Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outbound Traffic - Security Issue [Solved]

Started by orwellian1984 , Aug 11 2015 01:22 AM
Outbound Outbound Traffic Security Norton 360 Security Request Suspicious Outbound Activity

  • This topic is locked This topic is locked

#1
orwellian1984
Posted 11 August 2015 - 01:22 AM

orwellian1984

    Member

  • Member
  • PipPip
  • 13 posts

Hello.  Thankyou in advance for taking the time to look over my request for help.
 
For a little over a month I have had Norton 360 running on my computer; previously I was running Malwarebytes Premium. 
 
I noticed that i have been getting more frequent malware alerts, fake pop-up alerts and spam in general over the past two to three months; not sure why though as my browsing and computer usage habits haven't changed from what they were prior to this greater number of prompts appearing.
 
I started receiving this message about half a week ago and it pops up continuiously as soon as i am connected to the net.  I have used Norton Power Tool to quaranteen suspect applications, but the pop-is still appearing regularly.
Capture.JPG
 
Have attached information from scan below for your perousal.
 
Please let me know if you have any suggestions about what i might do to try and fix this message from appearing anymore.
 
Also, on a side note, i have been receiving warnings about certain IP addresses attempting to hijack my computers applications and hardware at times.  Could you elaborate on exactly what this means.  If the source IP address is an american miltiary base, for what purpose would they have of doing this? (Please stick to the main thread about the Norton Power Erasor subject matter before this)
 
