18:28 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 18:28 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 18:19 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 20:16 - 2015-08-12 00:16 - 00000096 _____ C:\Users\************\AppData\Roaming\WB.CFG
2015-08-09 19:24 - 2015-08-09 19:24 - 00000000 ____D C:\Users\************\AppData\Local\Chromium
2015-08-09 19:16 - 2015-08-12 01:16 - 00000000 ____D C:\Users\************\AppData\Local\{5F17694B-7BBF-05F3-1627-201B324FDC83}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 15:18 - 2010-09-26 01:49 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-01 15:17 - 2014-07-15 14:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 15:17 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 15:00 - 2014-12-26 14:46 - 00000000 ____D C:\Program Files\pia_manager
2015-09-01 15:00 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 14:34 - 2009-07-14 00:45 - 00020032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 14:34 - 2009-07-14 00:45 - 00020032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 13:13 - 2011-04-26 14:07 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1A2EEA1-49B1-4613-9157-EF2C0268F630}
2015-09-01 13:11 - 2013-05-23 17:01 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-31 02:36 - 2010-09-26 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayStation Tools
2015-08-31 02:36 - 2010-07-12 17:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-31 02:35 - 2010-09-26 02:03 - 00000000 ____D C:\Program Files (x86)\Sony
2015-08-30 19:58 - 2011-04-26 15:03 - 00000000 ____D C:\Users\************\AppData\Roaming\vlc
2015-08-30 19:48 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-08-30 19:45 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-08-30 19:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2015-08-30 19:12 - 2013-11-03 18:06 - 00000000 ____D C:\ProgramData\Oracle
2015-08-30 19:11 - 2011-04-26 15:05 - 00000000 ____D C:\Users\************\AppData\Local\Adobe
2015-08-30 19:09 - 2014-08-20 06:22 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-30 18:59 - 2011-04-26 14:14 - 00000000 ____D C:\Program Files\CCleaner
2015-08-30 18:43 - 2013-10-13 00:45 - 00000831 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-30 18:34 - 2011-04-26 15:40 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2015-08-30 18:28 - 2011-04-26 14:14 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-30 15:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-30 15:43 - 2013-04-14 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-30 15:37 - 2011-04-26 10:06 - 00000000 ____D C:\Users\************
2015-08-30 15:35 - 2013-05-23 16:43 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-30 14:48 - 2010-09-26 02:02 - 00000000 ____D C:\ProgramData\Skype
2015-08-30 13:59 - 2010-09-26 01:49 - 00000000 ____D C:\Program Files\Google
2015-08-30 13:59 - 2010-09-26 01:49 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-30 13:59 - 2009-07-14 01:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-30 12:41 - 2011-04-26 14:08 - 00000000 ____D C:\Users\************\AppData\Local\Google
2015-08-30 12:38 - 2010-09-26 01:49 - 00000000 ____D C:\ProgramData\Google
2015-08-30 12:33 - 2014-07-15 14:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-30 12:26 - 2014-07-15 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-30 12:07 - 2014-12-26 14:35 - 00000000 __SHD C:\Users\************\AppData\Local\EmieUserList
2015-08-30 12:07 - 2014-12-26 14:35 - 00000000 __SHD C:\Users\************\AppData\Local\EmieSiteList
2015-08-30 12:07 - 2014-12-26 14:35 - 00000000 __SHD C:\Users\************\AppData\Local\EmieBrowserModeList
2015-08-30 00:07 - 2010-09-26 01:49 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 00:07 - 2010-09-26 01:49 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-30 00:07 - 2010-09-26 01:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 03:29 - 2011-05-11 15:42 - 00000000 ____D C:\Users\************\Documents\A2 - Business Start-up
2015-08-25 20:16 - 2014-04-21 18:19 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-25 20:16 - 2014-01-06 10:38 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-25 02:38 - 2011-05-11 15:45 - 00000000 ____D C:\Users\************\Documents\A1 - Interior Design
2015-08-22 19:34 - 2014-09-13 02:44 - 00000000 ____D C:\Users\************\Documents\Travel
2015-08-21 07:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-21 07:01 - 2011-05-26 11:44 - 00000000 ____D C:\Users\************\AppData\Local\CrashDumps
2015-08-16 14:37 - 2015-02-01 01:35 - 00002002 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-16 14:37 - 2015-02-01 01:35 - 00002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-16 14:37 - 2015-02-01 01:35 - 00001990 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-16 14:37 - 2015-02-01 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-12 03:39 - 2009-07-14 00:45 - 00364448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:35 - 2014-12-10 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:35 - 2014-07-10 03:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:10 - 2013-08-05 00:53 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:02 - 2011-04-26 14:25 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-09 19:17 - 2011-05-11 15:33 - 00000000 ____D C:\Users\************\Documents\************ Misc
2015-08-09 19:16 - 2013-08-01 06:25 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-09 19:16 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-09 19:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

==================== Files in the root of some directories =======

2015-08-09 20:16 - 2015-08-12 00:16 - 0000096 _____ () C:\Users\************\AppData\Roaming\WB.CFG
2015-08-31 00:19 - 2015-08-31 00:19 - 0182123 _____ () C:\Users\************\AppData\Local\ars.cache
2015-08-31 00:20 - 2015-08-31 00:20 - 0461353 _____ () C:\Users\************\AppData\Local\census.cache
2015-08-30 20:01 - 2015-08-30 20:01 - 0000036 _____ () C:\Users\************\AppData\Local\housecall.guid.cache
2013-11-17 22:38 - 2013-11-17 22:38 - 0007605 _____ () C:\Users\************\AppData\Local\Resmon.ResmonCfg
2015-08-30 20:28 - 2015-08-30 20:28 - 0000010 _____ () C:\Users\************\AppData\Local\sponge.last.runtime.cache
2011-09-02 20:43 - 2011-09-02 20:48 - 0000000 _____ () C:\Users\************\AppData\Local\{96BB1963-E44D-4EAB-82F0-CE4E36001D84}
2014-02-24 14:38 - 2014-02-24 14:38 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-05-18 14:54 - 2011-05-18 14:54 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2012-05-25 14:48 - 2012-05-25 19:23 - 0000903 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\************\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 00:09