Kind Regards
 
J.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by Val (administrator) on JOEL (11-08-2015 16:25:52)
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9650720 2010-02-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [316784 2010-01-16] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-22] (Sony Corporation)
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-02-25] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.net/...php?referid=118
HKU\S-1-5-21-986212026-379418426-1859886101-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.com....nline.sony.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Toolbar: HKLM - No Name - {BA3E8250-8530-434F-B82F-B15AE5168E0A} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{42B4665E-1DB9-497C-90A7-B22F90104425}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FDF61F8A-62B0-421A-BF8F-42EA3217BC2E}: [DhcpNameServer] 192.168.0.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-986212026-379418426-1859886101-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Val\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-23] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mystartsearch.xml [2015-07-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\omiga-plus.xml [2014-06-29]
FF Extension: AllSaveer - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\[email protected] [2015-07-24]
FF Extension: No Name - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-11]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AntiPorn Pro  The best AntiPorn addon) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2015-07-24]
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (AdBlock) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (AntiPorn Pro  The best AntiPorn addon) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2015-07-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-25]
CHR Extension: (Google Wallet) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] () [File not signed]
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-08] (Electronic Arts)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-09] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-19] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150809.001\IDSvia64.sys [692984 2015-08-07] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.009\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.009\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-31] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 16:25 - 2015-08-11 16:26 - 00022814 _____ C:\Users\Val\Desktop\FRST.txt
2015-08-11 16:25 - 2015-08-11 16:25 - 00000000 ____D C:\FRST
2015-08-11 15:41 - 2015-08-11 15:41 - 02171392 _____ (Farbar) C:\Users\Val\Desktop\FRST64.exe
2015-08-11 00:33 - 2015-08-11 16:20 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-08-09 23:02 - 2015-08-09 23:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-08-09 22:54 - 2015-08-09 22:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-08-09 12:00 - 2015-08-09 12:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-07 12:11 - 2015-08-07 12:11 - 00000000 __SHD C:\found.000
2015-08-06 16:54 - 2015-08-11 16:20 - 00004934 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel
2015-08-05 09:14 - 2015-08-05 09:14 - 00000000 ____D C:\Users\Val\AppData\OICE_15_974FA576_32C1D314_3F31
2015-07-31 19:59 - 2015-08-09 13:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-07-31 09:13 - 2015-07-31 09:13 - 00003118 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2015-07-31 09:13 - 2015-07-31 09:13 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2015-07-31 09:13 - 2015-07-31 09:13 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-07-30 22:13 - 2015-08-11 00:16 - 00000000 ____D C:\NPE
2015-07-30 22:07 - 2015-08-11 15:20 - 00000000 ____D C:\Users\Val\AppData\Local\NPE
2015-07-29 14:46 - 2015-07-26 04:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-29 14:46 - 2015-07-26 04:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-29 14:46 - 2015-07-26 04:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-29 14:46 - 2015-07-26 03:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-25 23:15 - 2015-07-25 23:15 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 20:05 - 2015-08-07 17:44 - 00000000 ____D C:\Users\Val\AppData\Local\CrashDumps
2015-07-24 10:39 - 2015-07-24 10:39 - 00003102 _____ C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95}
2015-07-24 10:21 - 2015-08-09 22:55 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-24 10:21 - 2015-08-09 12:22 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-24 10:21 - 2015-08-09 12:22 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-24 10:21 - 2015-08-09 12:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-24 10:20 - 2015-08-09 22:54 - 00002185 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-24 10:19 - 2015-08-09 22:55 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-24 10:19 - 2015-07-24 10:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2015-07-24 03:21 - 2015-07-24 03:21 - 00000000 ____D C:\Program Files (x86)\AllSaveer
2015-07-24 03:01 - 2015-07-24 10:49 - 00000000 ____D C:\Program Files (x86)\UpgraderLite
2015-07-23 11:54 - 2015-08-11 14:52 - 00041776 _____ C:\Windows\PFRO.log
2015-07-23 11:51 - 2015-07-23 11:51 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-23 11:51 - 2015-07-23 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-23 11:50 - 2015-07-23 11:51 - 00000000 ____D C:\Program Files\iTunes
2015-07-23 11:50 - 2015-07-23 11:50 - 00000000 ____D C:\Program Files\iPod
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files\Bonjour
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-23 11:44 - 2015-07-23 11:44 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-22 21:37 - 2015-08-11 16:18 - 00003472 _____ C:\Windows\setupact.log
2015-07-22 21:37 - 2015-07-22 21:37 - 00000000 _____ C:\Windows\setuperr.log
2015-07-21 11:51 - 2015-07-15 13:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 11:51 - 2015-07-15 13:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 11:51 - 2015-07-15 13:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 11:51 - 2015-07-15 13:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 11:51 - 2015-07-15 12:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 11:51 - 2015-07-15 12:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 11:51 - 2015-07-15 12:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 11:51 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 11:51 - 2015-07-15 11:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 11:51 - 2015-07-15 11:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-17 23:57 - 2015-07-17 23:57 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-17 23:09 - 2015-08-11 16:21 - 01589550 _____ C:\Windows\WindowsUpdate.log
2015-07-17 07:15 - 2015-07-17 07:15 - 00000000 _____ C:\Users\Val\AppData\Roaming\ED1A.tmp
2015-07-15 16:26 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Public\Documents\EA Games
2015-07-15 16:23 - 2015-07-15 16:23 - 00001700 _____ C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2015-07-15 16:23 - 2015-07-15 16:23 - 00001690 _____ C:\Users\Public\Desktop\The Sims 2 Body Shop.lnk
2015-07-15 16:23 - 2015-07-15 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2015-07-15 15:57 - 2015-07-15 16:00 - 00000000 ____D C:\Program Files (x86)\The Sims 2 Ultimate Collection
2015-07-15 15:57 - 2015-07-15 15:57 - 00000000 ____D C:\Users\Val\Documents\EA Games
2015-07-15 14:00 - 2015-07-15 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-07-15 12:05 - 2015-07-10 03:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 12:05 - 2015-07-10 03:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 12:05 - 2015-07-10 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 12:05 - 2015-07-10 03:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 12:05 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 12:05 - 2015-07-03 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 12:05 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 12:05 - 2015-07-03 06:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 12:05 - 2015-07-03 06:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 12:05 - 2015-07-03 06:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 12:05 - 2015-07-03 06:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 12:05 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 12:05 - 2015-07-03 06:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 12:05 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 12:05 - 2015-07-03 05:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 12:05 - 2015-07-03 04:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 12:05 - 2015-06-27 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 12:05 - 2015-06-27 12:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 12:05 - 2015-06-27 11:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 12:05 - 2015-06-27 11:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 12:05 - 2015-06-25 18:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 12:05 - 2015-06-18 03:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 12:05 - 2015-06-18 03:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 12:05 - 2015-06-10 04:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 12:05 - 2015-06-10 04:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 12:05 - 2015-06-02 10:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 12:05 - 2015-06-02 09:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 12:04 - 2015-06-26 04:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 12:04 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 12:04 - 2015-06-21 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 12:04 - 2015-06-21 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 12:04 - 2015-06-21 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 12:04 - 2015-06-21 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 12:04 - 2015-06-21 05:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 12:04 - 2015-06-21 05:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 12:04 - 2015-06-21 05:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 12:04 - 2015-06-21 05:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 12:04 - 2015-06-21 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 12:04 - 2015-06-21 05:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 12:04 - 2015-06-21 05:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 12:04 - 2015-06-21 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 12:04 - 2015-06-21 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 12:04 - 2015-06-21 04:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 12:04 - 2015-06-21 04:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 12:04 - 2015-06-21 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 12:04 - 2015-06-21 04:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 12:04 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 12:04 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 12:04 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 12:04 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 12:04 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 12:04 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 12:04 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 12:04 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 12:04 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 12:04 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 12:04 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 12:04 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 12:04 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 12:04 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 12:04 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 12:04 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 12:04 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 12:04 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 12:04 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 12:03 - 2015-06-21 05:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 12:03 - 2015-06-21 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 12:03 - 2015-06-21 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 12:03 - 2015-06-21 05:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 12:03 - 2015-06-21 04:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 12:03 - 2015-06-21 04:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 12:01 - 2015-07-05 04:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 12:01 - 2015-07-05 03:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 12:01 - 2015-07-02 06:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 12:01 - 2015-07-02 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 12:01 - 2015-07-02 06:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 12:01 - 2015-07-02 06:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 12:01 - 2015-07-02 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 12:01 - 2015-07-02 06:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 12:01 - 2015-07-02 06:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 12:01 - 2015-07-02 06:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 12:01 - 2015-07-02 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 12:01 - 2015-07-02 06:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 12:01 - 2015-07-02 06:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 12:01 - 2015-07-02 06:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 12:01 - 2015-07-02 06:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 12:01 - 2015-07-02 06:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 12:01 - 2015-07-02 06:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 12:01 - 2015-07-02 06:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 12:01 - 2015-07-02 05:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 12:01 - 2015-07-02 05:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 12:01 - 2015-07-02 05:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 12:01 - 2015-04-28 05:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 12:01 - 2015-04-28 05:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 12:01 - 2015-04-28 05:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 12:01 - 2015-04-28 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 12:01 - 2015-04-28 05:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 12:01 - 2015-04-28 05:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 12:01 - 2015-04-28 05:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 12:01 - 2015-04-28 05:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 12:00 - 2015-06-16 07:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 12:00 - 2015-06-16 07:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 12:00 - 2015-06-16 07:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 12:00 - 2015-06-16 07:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 12:00 - 2015-06-16 07:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 12:00 - 2015-06-16 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 12:00 - 2015-06-16 07:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 12:00 - 2015-06-16 07:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 12:00 - 2015-06-16 07:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 12:00 - 2015-06-16 07:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 12:00 - 2015-06-16 07:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 12:00 - 2015-06-16 07:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 06:22 - 2015-07-15 06:22 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-13 03:07 - 2015-07-24 03:01 - 00000000 ____D C:\ProgramData\a7dd8f7400002476
2015-07-13 03:05 - 2015-07-13 03:05 - 00000000 _____ C:\Users\Val\AppData\Local\Temp.dat
2015-07-13 02:57 - 2015-07-17 22:27 - 00000000 ____D C:\Program Files (x86)\Klout
2015-07-13 02:56 - 2015-07-24 03:22 - 00000000 ____D C:\ProgramData\3746226442181077489
2015-07-13 02:56 - 2015-07-17 22:27 - 00000000 ____D C:\Program Files (x86)\CutTheeePPricie
2015-07-13 02:54 - 2015-08-11 14:54 - 00000418 _____ C:\Windows\Tasks\YogaLite.job
2015-07-13 02:54 - 2015-07-13 02:54 - 00003326 _____ C:\Windows\System32\Tasks\YogaLite
2015-07-13 02:54 - 2015-07-13 02:54 - 00000000 ____D C:\ProgramData\{538c2888-fe67-11e2-538c-c2888fe6a223}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 16:22 - 2012-09-07 13:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-11 16:19 - 2011-12-13 16:24 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 16:18 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 16:17 - 2011-10-05 16:18 - 00000000 ____D C:\Users\Val
2015-08-11 15:46 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-11 15:46 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-11 15:31 - 2011-12-13 16:24 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-11 04:40 - 2013-03-20 14:47 - 00002148 _____ C:\Windows\epplauncher.mif
2015-08-11 04:39 - 2014-11-10 23:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-11 04:39 - 2013-03-20 14:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-11 02:00 - 2013-10-06 00:15 - 00000000 ____D C:\Users\Val\AppData\Roaming\vlc
2015-08-11 02:00 - 2011-10-09 21:59 - 00000000 ____D C:\Users\Val\AppData\Local\Adobe
2015-08-11 00:12 - 2011-11-06 14:34 - 00000000 ____D C:\Users\Val\AppData\Roaming\Azureus
2015-08-09 22:59 - 2014-10-29 01:20 - 00000000 ____D C:\Users\Val\Desktop\Joel's
2015-08-09 12:38 - 2011-11-06 14:33 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-08-09 12:22 - 2011-11-12 17:31 - 00000000 ____D C:\ProgramData\Norton
2015-08-07 21:51 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-03 17:50 - 2011-10-05 16:18 - 00120224 _____ C:\Users\Val\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-03 12:44 - 2009-07-14 14:45 - 05083680 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-02 17:45 - 2009-07-14 15:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-31 09:14 - 2011-11-14 10:47 - 00000000 ____D C:\Update
2015-07-31 09:13 - 2011-11-29 12:00 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2015-07-31 09:12 - 2011-10-06 10:21 - 00000000 ____D C:\Program Files\Sony
2015-07-31 09:10 - 2014-06-17 13:49 - 00013792 _____ C:\Windows\system32\Drivers\semav6thermal64ro.sys
2015-07-30 03:02 - 2014-06-08 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 21:19 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 14:36 - 2014-07-04 17:53 - 00000000 ____D C:\Program Files (x86)\Child of Light
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-24 11:02 - 2012-09-06 22:26 - 00000000 ____D C:\Users\Val\AppData\Roaming\Skype
2015-07-23 18:39 - 2013-03-25 16:42 - 00001808 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-07-23 18:39 - 2011-11-06 14:33 - 00001808 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-23 11:50 - 2014-11-14 21:58 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-23 11:50 - 2012-04-02 13:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-23 11:50 - 2011-11-06 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 10:42 - 2015-07-04 08:17 - 00000000 ____D C:\Users\Val\AppData\Local\SKIDROW
2015-07-23 10:42 - 2014-07-09 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-23 10:42 - 2014-01-25 12:47 - 00000000 ____D C:\Users\Val\Documents\My Games
2015-07-23 10:39 - 2014-07-13 22:05 - 00000000 ____D C:\Users\Val\AppData\Roaming\Yacht Club Games
2015-07-23 10:39 - 2014-06-22 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-07-23 10:39 - 2014-06-22 06:43 - 00000000 ____D C:\GOG Games
2015-07-23 10:39 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-23 10:38 - 2015-07-08 01:28 - 00000000 ____D C:\Users\Val\AppData\Roaming\Arrowhead
2015-07-22 19:28 - 2014-05-03 03:07 - 00000000 ____D C:\Users\Val\Documents\Temps
2015-07-22 19:26 - 2014-03-19 19:06 - 00000000 ____D C:\Users\Val\Documents\Paperwork
2015-07-22 19:18 - 2012-02-01 21:27 - 00000000 ____D C:\Users\Val\Documents\Games
2015-07-19 03:03 - 2014-08-15 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-19 03:02 - 2014-11-11 21:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-17 23:57 - 2011-11-11 15:57 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-17 23:57 - 2011-11-11 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-17 23:08 - 2011-12-13 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-17 22:27 - 2014-06-25 07:27 - 00000000 ____D C:\Program Files\PowerISO
2015-07-17 22:27 - 2010-04-16 05:30 - 00000000 ____D C:\Windows\Panther
2015-07-17 04:59 - 2015-07-03 04:56 - 00003262 _____ C:\Windows\System32\Tasks\Megasoft Security Viewer
2015-07-17 03:03 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 04:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:46 - 2015-07-01 15:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:46 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 03:17 - 2009-07-14 12:34 - 00000510 _____ C:\Windows\win.ini
2015-07-16 03:10 - 2013-08-08 12:36 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 14:00 - 2014-06-25 07:27 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-07-15 06:22 - 2012-09-07 13:51 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 06:22 - 2012-09-07 13:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 06:22 - 2011-11-11 16:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 23:41 - 2009-07-14 15:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-13 23:36 - 2015-07-04 04:58 - 00000000 ____D C:\Users\Val\AppData\Roaming\InetStat
2015-07-13 23:34 - 2014-06-29 07:55 - 00000000 ____D C:\Users\Val\AppData\Local\com
2015-07-13 23:34 - 2013-08-08 12:39 - 00000000 ____D C:\Windows\Temp383E7311-341C-5D50-3CF0-584E889A0D48-Signatures
2015-07-13 04:56 - 2011-10-05 16:19 - 00001172 _____ C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-12 03:33 - 2014-11-27 22:40 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-07-03 04:55 - 2015-07-03 04:55 - 0000000 _____ () C:\Users\Val\AppData\Roaming\3C86.tmp
2014-06-21 01:44 - 2014-06-21 01:44 - 0000320 _____ () C:\Users\Val\AppData\Roaming\aps.uninstall.scan.results
2015-07-17 07:15 - 2015-07-17 07:15 - 0000000 _____ () C:\Users\Val\AppData\Roaming\ED1A.tmp
2014-04-23 11:29 - 2014-04-23 11:29 - 0017408 ___SH () C:\Users\Val\AppData\Roaming\Thumbs.db
2012-03-10 01:55 - 2012-03-10 01:55 - 0012841 _____ () C:\Users\Val\AppData\Roaming\UserTile.png
2015-07-13 03:05 - 2015-07-13 03:05 - 0000000 _____ () C:\Users\Val\AppData\Local\Temp.dat

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-986212026-379418426-1859886101-1000\$b59c2d2b86ada98909b69bf192f30e8c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$b59c2d2b86ada98909b69bf192f30e8c

Some files in TEMP:
====================
C:\Users\Val\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2015-08-02 19:25

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Val (2015-08-11 16:27:05)
Running from C:\Users\Val\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-986212026-379418426-1859886101-500 - Administrator - Disabled)
Guest (S-1-5-21-986212026-379418426-1859886101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-986212026-379418426-1859886101-1002 - Limited - Enabled)
Val (S-1-5-21-986212026-379418426-1859886101-1000 - Administrator - Enabled) => C:\Users\Val

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
ePub to PDF Converter 2.0.4 (HKLM-x32\...\ePub to PDF Converter_is1) (Version:  - DONGSOFT Company, Inc.)
e-tax 2012 (HKLM-x32\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.2.1525 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java™ 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.2.0.15040 - Sony Corporation)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pillars of Eternity v.1.0.5.0567 (HKLM-x32\...\Pillars of Eternity_is1) (Version:  - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.1.02.03310 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.07140 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6013 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.14250 - Sony Corporation)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.1.0.14240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
The Sims 2 Ultimate Collection version 1.17.0.66 (HKLM-x32\...\The Sims 2 Ultimate Collection_is1) (Version: 1.17.0.66 - EA Games)
Unity Web Player (HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
UpgraderLite (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{774350ce}) (Version:  - Software Publisher) <==== ATTENTION
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.07140 - Sony Corporation)
VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Content Monitoring Settings (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.5.0.13220 - Sony Corporation)
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.3.0.13150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.13210 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.7.0.16080 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.0.0.04160 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}) (Version: 4.1.0.13180 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.15040 - Sony Corporation)
VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.1.0.14080 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.1.00.14040 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.1.0.13120 - Sony Corporation)
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.13200 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.2.0.14010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.1.0.14090 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.3950 - Broadcom Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YTD Video Downloader 4.8.5 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.5 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-08-2015 03:00:22 Windows Update
06-08-2015 03:00:25 Windows Update
08-08-2015 03:00:51 Windows Update
09-08-2015 03:00:11 Windows Update
09-08-2015 23:13:41 Norton_Power_Eraser_20150809231335123
10-08-2015 11:32:22 Windows Update
11-08-2015 00:24:06 Norton_Power_Eraser_20150811002400949
11-08-2015 02:00:58 Norton_Power_Eraser_20150811020053526
11-08-2015 03:00:16 Windows Update
11-08-2015 04:39:33 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2014-06-29 08:06 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018567D4-21EE-42D0-BA7B-1628FB10060B} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {0D41DB0F-7F93-4993-A4D8-F2A70D4669B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A4E420-0D66-439A-A270-B9B6094E42B1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {13BE7939-B31D-4D0B-8B0D-E56C76D245DF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {1FE833B4-BD1E-40CB-BD91-0A84C32AD76A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {235CFED4-2ACA-415F-83CD-1ED604B23B79} - System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => pcalua.exe -a "C:\Program Files (x86)\V-9.1HD\Uninstall.exe" -c /fcp=1
Task: {29D71B1D-3393-4954-94BE-A4AB9AF8919F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {2B1E979D-21A7-4787-BFCE-264A6106A5CD} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {36C9E78A-4483-420D-A4E0-8F86F4FD5A8C} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {393BBB8D-441C-4C4F-8AF1-6C82E3AA690E} - \RocketTab -> No File <==== ATTENTION
Task: {40789279-1C96-4C37-9D94-33B7CE113DBE} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {41CC72F1-B55A-4769-9D94-69AF8A03A436} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {428E7C88-0901-4650-9A80-77D1F6E27A5E} - System32\Tasks\SONY\Prepare Your VAIO\Prepare Your VAIO => C:\Program Files (x86)\Sony\Prepare Your VAIO\PYV.exe [2010-02-25] (Sony Corporation)
Task: {45E56A76-06DB-4921-8A19-EB472A27DBC5} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {4731AEF1-F633-4633-9E2A-D8BDE23F364F} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {48F56E4C-F2E2-4FD1-884C-89375100CBAF} - System32\Tasks\YogaLite => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
Task: {491A119B-5FE8-4731-9C8E-434BA6759B9D} - System32\Tasks\AdobeAAMUpdater-1.0-Val-VAIO-Val => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {4A6C63B3-5EC4-4CF6-8FF0-C5D3FB1D813D} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {4E22B097-D3DA-4787-B4F0-58B23EE2D230} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {5274D606-0786-4992-9B46-8E504E985106} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56004971-BDC7-40AE-8F3E-7AF931168EFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5C0B34AD-45D8-41CA-8C62-990BB13B983E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {60A91ADB-F825-4877-AA9F-8247B79F339D} - System32\Tasks\Malware Cleaner => C:\Users\Val\AppData\Roaming\3C86.tmp.exe <==== ATTENTION
Task: {637B059C-9874-42C1-910A-730791BDF02C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {64334B5F-626A-4957-AA73-99104CDAA1AF} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {65C250D4-888B-4B96-B24F-E1A958CD2424} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-17] (Symantec Corporation)
Task: {66455886-0F06-4A60-A971-9669985B547A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DAFB589-7BF3-4796-A22F-4F27D65C2F9D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DD85A0C-B4DF-42F9-BF51-37EB787D02F2} - System32\Tasks\Megasoft Security Viewer => C:\Program Files (x86)\Megasoft Security\jptask.exe
Task: {6E63CE98-39F5-4765-9736-99909BB2BDDE} - System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95} => pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {75E0C3BD-AAE6-4DC6-AAF1-AE43B2CEA6F5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {792606F4-0A69-47CF-84C4-700A17ECB811} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {8109AE46-C26B-4FED-8063-8D5FD629AC6D} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {897F74B7-DE82-4D80-B145-3BB27D32F9AE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
Task: {8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB} - System32\Tasks\Security Installer => C:\Users\Val\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {8F8F0474-F880-4A0E-89F0-9760B9AF48D1} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
Task: {905B07D2-6D78-4D57-BBEB-3B9F48757DA2} - System32\Tasks\{6ED7D482-686C-4A8C-A394-0FBCE695804E} => pcalua.exe -a C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED\setup_legend_of_grimrock_1.0.0.6.exe -d C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED
Task: {9CBB4F4F-3A66-45AB-9CF1-B493DE5EDFEC} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {A14BD500-46E1-47BE-9266-6E662074AA12} - System32\Tasks\{8F42C2F7-755C-491B-B067-0F304A7D13F5} => pcalua.exe -a C:\Users\Val\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\Val\Desktop
Task: {A1C1779F-D704-4DCE-A789-A100712AF941} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {AFC71B52-293D-4930-945B-84B0FDFB349E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {B39B622A-A986-4094-8E27-9B48B7576F81} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B3B302CA-6F56-41DE-93AF-795CA9E90D62} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {B5573480-3025-4CD8-ACC5-97F65DBDE0BE} - System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => pcalua.exe -a "C:\Program Files (x86)\Fraveen 1.4\Uninstall.exe" -c /fcp=1
Task: {B8684772-8ACD-4D61-B1B9-4BDB02A7D167} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {BDE114C7-E118-4D97-9A67-DCD2E3A10007} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {BE363EB0-7472-4830-8D86-39453475A990} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {BF6B4189-EA58-406D-8962-FE284BB18EB3} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C3F08A49-5EE6-4B2F-BDBF-938DDDCFB1A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C4867012-4448-4148-A5E1-343A99136352} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {D0DC214B-07FF-48A0-B3A7-CB94AF555CF3} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {D248F8B9-8060-4F5C-905C-53A93E9B6B36} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6B71070-5725-483E-8482-F0C671F834C7} - System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlayer\Uninstall.exe" -c /fcp=1
Task: {EDCF36B0-19D2-44FE-85E9-7E256F5F3FCD} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {EFB74764-C091-4473-A75E-20BB449789A3} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {F12734FA-A9D4-42CC-835C-83C6C8AEB16A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-11] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\YogaLite.job => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2010-07-19 15:48 - 2010-07-19 15:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-08 18:35 - 2013-01-08 18:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00379904 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll
2010-04-16 07:10 - 2009-11-21 08:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\6cyPRKj9G:dgV72Q0w8TYtF2X6pc7J
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-986212026-379418426-1859886101-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2015 04:40:03 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 04:40:02 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (08/11/2015 04:39:53 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 04:39:52 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (08/11/2015 03:01:30 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 03:01:28 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (08/11/2015 03:01:16 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 03:01:14 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (08/11/2015 12:03:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Sims2ep9.exe version 1.17.0.66 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bd8