==================== End of FRST.txt ============================

 

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by ************ (2015-09-01 15:20:45)
Running from C:\Users\************\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3293407027-2010405097-4186800853-500 - Administrator - Disabled)
boinc_master (S-1-5-21-3293407027-2010405097-4186800853-1000 - Limited - Enabled) => C:\Users\boinc_master
boinc_project (S-1-5-21-3293407027-2010405097-4186800853-1001 - Limited - Enabled)
************ (S-1-5-21-3293407027-2010405097-4186800853-1006 - Administrator - Enabled) => C:\Users\************
Guest (S-1-5-21-3293407027-2010405097-4186800853-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3293407027-2010405097-4186800853-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.804 - Corel Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 6510 series Product Improvement Study (HKLM\...\{85CB0687-0239-473E-943B-E8AFEE6E044C}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 3.4 (HKLM-x32\...\{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}) (Version: 3.4.302 - LibreOffice)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.1 - DDNi)
OOBE (x32 Version: 3.10.0630 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.3.00.06040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.11.4.20100722.2739 - Sony Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VAIO - Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.3.00.06040 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.3.0.05310 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (x32 Version: 2.2.00.05120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.2.0.07020 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}) (Version: 12.00.0622 - Sony Corporation)
VAIO Manual (x32 Version: 1.1.0.05280 - Sony Corporation) Hidden
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Quick Web Access (x32 Version: 1.3.4.2 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.2.0.06230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\************\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\************\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