Start Time: 01d0d363cdc2a95e

Termination Time: 44

Application Path: C:\Program Files (x86)\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2ep9.exe

Report Id:

Error: (08/10/2015 11:33:43 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.


System errors:
=============
Error: (08/11/2015 04:20:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (08/11/2015 04:20:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error:
%%268439612

Error: (08/11/2015 04:18:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (08/11/2015 04:18:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:16:10 PM on ‎11/‎08/‎2015 was unexpected.

Error: (08/11/2015 02:54:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (08/11/2015 02:54:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error:
%%268439612

Error: (08/11/2015 02:52:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (08/11/2015 04:40:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.8.204.0 (KB3063917).

Error: (08/11/2015 04:40:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/11/2015 04:39:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).


Microsoft Office:
=========================
Error: (08/11/2015 04:40:03 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 04:40:02 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/11/2015 04:39:53 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 04:39:52 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/11/2015 03:01:30 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 03:01:28 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/11/2015 03:01:16 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (08/11/2015 03:01:14 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/11/2015 12:03:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Sims2ep9.exe1.17.0.661bd801d0d363cdc2a95e44C:\Program Files (x86)\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2ep9.exe

Error: (08/10/2015 11:33:43 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.


CodeIntegrity:
===================================
  Date: 2013-07-15 18:04:53.807
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:53.675
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:51.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:51.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:49.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:49.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:46.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:46.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:44.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:44.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 56%
Total physical RAM: 3766.88 MB
Available physical RAM: 1640.65 MB
Total Virtual: 7531.97 MB
Available Virtual: 5068.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:284.99 GB) (Free:68.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C4EA7D6B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

Advertisements

#2
Nevan
Posted 11 August 2015 - 01:43 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, orwellian1984. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

 
I'll check the log provided and be back with appropriate instructions once they are approved by my teacher.

Stay calm :)
  • 1

#3
Nevan
Posted 11 August 2015 - 05:03 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, orwellian1984.

Let's start with an important information.

WARNING!

One or more of the identified infections on your computer is known to use a backdoor!

Backdoors allow hackers to remotely control your computer, which may result in stealing important system information, files and download and run more malware.

I recommend you to disconnect this PC from the Internet immediately. If you use that computer for banking or any other financial transactions or sensitive information, you should use a malware-free computer to change all passwords where applicable. You should also contact those financial institutions and explain them your situation.

Even if it has been identified and can be deleted, because of the way it affects your computer, that PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the operation system.

Please, read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can attempt to clean this machine, but I cannot guarantee that it will be 100% secure again. If you still want to proceed with cleaning process, follow the instructions below.

 
Step #1
89Bcpos.png TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Right click TDSSKiller.exe and select Run as Administrator to run the application. Accept the license agreements, then click on Change parameters.
    0Hfdwva.png
  • Check all boxes then click OK.
    Note: You will be prompted to reboot. Please do so.
  • Click the Start Scan button. This scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
Step #2
4lSuPAR.pngUninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove YTD Video Downloader 4.8.5.

 
Step #3
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   4.76KB   292 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
EOEdyWG.png Things that should appear in your next post:
  • TDSSKiller log content
  • Fixlog.txt log content

  • 0

#4
orwellian1984
Posted 11 August 2015 - 07:05 AM

orwellian1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

As requested

 

Thank you!

 