31-08-2015 01:17:05 Scheduled Checkpoint
31-08-2015 02:22:33 Removed Microsoft Office 2010
31-08-2015 02:36:00 Removed Remote Play with PlayStation®3
01-09-2015 13:19:01 Windows Update
01-09-2015 14:01:30 JRT Pre-Junkware Removal
01-09-2015 14:01:43 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-08-30 19:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04199D50-2935-4184-B950-7AF1D95DB899} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
Task: {04298E1A-97B1-4975-A7EC-DE09CD2D45CF} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {0912426F-92C7-4159-BAC4-11CD1A3C4495} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {17656D5E-E007-44F8-828B-3561E8D17E57} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)
Task: {1B541244-06A2-46B0-AF54-C4336EAB82C0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {20B2056C-9B18-4EEC-9A83-5450024ED8B6} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {249AAE9D-57EB-42E2-8766-E1C03CE61623} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {25515BF0-28C3-4F59-9076-8911F55B0267} - System32\Tasks\{A61ECBE8-940B-44AD-96AC-BDE8616DC981} => pcalua.exe -a "C:\Users\************\Downloads\Program Downloads\jxpiinstall.exe" -d "C:\Users\************\Downloads\Program Downloads"
Task: {25D4C478-00D1-40A4-88C3-106ED23B762C} - System32\Tasks\{ACA1C63D-1850-48D1-98FE-1605A6E53088} => pcalua.exe -a "C:\Users\************\Downloads\Program Downloads\AdobeAIRInstaller.exe" -d "C:\Users\************\Downloads\Program Downloads"
Task: {2CBD1754-42F1-44AC-81B4-4837608B2E96} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {2DBC158D-5F29-40E2-B510-574DA71210D4} - System32\Tasks\SONY\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {2F611C97-FC0D-4EF1-92B4-CBEF7A5436F9} - \GeniusBox -> No File <==== ATTENTION
Task: {3A1E4E62-F5E0-48B5-9D13-4AF093125D16} - \DonutQuotes -> No File <==== ATTENTION
Task: {3FB9EA0B-6D92-4A55-8633-AF05DF94D54C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: {414A2366-C8BC-4D61-9640-5E71954F25F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4BB1E49C-BC46-4384-B422-8744F51CA9AA} - System32\Tasks\avastBCLRestartS-1-5-21-3293407027-2010405097-4186800853-1006 => Chrome.exe
Task: {50BB6F9F-B6B6-4C1C-A34B-BD1200B33F4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-30] (Adobe Systems Incorporated)
Task: {5374FAD8-C223-4595-8DA2-4C379A50C589} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2012-10-26] (Sony Corporation)
Task: {54B4BBD0-69B3-41F9-9A2C-B0C5FED7EB57} - \ArcadeTwist Support -> No File <==== ATTENTION
Task: {5CE1403B-3D58-43DD-A749-EA4312FCBCA6} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {7CFC2B2D-6D16-4EEE-8DA3-E03E09075CF4} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {7D5E2E80-B186-4E31-B937-8F19691C29D6} - System32\Tasks\{89271065-19C5-4ED8-8FEB-7AE7B956D486} => pcalua.exe -a "C:\Users\************\Downloads\Program Downloads\SOAOTH-00263500-1040.EXE" -d "C:\Users\************\Downloads\Program Downloads"
Task: {7DF6673B-2029-4180-9CB8-BB58DB139C87} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {870B6D14-E1ED-4E43-B75B-7E63B7FA624B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (AVAST Software)
Task: {8DD46D3F-2906-44B7-8501-605B87BDA140} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {954D9729-DDED-4721-8E59-420081A22850} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {95CC060D-44A3-41DF-B6AB-E36E78CEBD8D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {9F0105A6-5DB6-4BDD-8C51-687E3BD0BC78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A2889AA2-CD9D-4FC2-A9C3-205E1D767418} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-09-01] ()
Task: {A43CC6B3-4E4F-44DD-B0EF-E75746CDBE15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {AAEFFFD9-A364-459D-82B9-57B44DC5A36A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {B0AC0B35-84F2-4257-8686-4921BA3E4FB6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {B4758DBA-FC22-4A0A-AF4E-3384848475AF} - \LaunchSignup -> No File <==== ATTENTION
Task: {BF743497-4285-4B68-A09A-C8CC65A68F5E} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {C09505FD-F20D-4B53-A647-D36D2217F4AE} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {C3DB091B-7D16-4502-AD3A-B988DA3D8BA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D5EBE446-4E0B-4F22-87C1-064497FC406E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {DA058E63-109B-4980-AA8E-5B7E074CEDB1} - \ArcadeTwist Updater -> No File <==== ATTENTION
Task: {E45268E6-CFCE-4281-9768-995BD80B9303} - System32\Tasks\Sony\ATI Catalyst => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-20] (Advanced Micro Devices, Inc.)
Task: {EA765F64-27CC-4869-A649-9E3FCF46FBF1} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-05-26 11:55 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2010-08-24 14:39 - 2010-08-24 14:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-26 15:22 - 2011-04-26 15:22 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00471464 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00148904 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_foreground_window_input.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00022504 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00023552 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00040952 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00184816 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
2015-08-25 20:16 - 2015-08-25 20:16 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-25 20:16 - 2015-08-25 20:16 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-01 13:12 - 2015-09-01 13:12 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15090100\algo.dll
2010-09-26 02:13 - 2010-05-31 22:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-09-26 02:13 - 2010-05-31 22:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-04-13 19:13 - 2015-04-13 19:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00131072 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
2015-09-01 15:18 - 2015-09-01 15:18 - 00012800 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00009728 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00014848 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\src\rgloader\rgloader193.mswin.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00009216 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00126976 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00087552 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00016384 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00127316 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\bin\libffi-6.dll
2015-09-01 15:18 - 2015-09-01 15:18 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00013312 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00095744 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00026624 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00012800 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00009728 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00014848 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\src\rgloader\rgloader193.mswin.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00118784 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00069120 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00083968 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\bin\zlib1.dll
2015-09-01 15:19 - 2015-09-01 15:19 - 00026624 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00275968 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00015360 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008192 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00009216 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00023552 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00036352 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00126976 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00087552 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00016384 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00127316 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\bin\libffi-6.dll
2015-09-01 15:19 - 2015-09-01 15:19 - 00013312 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00095744 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00026624 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2010-09-26 02:03 - 2010-07-15 14:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00015872 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00109568 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-09-01 14:58 - 2015-09-01 14:58 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-12-26 14:46 - 2015-09-01 14:58 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\************\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^************^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\************\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_62942BFCAE6D711F261C0BCDE4F08C48 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EC41491FFFB82719F333251D3E47D044 => "C:\Users\************\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C27FB7A0-9176-4448-9E22-84EA4F3B6040}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98544CE9-C918-47E6-B5AD-74795065C524}] => (Allow) svchost.exe
FirewallRules: [{D8957376-7B9F-4719-B292-35C375AE94D2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0FF9A673-6892-4BB3-9FBA-BAC2C1C765DD}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{957820F8-C05E-498A-8675-11B9E544C3D0}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3F94DA65-34F1-4BCB-9300-832F71C5413B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C3296F8-9B4F-4883-AA3E-4D17F17BEAFB}] => (Allow) LPort=2869
FirewallRules: [{7F06C403-3DBC-4EB3-886E-2EE52BF61B86}] => (Allow) LPort=1900
FirewallRules: [{91E2D94A-ACE6-49DD-BA00-CC62DD851604}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{C620E821-0BE8-4BF4-B8E5-E569FE83F96B}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E7415822-9D98-402C-9AB7-5887F84E457C}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{56041CF5-6C1E-499E-B4BE-EAB28111F107}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{58C29BC8-35BA-4593-B31C-234A1C122DE0}] => (Allow) C:\Users\************\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{EC0E32DE-0AE2-4F65-8749-DEB021F27058}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1E16D9F-4D3F-48B9-81E6-D5C92031C283}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42F649AA-F706-45EF-8D8F-FAC78A36E113}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2015 02:11:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/31/2015 05:16:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/31/2015 04:54:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/30/2015 07:55:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x800706be).

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (09/01/2015 03:18:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/01/2015 02:20:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/01/2015 02:18:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VAIO Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (09/01/2015 02:11:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/31/2015 05:16:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/31/2015 04:54:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/30/2015 07:55:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x800706be

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)


CodeIntegrity:
===================================
  Date: 2015-08-30 19:45:10.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-30 19:45:10.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 3950.1 MB
Available physical RAM: 2108.03 MB
Total Virtual: 7898.4 MB
Available Virtual: 5638.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.02 GB) (Free:324.78 GB) NTFS
Drive d: () (Fixed) (Total:29.8 GB) (Free:7.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 30E49EA1)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 50F07916)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== End of Addition.txt ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 AM

Posted 01 September 2015 - 03:06 PM

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    C:\Users\************\AppData\Local\Temp\sqlite3.dll
    Task: {B4758DBA-FC22-4A0A-AF4E-3384848475AF} - \LaunchSignup -> No File <==== ATTENTION
    Task: {DA058E63-109B-4980-AA8E-5B7E074CEDB1} - \ArcadeTwist Updater -> No File <==== ATTENTION
    
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 01 September 2015 - 03:41 PM

Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by *********** (2015-09-01 16:14:04) Run:1
Running from C:\Users\***********\Desktop
Loaded Profiles: *********** (Available Profiles: boinc_master & ***********)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\************\AppData\Local\Temp\sqlite3.dll
Task: {B4758DBA-FC22-4A0A-AF4E-3384848475AF} - \LaunchSignup -> No File <==== ATTENTION
Task: {DA058E63-109B-4980-AA8E-5B7E074CEDB1} - \ArcadeTwist Updater -> No File <==== ATTENTION
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}" => key removed successfully
HKCR\CLSID\{9143e921-7c9a-4d27-ac43-eaccc78cc55a} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"C:\Users\************\AppData\Local\Temp\sqlite3.dll" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4758DBA-FC22-4A0A-AF4E-3384848475AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4758DBA-FC22-4A0A-AF4E-3384848475AF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA058E63-109B-4980-AA8E-5B7E074CEDB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA058E63-109B-4980-AA8E-5B7E074CEDB1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ArcadeTwist Updater => key not found.

==== End of Fixlog 16:14:05 ====

 

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by *********** (administrator) on ****** (01-09-2015 16:16:08)
Running from C:\Users\***********\Desktop
Loaded Profiles: *********** (Available Profiles: boinc_master & ***********)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
(http://www.ruby-lang.org/) C:\Users\***********\AppData\Local\Temp\ocrDB21.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\***********\AppData\Local\Temp\ocr909B.tmp\bin\rubyw.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-25] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-09-26]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{945505D3-E045-4D91-A84D-0EE4554BB763}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-25] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

FireFox:
========
FF ProfilePath: C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxps://duckduckgo.com/
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\***********\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @talk.google.com/O1DPlugin -> C:\Users\***********\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @tools.google.com/Google Update;version=3 -> C:\Users\***********\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3293407027-2010405097-4186800853-1006: @tools.google.com/Google Update;version=9 -> C:\Users\***********\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\***********\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\***********\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Ghostery - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\firefox@ghostery.com.xpi [2015-08-30]
FF Extension: Flash Control - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-08-30]
FF Extension: RequestPolicy - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\requestpolicy@requestpolicy.com.xpi [2015-08-30]
FF Extension: uBlock Origin - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\uBlock0@raymondhill.net.xpi [2015-08-30]
FF Extension: Zoom Page - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\zoompage@DW-dev.xpi [2015-08-30]
FF Extension: Adblock Plus - C:\Users\***********\AppData\Roaming\Mozilla\Firefox\Profiles\srteaz25.default-1440961201464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-23]