23:00:22.0397 0x1ae4  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
23:00:26.0203 0x1ae4  ============================================================
23:00:26.0203 0x1ae4  Current date / time: 2015/08/11 23:00:26.0203
23:00:26.0203 0x1ae4  SystemInfo:
23:00:26.0203 0x1ae4  
23:00:26.0203 0x1ae4  OS Version: 6.1.7601 ServicePack: 1.0
23:00:26.0203 0x1ae4  Product type: Workstation
23:00:26.0203 0x1ae4  ComputerName: JOEL
23:00:26.0203 0x1ae4  UserName: Val
23:00:26.0203 0x1ae4  Windows directory: C:\Windows
23:00:26.0203 0x1ae4  System windows directory: C:\Windows
23:00:26.0203 0x1ae4  Running under WOW64
23:00:26.0203 0x1ae4  Processor architecture: Intel x64
23:00:26.0203 0x1ae4  Number of processors: 4
23:00:26.0203 0x1ae4  Page size: 0x1000
23:00:26.0203 0x1ae4  Boot type: Normal boot
23:00:26.0203 0x1ae4  ============================================================
23:00:28.0372 0x1ae4  KLMD registered as C:\Windows\system32\drivers\73685000.sys
23:00:29.0089 0x1ae4  System UUID: {D1D5FD69-D450-8135-BD40-6630BEA5859C}
23:00:31.0648 0x1ae4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:00:31.0663 0x1ae4  ============================================================
23:00:31.0663 0x1ae4  \Device\Harddisk0\DR0:
23:00:31.0663 0x1ae4  MBR partitions:
23:00:31.0663 0x1ae4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A03800, BlocksNum 0x32000
23:00:31.0663 0x1ae4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A35800, BlocksNum 0x239F8800
23:00:31.0663 0x1ae4  ============================================================
23:00:31.0741 0x1ae4  C: <-> \Device\Harddisk0\DR0\Partition2
23:00:31.0741 0x1ae4  ============================================================
23:00:31.0741 0x1ae4  Initialize success
23:00:31.0741 0x1ae4  ============================================================
23:00:37.0404 0x1b8c  ============================================================
23:00:37.0404 0x1b8c  Scan started
23:00:37.0404 0x1b8c  Mode: Manual;
23:00:37.0404 0x1b8c  ============================================================
23:00:37.0404 0x1b8c  KSN ping started
23:00:40.0446 0x1b8c  KSN ping finished: true
23:00:42.0895 0x1b8c  ================ Scan system memory ========================
23:00:42.0895 0x1b8c  System memory - ok
23:00:42.0895 0x1b8c  ================ Scan services =============================
23:00:43.0254 0x1b8c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:00:43.0254 0x1b8c  1394ohci - ok
23:00:43.0301 0x1b8c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:00:43.0316 0x1b8c  ACPI - ok
23:00:43.0363 0x1b8c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:00:43.0363 0x1b8c  AcpiPmi - ok
23:00:43.0660 0x1b8c  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:00:43.0675 0x1b8c  AdobeFlashPlayerUpdateSvc - ok
23:00:43.0769 0x1b8c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:00:43.0784 0x1b8c  adp94xx - ok
23:00:43.0831 0x1b8c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:00:43.0878 0x1b8c  adpahci - ok
23:00:43.0894 0x1b8c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:00:43.0894 0x1b8c  adpu320 - ok
23:00:43.0956 0x1b8c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:00:43.0956 0x1b8c  AeLookupSvc - ok
23:00:44.0018 0x1b8c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
23:00:44.0034 0x1b8c  AFD - ok
23:00:44.0096 0x1b8c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:00:44.0096 0x1b8c  agp440 - ok
23:00:44.0143 0x1b8c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:00:44.0143 0x1b8c  ALG - ok
23:00:44.0190 0x1b8c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:00:44.0190 0x1b8c  aliide - ok
23:00:44.0237 0x1b8c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:00:44.0237 0x1b8c  amdide - ok
23:00:44.0284 0x1b8c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:00:44.0284 0x1b8c  AmdK8 - ok
23:00:44.0315 0x1b8c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:00:44.0315 0x1b8c  AmdPPM - ok
23:00:44.0362 0x1b8c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:00:44.0362 0x1b8c  amdsata - ok
23:00:44.0408 0x1b8c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:00:44.0408 0x1b8c  amdsbs - ok
23:00:44.0440 0x1b8c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:00:44.0440 0x1b8c  amdxata - ok
23:00:44.0518 0x1b8c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
23:00:44.0518 0x1b8c  AppID - ok
23:00:44.0580 0x1b8c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:00:44.0580 0x1b8c  AppIDSvc - ok
23:00:44.0627 0x1b8c  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
23:00:44.0627 0x1b8c  Appinfo - ok
23:00:44.0830 0x1b8c  [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:00:44.0830 0x1b8c  Apple Mobile Device Service - ok
23:00:44.0861 0x1b8c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:00:44.0876 0x1b8c  arc - ok
23:00:44.0908 0x1b8c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:00:44.0908 0x1b8c  arcsas - ok
23:00:45.0188 0x1b8c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:00:45.0220 0x1b8c  aspnet_state - ok
23:00:45.0251 0x1b8c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:45.0251 0x1b8c  AsyncMac - ok
23:00:45.0313 0x1b8c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:00:45.0313 0x1b8c  atapi - ok
23:00:45.0688 0x1b8c  [ 08BAAA2432E81031A6C3B11AD5A67E2B, BB909746B0FBC731BA7D64E9332FF367C8D37E7053B304F0FC08B270D3683D57 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:00:45.0828 0x1b8c  athr - ok
23:00:45.0937 0x1b8c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:00:45.0953 0x1b8c  AudioEndpointBuilder - ok
23:00:45.0984 0x1b8c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:00:46.0000 0x1b8c  AudioSrv - ok
23:00:46.0031 0x1b8c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:00:46.0046 0x1b8c  AxInstSV - ok
23:00:46.0093 0x1b8c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:00:46.0109 0x1b8c  b06bdrv - ok
23:00:46.0140 0x1b8c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:00:46.0156 0x1b8c  b57nd60a - ok
23:00:46.0202 0x1b8c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:00:46.0218 0x1b8c  BDESVC - ok
23:00:46.0265 0x1b8c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:00:46.0265 0x1b8c  Beep - ok
23:00:46.0452 0x1b8c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:00:46.0468 0x1b8c  BFE - ok
23:00:46.0904 0x1b8c  [ 3E2882C7D02E34D5528BDDECD8CEF930, 39AEB34BD5BFD0BE6C8D0E37D5D5912B76B87A442C2AD91AC3E5F709D73C809C ] BHDrvx64        C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150728.001\BHDrvx64.sys
23:00:46.0951 0x1b8c  BHDrvx64 - ok
23:00:47.0107 0x1b8c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:00:47.0123 0x1b8c  BITS - ok
23:00:47.0154 0x1b8c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:00:47.0154 0x1b8c  blbdrive - ok
23:00:47.0310 0x1b8c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:00:47.0326 0x1b8c  Bonjour Service - ok
23:00:47.0372 0x1b8c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:00:47.0372 0x1b8c  bowser - ok
23:00:47.0388 0x1b8c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:00:47.0388 0x1b8c  BrFiltLo - ok
23:00:47.0419 0x1b8c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:00:47.0419 0x1b8c  BrFiltUp - ok
23:00:47.0450 0x1b8c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:00:47.0450 0x1b8c  Browser - ok
23:00:47.0482 0x1b8c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:00:47.0513 0x1b8c  Brserid - ok
23:00:47.0560 0x1b8c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:00:47.0560 0x1b8c  BrSerWdm - ok
23:00:47.0591 0x1b8c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:00:47.0591 0x1b8c  BrUsbMdm - ok
23:00:47.0606 0x1b8c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:00:47.0606 0x1b8c  BrUsbSer - ok
23:00:47.0653 0x1b8c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:00:47.0653 0x1b8c  BthEnum - ok
23:00:47.0700 0x1b8c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:00:47.0700 0x1b8c  BTHMODEM - ok
23:00:47.0747 0x1b8c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:00:47.0762 0x1b8c  BthPan - ok
23:00:47.0856 0x1b8c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:00:47.0887 0x1b8c  BTHPORT - ok
23:00:47.0950 0x1b8c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:00:47.0950 0x1b8c  bthserv - ok
23:00:47.0981 0x1b8c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:00:47.0996 0x1b8c  BTHUSB - ok
23:00:48.0121 0x1b8c  [ 71A07B6FC98030935E60EDBFFE9E9C85, DEEDEF1381E16C41646EB28915BC6BABEB4F47CFA30549F904D08E341FA987AC ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
23:00:48.0137 0x1b8c  btwampfl - ok