Chrome:
=======
CHR StartupUrls: Default -> "https://duckduckgo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Adblock Plus) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-30]
CHR Extension: (uBlock Origin) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-08-30]
CHR Extension: (Google Search) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Flashcontrol) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-08-30]
CHR Extension: (Ghostery) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (ScriptSafe) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-08-30]
CHR Extension: (Gmail) - C:\Users\***********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-25] (AVAST Software)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [53248 2012-02-09] (Digital Delivery Networks, Inc.) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-25] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel® Corporation) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U2 MSSQL$DDNI; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 16:16 - 2015-09-01 16:16 - 00022272 _____ C:\Users\***********\Desktop\FRST.txt
2015-09-01 16:13 - 2015-09-01 16:13 - 00000000 ____D C:\Users\***********\Desktop\FRST-OlderVersion
2015-09-01 15:50 - 2015-09-01 16:16 - 00000000 ____D C:\Users\***********\Desktop\Scans
2015-09-01 15:22 - 2015-09-01 15:23 - 00006773 _____ C:\Windows\WindowsUpdate.log
2015-09-01 15:19 - 2015-09-01 16:13 - 02188800 _____ (Farbar) C:\Users\***********\Desktop\FRST64.exe
2015-09-01 14:59 - 2015-09-01 14:59 - 00003166 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-09-01 14:37 - 2015-09-01 14:37 - 03748507 _____ C:\Users\***********\Desktop\bookmarks_9_1_15.html
2015-09-01 14:12 - 2015-09-01 14:18 - 00000000 ____D C:\AdwCleaner
2015-09-01 13:10 - 2015-09-01 13:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1ED220B4.sys
2015-08-31 01:57 - 2015-09-01 16:16 - 00000000 ____D C:\FRST
2015-08-31 00:20 - 2015-08-31 00:20 - 00461353 _____ C:\Users\***********\AppData\Local\census.cache
2015-08-31 00:19 - 2015-08-31 00:19 - 00182123 _____ C:\Users\***********\AppData\Local\ars.cache
2015-08-30 20:28 - 2015-08-30 20:28 - 00000010 _____ C:\Users\***********\AppData\Local\sponge.last.runtime.cache
2015-08-30 20:03 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-08-30 20:01 - 2015-08-30 20:01 - 00000036 _____ C:\Users\***********\AppData\Local\housecall.guid.cache
2015-08-30 19:54 - 2015-08-30 19:54 - 00000000 ___SD C:\ComboFix
2015-08-30 19:48 - 2015-08-30 19:48 - 00027671 _____ C:\ComboFix.txt
2015-08-30 19:35 - 2015-08-30 19:47 - 00000000 ____D C:\Windows\erdnt
2015-08-30 19:35 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-30 19:10 - 2015-08-30 19:10 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 19:10 - 2015-08-30 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-30 18:49 - 2015-08-30 18:49 - 00003242 _____ C:\Windows\System32\Tasks\{A61ECBE8-940B-44AD-96AC-BDE8616DC981}
2015-08-30 18:47 - 2015-09-01 16:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 18:47 - 2015-08-30 18:47 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-30 18:47 - 2015-08-30 18:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-30 18:47 - 2015-08-30 18:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-30 18:42 - 2015-08-30 18:42 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-30 18:20 - 2015-08-30 18:20 - 00003254 _____ C:\Windows\System32\Tasks\{ACA1C63D-1850-48D1-98FE-1605A6E53088}
2015-08-30 15:37 - 2015-08-30 15:37 - 00000000 ____D C:\Users\***********\AppData\Roaming\Sun
2015-08-30 15:37 - 2015-08-30 15:37 - 00000000 ____D C:\Users\***********\.oracle_jre_usage
2015-08-30 15:35 - 2015-08-30 15:35 - 00018230 _____ C:\Windows\system32\.crusader
2015-08-30 14:43 - 2015-08-30 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-30 14:34 - 2015-08-30 14:34 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-30 12:26 - 2015-08-30 12:26 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-28 20:36 - 2015-08-28 20:36 - 00000061 _____ C:\Windows\dcmvwr.INI
2015-08-25 20:16 - 2015-08-25 20:16 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-25 20:16 - 2015-08-25 20:16 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-24 21:05 - 2015-08-24 21:05 - 00000000 ____D C:\Users\***********\Documents\Sony PMB
2015-08-19 03:01 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 03:01 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 03:01 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 03:01 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 03:18 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:18 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 18:35 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 18:35 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 18:35 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 18:35 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 18:35 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 18:35 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 18:35 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 18:35 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 18:35 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 18:35 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 18:35 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 18:35 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 18:35 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 18:35 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 18:35 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 18:35 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 18:35 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 18:35 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 18:35 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 18:35 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 18:35 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 18:35 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 18:35 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 18:35 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 18:35 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 18:35 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 18:35 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 18:35 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 18:35 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 18:35 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 18:35 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 18:35 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 18:35 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 18:35 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 18:35 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 18:35 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 18:35 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 18:35 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 18:35 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 18:35 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 18:35 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 18:35 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 18:35 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 18:35 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 18:35 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 18:35 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 18:35 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 18:35 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 18:35 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 18:35 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 18:35 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 18:35 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 18:35 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 18:35 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 18:35 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 18:35 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 18:31 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 18:31 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 18:31 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 18:31 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 18:31 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 18:31 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 18:31 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 18:31 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 18:31 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 18:31 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 18:31 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 18:31 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 18:31 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 18:31 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 18:31 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 18:31 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 18:31 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 18:31 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 18:31 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 18:31 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 18:31 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 18:31 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 18:31 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 18:31 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 18:31 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 18:31 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 18:31 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 18:31 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 18:31 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 18:31 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 18:31 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 18:31 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 18:31 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 18:31 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 18:31 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 18:31 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 18:31 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 18:31 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 18:30 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 18:30 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 18:30 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 18:30 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 18:30 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 18:30 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 18:30 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 18:28 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 18:28 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 18:28 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 18:28 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 18:28 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 18:28 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 18:28 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 18:28 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 18:28 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 18:28 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 18:28 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 18:28 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 18:28 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 18:28 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 18:28 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 18:28 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 18:28 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 18:28 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 18:28 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 18:28 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 18:28 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 18:28 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 18:28 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 18:19 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 20:16 - 2015-08-12 00:16 - 00000096 _____ C:\Users\***********\AppData\Roaming\WB.CFG
2015-08-09 19:24 - 2015-08-09 19:24 - 00000000 ____D C:\Users\***********\AppData\Local\Chromium
2015-08-09 19:16 - 2015-08-12 01:16 - 00000000 ____D C:\Users\***********\AppData\Local\{5F17694B-7BBF-05F3-1627-201B324FDC83}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 15:28 - 2009-07-14 00:45 - 00020032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 15:28 - 2009-07-14 00:45 - 00020032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 15:23 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 15:18 - 2010-09-26 01:49 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-01 15:17 - 2014-07-15 14:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 15:17 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 15:00 - 2014-12-26 14:46 - 00000000 ____D C:\Program Files\pia_manager
2015-09-01 13:13 - 2011-04-26 14:07 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1A2EEA1-49B1-4613-9157-EF2C0268F630}
2015-09-01 13:11 - 2013-05-23 17:01 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-31 02:36 - 2010-09-26 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayStation Tools
2015-08-31 02:36 - 2010-07-12 17:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-31 02:35 - 2010-09-26 02:03 - 00000000 ____D C:\Program Files (x86)\Sony
2015-08-30 19:58 - 2011-04-26 15:03 - 00000000 ____D C:\Users\***********\AppData\Roaming\vlc
2015-08-30 19:48 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-08-30 19:45 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-08-30 19:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2015-08-30 19:12 - 2013-11-03 18:06 - 00000000 ____D C:\ProgramData\Oracle
2015-08-30 19:11 - 2011-04-26 15:05 - 00000000 ____D C:\Users\***********\AppData\Local\Adobe
2015-08-30 19:09 - 2014-08-20 06:22 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-30 18:59 - 2011-04-26 14:14 - 00000000 ____D C:\Program Files\CCleaner
2015-08-30 18:43 - 2013-10-13 00:45 - 00000831 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-30 18:34 - 2011-04-26 15:40 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2015-08-30 18:28 - 2011-04-26 14:14 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-30 15:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-30 15:43 - 2013-04-14 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-30 15:37 - 2011-04-26 10:06 - 00000000 ____D C:\Users\***********
2015-08-30 15:35 - 2013-05-23 16:43 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-30 14:48 - 2010-09-26 02:02 - 00000000 ____D C:\ProgramData\Skype
2015-08-30 13:59 - 2010-09-26 01:49 - 00000000 ____D C:\Program Files\Google
2015-08-30 13:59 - 2010-09-26 01:49 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-30 13:59 - 2009-07-14 01:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-30 12:41 - 2011-04-26 14:08 - 00000000 ____D C:\Users\***********\AppData\Local\Google
2015-08-30 12:38 - 2010-09-26 01:49 - 00000000 ____D C:\ProgramData\Google
2015-08-30 12:33 - 2014-07-15 14:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-30 12:26 - 2014-07-15 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-30 12:07 - 2014-12-26 14:35 - 00000000 __SHD C:\Users\***********\AppData\Local\EmieUserList
2015-08-30 12:07 - 2014-12-26 14:35 - 00000000 __SHD C:\Users\***********\AppData\Local\EmieSiteList
2015-08-30 12:07 - 2014-12-26 14:35 - 00000000 __SHD C:\Users\***********\AppData\Local\EmieBrowserModeList
2015-08-30 00:07 - 2010-09-26 01:49 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 00:07 - 2010-09-26 01:49 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-30 00:07 - 2010-09-26 01:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 03:29 - 2011-05-11 15:42 - 00000000 ____D C:\Users\***********\Documents\A2 - Business Start-up
2015-08-25 20:16 - 2014-04-21 18:19 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-25 20:16 - 2014-01-06 10:38 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-25 20:16 - 2013-05-23 17:01 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-25 02:38 - 2011-05-11 15:45 - 00000000 ____D C:\Users\***********\Documents\A1 - Interior Design
2015-08-22 19:34 - 2014-09-13 02:44 - 00000000 ____D C:\Users\***********\Documents\Travel
2015-08-21 07:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-21 07:01 - 2011-05-26 11:44 - 00000000 ____D C:\Users\***********\AppData\Local\CrashDumps
2015-08-16 14:37 - 2015-02-01 01:35 - 00002002 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-16 14:37 - 2015-02-01 01:35 - 00002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-16 14:37 - 2015-02-01 01:35 - 00001990 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-16 14:37 - 2015-02-01 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-12 03:39 - 2009-07-14 00:45 - 00364448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:35 - 2014-12-10 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:35 - 2014-07-10 03:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:10 - 2013-08-05 00:53 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:02 - 2011-04-26 14:25 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-09 19:17 - 2011-05-11 15:33 - 00000000 ____D C:\Users\***********\Documents\******** Misc
2015-08-09 19:16 - 2013-08-01 06:25 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-09 19:16 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-09 19:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