23:00:48.0168 0x1b8c  [ BA5622F5544C6C445DFF1A05ACC8B19D, D9B3FBED2EDE92E16AEC5A6E3E69768540083A9AB3D80E3E8DC9218B7BD78DED ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
23:00:48.0184 0x1b8c  btwaudio - ok
23:00:48.0199 0x1b8c  [ A11905D0F4BD34771F195217B6AA5AE0, 2E7096E278978773C42E06833D2207DE7B4A9DBC4AF09415DCADD27372C4C0AE ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
23:00:48.0199 0x1b8c  btwavdt - ok
23:00:48.0324 0x1b8c  [ 1AF4ADB12E5EC25041166DA38C3B42C9, 1EFC43C4B0F4F83DFB40FBAEC8DCAF45FEEC6221EC2036C07A7774B511D104EE ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:00:48.0355 0x1b8c  btwdins - ok
23:00:48.0371 0x1b8c  [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
23:00:48.0371 0x1b8c  btwl2cap - ok
23:00:48.0418 0x1b8c  [ BD776F32D64EC615BE4563DC2747224E, D0CFB25919051DC5654CC47BBD785D304BEEA4BEBC99BEFCE74C53C439AB33ED ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
23:00:48.0418 0x1b8c  btwrchid - ok
23:00:48.0636 0x1b8c  [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys
23:00:48.0652 0x1b8c  ccSet_N360 - ok
23:00:48.0683 0x1b8c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:00:48.0698 0x1b8c  cdfs - ok
23:00:48.0792 0x1b8c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:00:48.0792 0x1b8c  cdrom - ok
23:00:48.0823 0x1b8c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:00:48.0823 0x1b8c  CertPropSvc - ok
23:00:48.0886 0x1b8c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:00:48.0886 0x1b8c  circlass - ok
23:00:48.0995 0x1b8c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
23:00:49.0026 0x1b8c  CLFS - ok
23:00:49.0104 0x1b8c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:49.0104 0x1b8c  clr_optimization_v2.0.50727_32 - ok
23:00:49.0182 0x1b8c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:00:49.0182 0x1b8c  clr_optimization_v2.0.50727_64 - ok
23:00:49.0322 0x1b8c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:49.0666 0x1b8c  clr_optimization_v4.0.30319_32 - ok
23:00:49.0681 0x1b8c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:00:49.0853 0x1b8c  clr_optimization_v4.0.30319_64 - ok
23:00:49.0900 0x1b8c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:00:49.0900 0x1b8c  CmBatt - ok
23:00:49.0962 0x1b8c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:00:49.0978 0x1b8c  cmdide - ok
23:00:50.0118 0x1b8c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
23:00:50.0118 0x1b8c  CNG - ok
23:00:50.0196 0x1b8c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:00:50.0196 0x1b8c  Compbatt - ok
23:00:50.0258 0x1b8c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:00:50.0258 0x1b8c  CompositeBus - ok
23:00:50.0258 0x1b8c  COMSysApp - ok
23:00:50.0305 0x1b8c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:00:50.0305 0x1b8c  crcdisk - ok
23:00:50.0430 0x1b8c  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:00:50.0446 0x1b8c  CryptSvc - ok
23:00:50.0586 0x1b8c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:00:50.0617 0x1b8c  DcomLaunch - ok
23:00:50.0664 0x1b8c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:00:50.0680 0x1b8c  defragsvc - ok
23:00:50.0773 0x1b8c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:00:50.0773 0x1b8c  DfsC - ok
23:00:50.0836 0x1b8c  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
23:00:50.0836 0x1b8c  dg_ssudbus - ok
23:00:50.0929 0x1b8c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:00:50.0945 0x1b8c  Dhcp - ok
23:00:51.0210 0x1b8c  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
23:00:51.0241 0x1b8c  DiagTrack - ok
23:00:51.0319 0x1b8c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:00:51.0319 0x1b8c  discache - ok
23:00:51.0366 0x1b8c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:00:51.0366 0x1b8c  Disk - ok
23:00:51.0397 0x1b8c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:00:51.0413 0x1b8c  Dnscache - ok
23:00:51.0460 0x1b8c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:00:51.0460 0x1b8c  dot3svc - ok
23:00:51.0506 0x1b8c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:00:51.0506 0x1b8c  DPS - ok
23:00:51.0569 0x1b8c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:00:51.0569 0x1b8c  drmkaud - ok
23:00:51.0647 0x1b8c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:00:51.0678 0x1b8c  DXGKrnl - ok
23:00:51.0725 0x1b8c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:00:51.0725 0x1b8c  EapHost - ok
23:00:51.0896 0x1b8c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:00:52.0037 0x1b8c  ebdrv - ok
23:00:52.0162 0x1b8c  [ 93EA893A8C2C561648A559E48C723412, 14F9AD8BCF423BC40F7B3D2D7BC0F795CD3C54800C854873BD170ADF2A735B64 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:00:52.0177 0x1b8c  eeCtrl - ok
23:00:52.0224 0x1b8c  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS             C:\Windows\System32\lsass.exe
23:00:52.0224 0x1b8c  EFS - ok
23:00:52.0302 0x1b8c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:00:52.0333 0x1b8c  ehRecvr - ok
23:00:52.0349 0x1b8c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:00:52.0364 0x1b8c  ehSched - ok
23:00:52.0411 0x1b8c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:00:52.0427 0x1b8c  elxstor - ok
23:00:52.0474 0x1b8c  [ 8400C9E33B68C556BF63AEF490EB145C, A840DF1A27C935DD427E53C5D2FFFE79E612D0B4074CE26AA992DA62D4925806 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:00:52.0474 0x1b8c  EraserUtilRebootDrv - ok
23:00:52.0520 0x1b8c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:00:52.0520 0x1b8c  ErrDev - ok
23:00:52.0614 0x1b8c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:00:52.0630 0x1b8c  EventSystem - ok
23:00:52.0817 0x1b8c  [ BDFCB7E8C108D042B213957D2B044E7E, 2840637123E40ACEB6F78A618C7C230B62388C36C49D5AD9BE795A1063FA5845 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:00:52.0864 0x1b8c  EvtEng - ok
23:00:52.0879 0x1b8c  ewusbnet - ok
23:00:52.0895 0x1b8c  ew_hwusbdev - ok
23:00:52.0926 0x1b8c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:00:52.0926 0x1b8c  exfat - ok
23:00:52.0988 0x1b8c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:00:53.0004 0x1b8c  fastfat - ok
23:00:53.0191 0x1b8c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:00:53.0222 0x1b8c  Fax - ok
23:00:53.0238 0x1b8c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:00:53.0238 0x1b8c  fdc - ok
23:00:53.0316 0x1b8c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:00:53.0316 0x1b8c  fdPHost - ok
23:00:53.0347 0x1b8c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:00:53.0347 0x1b8c  FDResPub - ok
23:00:53.0410 0x1b8c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:00:53.0410 0x1b8c  FileInfo - ok
23:00:53.0441 0x1b8c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:00:53.0441 0x1b8c  Filetrace - ok
23:00:53.0566 0x1b8c  [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:00:53.0597 0x1b8c  FLEXnet Licensing Service - ok
23:00:53.0612 0x1b8c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:00:53.0612 0x1b8c  flpydisk - ok
23:00:53.0675 0x1b8c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:00:53.0675 0x1b8c  FltMgr - ok
23:00:53.0784 0x1b8c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
23:00:53.0815 0x1b8c  FontCache - ok
23:00:53.0893 0x1b8c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:00:53.0893 0x1b8c  FontCache3.0.0.0 - ok
23:00:53.0940 0x1b8c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:00:53.0940 0x1b8c  FsDepends - ok
23:00:54.0408 0x1b8c  [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk     C:\Windows\SysWOW64\FsUsbExDisk.SYS
23:00:54.0408 0x1b8c  FsUsbExDisk - ok
23:00:54.0439 0x1b8c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:00:54.0439 0x1b8c  Fs_Rec - ok
23:00:54.0502 0x1b8c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:00:54.0517 0x1b8c  fvevol - ok
23:00:54.0580 0x1b8c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:00:54.0595 0x1b8c  gagp30kx - ok
23:00:54.0673 0x1b8c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:00:54.0673 0x1b8c  GEARAspiWDM - ok
23:00:54.0798 0x1b8c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:00:54.0829 0x1b8c  gpsvc - ok
23:00:54.0876 0x1b8c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:00:54.0892 0x1b8c  hcw85cir - ok
23:00:55.0001 0x1b8c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:00:55.0016 0x1b8c  HdAudAddService - ok
23:00:55.0063 0x1b8c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:00:55.0063 0x1b8c  HDAudBus - ok
23:00:55.0110 0x1b8c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
23:00:55.0110 0x1b8c  HECIx64 - ok
23:00:55.0126 0x1b8c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:00:55.0141 0x1b8c  HidBatt - ok
23:00:55.0157 0x1b8c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:00:55.0157 0x1b8c  HidBth - ok