==================== Files in the root of some directories =======

2015-08-09 20:16 - 2015-08-12 00:16 - 0000096 _____ () C:\Users\***********\AppData\Roaming\WB.CFG
2015-08-31 00:19 - 2015-08-31 00:19 - 0182123 _____ () C:\Users\***********\AppData\Local\ars.cache
2015-08-31 00:20 - 2015-08-31 00:20 - 0461353 _____ () C:\Users\***********\AppData\Local\census.cache
2015-08-30 20:01 - 2015-08-30 20:01 - 0000036 _____ () C:\Users\***********\AppData\Local\housecall.guid.cache
2013-11-17 22:38 - 2013-11-17 22:38 - 0007605 _____ () C:\Users\***********\AppData\Local\Resmon.ResmonCfg
2015-08-30 20:28 - 2015-08-30 20:28 - 0000010 _____ () C:\Users\***********\AppData\Local\sponge.last.runtime.cache
2011-09-02 20:43 - 2011-09-02 20:48 - 0000000 _____ () C:\Users\***********\AppData\Local\{96BB1963-E44D-4EAB-82F0-CE4E36001D84}
2014-02-24 14:38 - 2014-02-24 14:38 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-05-18 14:54 - 2011-05-18 14:54 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2012-05-25 14:48 - 2012-05-25 19:23 - 0000903 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\***********\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 00:09

==================== End of FRST.txt ============================

 

Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by ************ (2015-09-01 16:16:47)
Running from C:\Users\************\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3293407027-2010405097-4186800853-500 - Administrator - Disabled)
boinc_master (S-1-5-21-3293407027-2010405097-4186800853-1000 - Limited - Enabled) => C:\Users\boinc_master
boinc_project (S-1-5-21-3293407027-2010405097-4186800853-1001 - Limited - Enabled)
************ (S-1-5-21-3293407027-2010405097-4186800853-1006 - Administrator - Enabled) => C:\Users\************
Guest (S-1-5-21-3293407027-2010405097-4186800853-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3293407027-2010405097-4186800853-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.804 - Corel Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 6510 series Product Improvement Study (HKLM\...\{85CB0687-0239-473E-943B-E8AFEE6E044C}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 3.4 (HKLM-x32\...\{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}) (Version: 3.4.302 - LibreOffice)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.1 - DDNi)
OOBE (x32 Version: 3.10.0630 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.3.00.06040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.11.4.20100722.2739 - Sony Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VAIO - Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.3.00.06040 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.3.0.05310 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (x32 Version: 2.2.00.05120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.2.0.07020 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}) (Version: 12.00.0622 - Sony Corporation)
VAIO Manual (x32 Version: 1.1.0.05280 - Sony Corporation) Hidden
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Quick Web Access (x32 Version: 1.3.4.2 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.2.0.06230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\************\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3293407027-2010405097-4186800853-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\************\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

31-08-2015 01:17:05 Scheduled Checkpoint
31-08-2015 02:22:33 Removed Microsoft Office 2010
31-08-2015 02:36:00 Removed Remote Play with PlayStation®3
01-09-2015 13:19:01 Windows Update
01-09-2015 14:01:30 JRT Pre-Junkware Removal
01-09-2015 14:01:43 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-08-30 19:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04199D50-2935-4184-B950-7AF1D95DB899} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
Task: {04298E1A-97B1-4975-A7EC-DE09CD2D45CF} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {0912426F-92C7-4159-BAC4-11CD1A3C4495} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {17656D5E-E007-44F8-828B-3561E8D17E57} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)
Task: {1B541244-06A2-46B0-AF54-C4336EAB82C0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {20B2056C-9B18-4EEC-9A83-5450024ED8B6} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {249AAE9D-57EB-42E2-8766-E1C03CE61623} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {25515BF0-28C3-4F59-9076-8911F55B0267} - System32\Tasks\{A61ECBE8-940B-44AD-96AC-BDE8616DC981} => pcalua.exe -a "C:\Users\************\Downloads\Program Downloads\jxpiinstall.exe" -d "C:\Users\************\Downloads\Program Downloads"
Task: {25D4C478-00D1-40A4-88C3-106ED23B762C} - System32\Tasks\{ACA1C63D-1850-48D1-98FE-1605A6E53088} => pcalua.exe -a "C:\Users\************\Downloads\Program Downloads\AdobeAIRInstaller.exe" -d "C:\Users\************\Downloads\Program Downloads"
Task: {2CBD1754-42F1-44AC-81B4-4837608B2E96} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {2DBC158D-5F29-40E2-B510-574DA71210D4} - System32\Tasks\SONY\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {2F611C97-FC0D-4EF1-92B4-CBEF7A5436F9} - \GeniusBox -> No File <==== ATTENTION
Task: {3A1E4E62-F5E0-48B5-9D13-4AF093125D16} - \DonutQuotes -> No File <==== ATTENTION
Task: {3FB9EA0B-6D92-4A55-8633-AF05DF94D54C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: {414A2366-C8BC-4D61-9640-5E71954F25F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4BB1E49C-BC46-4384-B422-8744F51CA9AA} - System32\Tasks\avastBCLRestartS-1-5-21-3293407027-2010405097-4186800853-1006 => Chrome.exe
Task: {50BB6F9F-B6B6-4C1C-A34B-BD1200B33F4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-30] (Adobe Systems Incorporated)
Task: {5374FAD8-C223-4595-8DA2-4C379A50C589} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2012-10-26] (Sony Corporation)
Task: {54B4BBD0-69B3-41F9-9A2C-B0C5FED7EB57} - \ArcadeTwist Support -> No File <==== ATTENTION
Task: {5CE1403B-3D58-43DD-A749-EA4312FCBCA6} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {7CFC2B2D-6D16-4EEE-8DA3-E03E09075CF4} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {7D5E2E80-B186-4E31-B937-8F19691C29D6} - System32\Tasks\{89271065-19C5-4ED8-8FEB-7AE7B956D486} => pcalua.exe -a "C:\Users\************\Downloads\Program Downloads\SOAOTH-00263500-1040.EXE" -d "C:\Users\************\Downloads\Program Downloads"
Task: {7DF6673B-2029-4180-9CB8-BB58DB139C87} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {870B6D14-E1ED-4E43-B75B-7E63B7FA624B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (AVAST Software)
Task: {8DD46D3F-2906-44B7-8501-605B87BDA140} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {954D9729-DDED-4721-8E59-420081A22850} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {95CC060D-44A3-41DF-B6AB-E36E78CEBD8D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {9F0105A6-5DB6-4BDD-8C51-687E3BD0BC78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A2889AA2-CD9D-4FC2-A9C3-205E1D767418} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-09-01] ()
Task: {A43CC6B3-4E4F-44DD-B0EF-E75746CDBE15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {AAEFFFD9-A364-459D-82B9-57B44DC5A36A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {B0AC0B35-84F2-4257-8686-4921BA3E4FB6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {BF743497-4285-4B68-A09A-C8CC65A68F5E} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {C09505FD-F20D-4B53-A647-D36D2217F4AE} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {C3DB091B-7D16-4502-AD3A-B988DA3D8BA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D5EBE446-4E0B-4F22-87C1-064497FC406E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {E45268E6-CFCE-4281-9768-995BD80B9303} - System32\Tasks\Sony\ATI Catalyst => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-20] (Advanced Micro Devices, Inc.)
Task: {EA765F64-27CC-4869-A649-9E3FCF46FBF1} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-06-22] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-05-26 11:55 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2010-08-24 14:39 - 2010-08-24 14:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-26 15:22 - 2011-04-26 15:22 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00471464 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00148904 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_foreground_window_input.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00022504 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00023552 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00040952 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
2010-09-26 02:03 - 2010-07-15 14:07 - 00184816 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
2013-02-22 18:30 - 2013-02-22 15:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
2013-02-22 18:30 - 2013-02-22 15:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-09-01 14:58 - 2015-09-01 14:58 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-09-01 14:58 - 2015-09-01 14:58 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2012-01-02 00:12 - 2011-02-25 18:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2015-08-25 20:16 - 2015-08-25 20:16 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-25 20:16 - 2015-08-25 20:16 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-01 13:12 - 2015-09-01 13:12 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15090100\algo.dll
2010-09-26 02:13 - 2010-05-31 22:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-09-26 02:13 - 2010-05-31 22:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-04-13 19:13 - 2015-04-13 19:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00131072 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
2015-09-01 15:18 - 2015-09-01 15:18 - 00012800 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00009728 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00014848 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\src\rgloader\rgloader193.mswin.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00009216 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00126976 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00087552 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00016384 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00127316 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\bin\libffi-6.dll
2015-09-01 15:18 - 2015-09-01 15:18 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00013312 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-09-01 15:18 - 2015-09-01 15:18 - 00095744 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00026624 _____ () C:\Users\************\AppData\Local\Temp\ocrDB21.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00012800 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00009728 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00014848 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\src\rgloader\rgloader193.mswin.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00094208 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00118784 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00069120 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00083968 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\bin\zlib1.dll
2015-09-01 15:19 - 2015-09-01 15:19 - 00026624 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00275968 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00015360 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008192 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00009216 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00023552 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00008704 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00036352 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00126976 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00087552 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00016384 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00127316 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\bin\libffi-6.dll
2015-09-01 15:19 - 2015-09-01 15:19 - 00013312 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00095744 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-09-01 15:19 - 2015-09-01 15:19 - 00026624 _____ () C:\Users\************\AppData\Local\Temp\ocr909B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2010-09-26 02:03 - 2010-07-15 14:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00015872 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2010-09-26 02:03 - 2010-07-15 14:07 - 00109568 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-12-26 14:46 - 2015-09-01 14:58 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-09-01 14:58 - 2015-09-01 14:58 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-12-20 10:29 - 2014-12-20 10:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-07-12 17:29 - 2010-03-03 23:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3293407027-2010405097-4186800853-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\************\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^************^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\************\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_62942BFCAE6D711F261C0BCDE4F08C48 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EC41491FFFB82719F333251D3E47D044 => "C:\Users\************\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C27FB7A0-9176-4448-9E22-84EA4F3B6040}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98544CE9-C918-47E6-B5AD-74795065C524}] => (Allow) svchost.exe
FirewallRules: [{D8957376-7B9F-4719-B292-35C375AE94D2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0FF9A673-6892-4BB3-9FBA-BAC2C1C765DD}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{957820F8-C05E-498A-8675-11B9E544C3D0}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3F94DA65-34F1-4BCB-9300-832F71C5413B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C3296F8-9B4F-4883-AA3E-4D17F17BEAFB}] => (Allow) LPort=2869
FirewallRules: [{7F06C403-3DBC-4EB3-886E-2EE52BF61B86}] => (Allow) LPort=1900
FirewallRules: [{91E2D94A-ACE6-49DD-BA00-CC62DD851604}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{C620E821-0BE8-4BF4-B8E5-E569FE83F96B}] => (Allow) C:\Users\************\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E7415822-9D98-402C-9AB7-5887F84E457C}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{56041CF5-6C1E-499E-B4BE-EAB28111F107}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{58C29BC8-35BA-4593-B31C-234A1C122DE0}] => (Allow) C:\Users\************\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{EC0E32DE-0AE2-4F65-8749-DEB021F27058}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1E16D9F-4D3F-48B9-81E6-D5C92031C283}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42F649AA-F706-45EF-8D8F-FAC78A36E113}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2015 02:11:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/31/2015 05:16:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/31/2015 04:54:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/30/2015 07:55:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x800706be).