23:00:55.0188 0x1b8c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:00:55.0188 0x1b8c  HidIr - ok
23:00:55.0235 0x1b8c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:00:55.0235 0x1b8c  hidserv - ok
23:00:55.0297 0x1b8c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:00:55.0297 0x1b8c  HidUsb - ok
23:00:55.0344 0x1b8c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:00:55.0344 0x1b8c  hkmsvc - ok
23:00:55.0406 0x1b8c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:00:55.0422 0x1b8c  HomeGroupListener - ok
23:00:55.0453 0x1b8c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:00:55.0453 0x1b8c  HomeGroupProvider - ok
23:00:55.0500 0x1b8c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:00:55.0500 0x1b8c  HpSAMD - ok
23:00:55.0578 0x1b8c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:00:55.0594 0x1b8c  HTTP - ok
23:00:55.0609 0x1b8c  huawei_enumerator - ok
23:00:55.0625 0x1b8c  hwdatacard - ok
23:00:55.0672 0x1b8c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:00:55.0672 0x1b8c  hwpolicy - ok
23:00:55.0734 0x1b8c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:00:55.0750 0x1b8c  i8042prt - ok
23:00:55.0781 0x1b8c  [ 073A606333B6F7BBF20AA856DF7F0997, 513927CA430511A5B95F6CBE5FBD20F8C2202B609F88C4526C174A4FF7F761FC ] iaStor          C:\Windows\system32\drivers\iaStor.sys
23:00:55.0796 0x1b8c  iaStor - ok
23:00:55.0937 0x1b8c  [ CC800D2D9FD467542BAC7C186C4774AD, 2C2B975DAE6643D3CC5B93B6B58266C0B7E752651FB73B512ECA44FADB8AB839 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:00:55.0937 0x1b8c  IAStorDataMgrSvc - ok
23:00:56.0046 0x1b8c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:00:56.0062 0x1b8c  iaStorV - ok
23:00:56.0218 0x1b8c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:00:56.0420 0x1b8c  IDriverT - ok
23:00:56.0592 0x1b8c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:00:56.0701 0x1b8c  idsvc - ok
23:00:56.0935 0x1b8c  [ 19F52CF90BB4D05B5265773CA7011E4C, BA28BAEE9D64859775C6DF56E407104D1463BD1374CF3F6AA414AB85946ED1F5 ] IDSVia64        C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150809.001\IDSvia64.sys
23:00:56.0951 0x1b8c  IDSVia64 - ok
23:00:56.0998 0x1b8c  IEEtwCollectorService - ok
23:00:58.0091 0x1b8c  [ 4128D51B770BB68FE44EAF3AD1DBAB25, 1E0C63D03E51C257CFDFF95F7BDC11FA58CA10166A0C4A5D2BD11647B88C6EC7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:00:58.0574 0x1b8c  igfx - ok
23:00:58.0637 0x1b8c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:00:58.0637 0x1b8c  iirsp - ok
23:00:58.0777 0x1b8c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:00:58.0808 0x1b8c  IKEEXT - ok
23:00:58.0886 0x1b8c  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:00:58.0886 0x1b8c  Impcd - ok
23:00:59.0262 0x1b8c  [ C1E2D46EB6E533DD087C684D33411F4A, 1C7634A6CEC5359D41798E2E2BD5E5D3E6B3ED2D8BDB0E0B8331693A69920B9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:00:59.0308 0x1b8c  IntcAzAudAddService - ok
23:00:59.0340 0x1b8c  [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:00:59.0355 0x1b8c  IntcDAud - ok
23:00:59.0386 0x1b8c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:00:59.0386 0x1b8c  intelide - ok
23:00:59.0418 0x1b8c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
23:00:59.0418 0x1b8c  intelppm - ok
23:00:59.0496 0x1b8c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:00:59.0511 0x1b8c  IPBusEnum - ok
23:00:59.0542 0x1b8c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:00:59.0542 0x1b8c  IpFilterDriver - ok
23:00:59.0667 0x1b8c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
23:00:59.0683 0x1b8c  IpHlpSvc - ok
23:00:59.0714 0x1b8c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:00:59.0730 0x1b8c  IPMIDRV - ok
23:00:59.0776 0x1b8c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:00:59.0776 0x1b8c  IPNAT - ok
23:00:59.0964 0x1b8c  [ 2208D673C5D4B22EB0235EA1EC6269CC, 3E73032D67B3B740E11CEA0748CDFFBE35619CBF1AC1C3D86EF089CA326D7918 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:00:59.0979 0x1b8c  iPod Service - ok
23:01:00.0026 0x1b8c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:01:00.0026 0x1b8c  IRENUM - ok
23:01:00.0073 0x1b8c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:01:00.0073 0x1b8c  isapnp - ok
23:01:00.0135 0x1b8c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:01:00.0135 0x1b8c  iScsiPrt - ok
23:01:00.0166 0x1b8c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:00.0166 0x1b8c  kbdclass - ok
23:01:00.0198 0x1b8c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:01:00.0198 0x1b8c  kbdhid - ok
23:01:00.0213 0x1b8c  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso          C:\Windows\system32\lsass.exe
23:01:00.0213 0x1b8c  KeyIso - ok
23:01:00.0276 0x1b8c  [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:01:00.0276 0x1b8c  KSecDD - ok
23:01:00.0307 0x1b8c  [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:01:00.0322 0x1b8c  KSecPkg - ok
23:01:00.0354 0x1b8c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:01:00.0354 0x1b8c  ksthunk - ok
23:01:00.0463 0x1b8c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:01:00.0478 0x1b8c  KtmRm - ok
23:01:00.0541 0x1b8c  [ E84DA1A93978B3700EA63414357B9BA3, B6119D23457CDEE2CCEBA433F5427B183387C3C54E9E51B42D7C79D1524727A4 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:01:00.0541 0x1b8c  L1C - ok
23:01:00.0603 0x1b8c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:01:00.0603 0x1b8c  LanmanServer - ok
23:01:00.0666 0x1b8c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:01:00.0666 0x1b8c  LanmanWorkstation - ok
23:01:00.0775 0x1b8c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:01:00.0775 0x1b8c  lltdio - ok
23:01:00.0837 0x1b8c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:01:00.0853 0x1b8c  lltdsvc - ok
23:01:00.0868 0x1b8c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:01:00.0884 0x1b8c  lmhosts - ok
23:01:01.0024 0x1b8c  [ AD1CF8471B06BADB93D87CC4D63B8483, 0465CFBA7A12F74CCD155949837694D3F67F57B831A9BA7D40E08882AD3E1815 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:01:01.0040 0x1b8c  LMS - ok
23:01:01.0071 0x1b8c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:01:01.0071 0x1b8c  LSI_FC - ok
23:01:01.0087 0x1b8c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:01:01.0102 0x1b8c  LSI_SAS - ok
23:01:01.0118 0x1b8c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:01:01.0118 0x1b8c  LSI_SAS2 - ok
23:01:01.0149 0x1b8c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:01:01.0149 0x1b8c  LSI_SCSI - ok
23:01:01.0165 0x1b8c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:01:01.0180 0x1b8c  luafv - ok
23:01:01.0196 0x1b8c  MBAMSwissArmy - ok
23:01:01.0290 0x1b8c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:01:01.0290 0x1b8c  Mcx2Svc - ok
23:01:01.0305 0x1b8c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:01:01.0383 0x1b8c  megasas - ok
23:01:01.0461 0x1b8c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:01:01.0477 0x1b8c  MegaSR - ok
23:01:01.0524 0x1b8c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:01:01.0524 0x1b8c  MMCSS - ok
23:01:01.0570 0x1b8c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:01:01.0570 0x1b8c  Modem - ok
23:01:01.0617 0x1b8c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:01:01.0617 0x1b8c  monitor - ok
23:01:01.0695 0x1b8c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:01:01.0695 0x1b8c  mouclass - ok
23:01:01.0742 0x1b8c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:01:01.0758 0x1b8c  mouhid - ok
23:01:01.0820 0x1b8c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:01:01.0820 0x1b8c  mountmgr - ok
23:01:01.0992 0x1b8c  [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:01:01.0992 0x1b8c  MozillaMaintenance - ok
23:01:02.0054 0x1b8c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:01:02.0070 0x1b8c  mpio - ok
23:01:02.0163 0x1b8c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:01:02.0163 0x1b8c  mpsdrv - ok
23:01:02.0288 0x1b8c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:01:02.0335 0x1b8c  MpsSvc - ok
23:01:02.0397 0x1b8c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:01:02.0413 0x1b8c  MRxDAV - ok
23:01:02.0491 0x1b8c  [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:02.0491 0x1b8c  mrxsmb - ok
23:01:02.0538 0x1b8c  [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:02.0538 0x1b8c  mrxsmb10 - ok
23:01:02.0569 0x1b8c  [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:02.0584 0x1b8c  mrxsmb20 - ok
23:01:02.0662 0x1b8c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:01:02.0662 0x1b8c  msahci - ok