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (09/01/2015 03:18:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/01/2015 02:20:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/01/2015 02:18:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VAIO Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/01/2015 02:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (09/01/2015 02:11:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/31/2015 05:16:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/31/2015 04:54:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/30/2015 07:55:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x800706be

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2015 07:26:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/30/2015 07:26:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)


CodeIntegrity:
===================================
  Date: 2015-08-30 19:45:10.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-30 19:45:10.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 3950.1 MB
Available physical RAM: 2294.64 MB
Total Virtual: 7898.4 MB
Available Virtual: 5702.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.02 GB) (Free:324.75 GB) NTFS
Drive d: () (Fixed) (Total:29.8 GB) (Free:7.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 30E49EA1)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 50F07916)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

 

ESET log when scan complete

 

tbc...



#8 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 01 September 2015 - 06:45 PM

ESET reported no threats found so no log option available.



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 AM

Posted 02 September 2015 - 05:02 AM

How is your system running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 02 September 2015 - 12:58 PM

Computer seems to be normal with unknown processes running, all browsers are good with no ads or unknown add-ons/extensions/toolbars/etc.

 

Edit:

 

I noticed in your FRST Fix on the previous page in the supplied code, third line from the bottom:

 

C:\Users\************\AppData\Local\Temp\sqlite3.dll

 

It seems I should have replaced the asterisks with the actual user name that I blocked out? This is my fault as I should have better reviewed before running this. Should I run this again with the correct information in place?

 

 

Also, while reviewing the above scan logs and looking at registry entries, I came across the following:

 

HKEY_CURRENT_USER "Software iLivid iLivid" Default REG_SZ (value not set)

 

While searching the logs, nothing seems to pertain to this entry and perhaps it was removed with a previous malware tool but can/should the registy entry be deleted as well?

 

Thank you again for your assistance!


Edited by 0@sis, 03 September 2015 - 01:05 AM.


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 AM

Posted 03 September 2015 - 04:51 AM

t seems I should have replaced the asterisks with the actual user name that I blocked out?

You can do it, but it isn't needed as this is just one Temp entry.

HKEY_CURRENT_USER "Software iLivid iLivid" Default REG_SZ (value not set)

We could delete this entry if you like.

Make sure this key exists: HKEY_CURRENT_USER\Software\iLivid

If it exsists then delete it.

 

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 03 September 2015 - 05:11 AM

Okay, great and thank you for your assistance.

 

 

# DelFix v1.011 - Logfile created 03/09/2015 at 06:02:13
# Updated 18/08/2015 by Xplode
# Username : *********** - *******
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\***********\Downloads\ComboFix.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #293 [ComboFix created restore point | 09/03/2015 09:08:09]
Deleted : RP #294 [Adblock Plus for IE | 09/03/2015 09:36:20]
Deleted : RP #295 [Adblock Plus for IE | 09/03/2015 09:39:14]
Deleted : RP #296 [Adblock Plus for IE | 09/03/2015 09:41:40]

New restore point created !

########## - EOF - ##########
 



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 AM

Posted 03 September 2015 - 05:12 AM

You are most welcome. :)

 

Do you have any further questions?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 03 September 2015 - 03:41 PM

No further questions. You've been very helpful, thank you again.


Edited by 0@sis, 03 September 2015 - 07:09 PM.


#15 0@sis

0@sis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:12 AM

Posted 03 September 2015 - 07:09 PM

Tried editing my previous post....

 

It appears I do have an issue I came across that is bothering me.

I'm trying to uninstall Adobe Air without success. When I select uninstall, nothing happens. The process window shows ADOBE~1.EXE *32 Adobe Air Installer and that remains until I end the process. I've also tried with Revo Uninstaller and that hangs at around 75% without ever completing.

Not sure if this is something for a different part of the forum but I'd like to try and resolve it.


Thank you again, you've been very helpful!

 

Edit:

 

I was able uninstall Adobe Air with Revo by ending the ADOBE~1.EXE *32 while Revo was hanging which let it complete the uninstall and search for additional files. Once Revo went through looking for leftover files and I deleted the Adobe Air folder with the ^ process in it, I went back in Revo and ran again it seems to have removed Adobe Air.


Edited by 0@sis, 03 September 2015 - 07:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users