23:01:02.0725 0x1b8c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:01:02.0725 0x1b8c  msdsm - ok
23:01:02.0772 0x1b8c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:01:02.0772 0x1b8c  MSDTC - ok
23:01:02.0881 0x1b8c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:01:02.0881 0x1b8c  Msfs - ok
23:01:02.0912 0x1b8c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:01:02.0912 0x1b8c  mshidkmdf - ok
23:01:03.0006 0x1b8c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:01:03.0006 0x1b8c  msisadrv - ok
23:01:03.0099 0x1b8c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:01:03.0115 0x1b8c  MSiSCSI - ok
23:01:03.0115 0x1b8c  msiserver - ok
23:01:03.0208 0x1b8c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:01:03.0208 0x1b8c  MSKSSRV - ok
23:01:03.0442 0x1b8c  [ E07DEC52FF801841BA9B6878A60304FB, A57A999F411559EA97C830C9FE0234578E2E98EDAF72F9949891F901B83B22A4 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:01:03.0442 0x1b8c  MsMpSvc - ok
23:01:03.0458 0x1b8c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:03.0458 0x1b8c  MSPCLOCK - ok
23:01:03.0489 0x1b8c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:01:03.0505 0x1b8c  MSPQM - ok
23:01:03.0567 0x1b8c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:01:03.0567 0x1b8c  MsRPC - ok
23:01:03.0614 0x1b8c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:01:03.0614 0x1b8c  mssmbios - ok
23:01:03.0661 0x1b8c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:01:03.0661 0x1b8c  MSTEE - ok
23:01:03.0676 0x1b8c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:01:03.0676 0x1b8c  MTConfig - ok
23:01:03.0692 0x1b8c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:01:03.0708 0x1b8c  Mup - ok
23:01:03.0957 0x1b8c  [ 09EA30AD32C1B0B4581CB51D183164E4, 0EE238B87E048F4E44F04FA58C6351090C875016C158A2921598BCAED1BA05DF ] N360            C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
23:01:03.0973 0x1b8c  N360 - ok
23:01:04.0020 0x1b8c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:01:04.0035 0x1b8c  napagent - ok
23:01:04.0113 0x1b8c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:01:04.0113 0x1b8c  NativeWifiP - ok
23:01:04.0425 0x1b8c  [ 5A4EC58A5F2E63DB2092B343CF1B2834, 33F957565E38A3A2842DDB16D7C969F93A4FB888DB5AFBBF5431A712FADE4E13 ] NAVENG          C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.024\ENG64.SYS
23:01:04.0425 0x1b8c  NAVENG - ok
23:01:05.0205 0x1b8c  [ 526EA496D7F06B3746775046B33027C1, FEC0B860F49C28ED6ED721A09D19239BB1E20CE3A29697B24B2FE604AE0EB808 ] NAVEX15         C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.024\EX64.SYS
23:01:05.0268 0x1b8c  NAVEX15 - ok
23:01:05.0408 0x1b8c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:01:05.0486 0x1b8c  NDIS - ok
23:01:05.0533 0x1b8c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:05.0704 0x1b8c  NdisCap - ok
23:01:05.0736 0x1b8c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:05.0736 0x1b8c  NdisTapi - ok
23:01:05.0782 0x1b8c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:05.0782 0x1b8c  Ndisuio - ok
23:01:05.0829 0x1b8c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:05.0845 0x1b8c  NdisWan - ok
23:01:05.0876 0x1b8c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:01:05.0876 0x1b8c  NDProxy - ok
23:01:05.0907 0x1b8c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:01:05.0907 0x1b8c  NetBIOS - ok
23:01:05.0970 0x1b8c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:01:05.0985 0x1b8c  NetBT - ok
23:01:06.0032 0x1b8c  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon        C:\Windows\system32\lsass.exe
23:01:06.0032 0x1b8c  Netlogon - ok
23:01:06.0157 0x1b8c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:01:06.0172 0x1b8c  Netman - ok
23:01:06.0235 0x1b8c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:01:06.0250 0x1b8c  netprofm - ok
23:01:06.0344 0x1b8c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:01:06.0375 0x1b8c  NetTcpActivator - ok
23:01:06.0391 0x1b8c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:01:06.0391 0x1b8c  NetTcpPortSharing - ok
23:01:06.0843 0x1b8c  [ 39EDE676D17F37AF4573C2B33EC28ACA, 6C897C8B72D7AC1385302E58509688790CC5F428E967485F92C3CD646907EF59 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
23:01:07.0171 0x1b8c  NETw5s64 - ok
23:01:07.0920 0x1b8c  [ EB43840BABF5589E33186D094DE7381D, 028750D33516773258FEA120FE4108A2EEA3FC6FEC49C6B2C1926F57858173AC ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
23:01:08.0232 0x1b8c  NETwNs64 - ok
23:01:08.0263 0x1b8c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:01:08.0263 0x1b8c  nfrd960 - ok
23:01:08.0310 0x1b8c  [ 162100E0BC8377710F9D170631921C03, B4FC4F6BCCA5A61EC86F9D10F4FE284E9393CE4599CE64BC8360202F0108B499 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:01:08.0310 0x1b8c  NisDrv - ok
23:01:08.0388 0x1b8c  [ C6E15F2F95F9C0A6098D43510B604E52, 7B621846EC4DD066657536755455ADB016207A45D49FC5E5F1D50EAD2CCB6B13 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
23:01:08.0388 0x1b8c  NisSrv - ok
23:01:08.0434 0x1b8c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:01:08.0450 0x1b8c  NlaSvc - ok
23:01:08.0497 0x1b8c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:01:08.0497 0x1b8c  Npfs - ok
23:01:08.0544 0x1b8c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:01:08.0544 0x1b8c  nsi - ok
23:01:08.0715 0x1b8c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:01:08.0715 0x1b8c  nsiproxy - ok
23:01:08.0934 0x1b8c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:01:09.0012 0x1b8c  Ntfs - ok
23:01:09.0090 0x1b8c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:01:09.0090 0x1b8c  Null - ok
23:01:09.0152 0x1b8c  [ AD37248BD442D41C9A896E53EB8A85EE, 9CC50602480544DBD0B873B3444D355CC13CB97EC1BCA97F85668C45DEFE78C1 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
23:01:09.0152 0x1b8c  NVHDA - ok
23:01:09.0870 0x1b8c  [ DB2BEE926E7DFC59896A2D6800EB13F7, D24E924E7045B5BA38814B7A350C3669E44C68112083B96303556D09A8C6B232 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:01:10.0353 0x1b8c  nvlddmkm - ok
23:01:10.0416 0x1b8c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:01:10.0431 0x1b8c  nvraid - ok
23:01:10.0572 0x1b8c  [ 445CD678770FEE791665E2650594BFC2, 85BA48EB978DBF0A7C0E608DF8FB5D6A57786FC517DE35F0556516A661DA00D8 ] nvservice       C:\Windows\system32\nvservice.exe
23:01:10.0572 0x1b8c  nvservice - ok
23:01:10.0587 0x1b8c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:01:10.0603 0x1b8c  nvstor - ok
23:01:10.0650 0x1b8c  [ 24AB15D09A13D5A40567211A1AB9B479, D0CC30473CAD6254CFE6F0D6ACEB8A33BA38DBEDB6824793DB2CA30057F10BF3 ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:01:10.0665 0x1b8c  nvsvc - ok
23:01:10.0759 0x1b8c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:01:10.0774 0x1b8c  nv_agp - ok
23:01:10.0821 0x1b8c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:01:10.0821 0x1b8c  ohci1394 - ok
23:01:10.0977 0x1b8c  [ 880CD3C9ACE342F29AB2F90C751B91A4, 7882ED604EE443E182B323D9A38E35B49FD8C28EDC1196B65EDFABB22CBF6161 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
23:01:11.0164 0x1b8c  Origin Client Service - ok
23:01:11.0352 0x1b8c  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:01:11.0367 0x1b8c  ose64 - ok
23:01:11.0882 0x1b8c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:01:12.0069 0x1b8c  osppsvc - ok
23:01:12.0147 0x1b8c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:01:12.0147 0x1b8c  p2pimsvc - ok
23:01:12.0178 0x1b8c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:01:12.0194 0x1b8c  p2psvc - ok
23:01:12.0241 0x1b8c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
23:01:12.0241 0x1b8c  Parport - ok
23:01:12.0366 0x1b8c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:01:12.0366 0x1b8c  partmgr - ok
23:01:12.0475 0x1b8c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:01:12.0475 0x1b8c  PcaSvc - ok
23:01:12.0553 0x1b8c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:01:12.0584 0x1b8c  pci - ok
23:01:12.0662 0x1b8c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:01:12.0662 0x1b8c  pciide - ok
23:01:12.0709 0x1b8c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:01:12.0724 0x1b8c  pcmcia - ok
23:01:12.0740 0x1b8c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:01:12.0740 0x1b8c  pcw - ok
23:01:12.0865 0x1b8c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:01:12.0880 0x1b8c  PEAUTH - ok
23:01:13.0068 0x1b8c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:01:13.0068 0x1b8c  PerfHost - ok
23:01:13.0255 0x1b8c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:01:13.0317 0x1b8c  pla - ok
23:01:13.0380 0x1b8c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:01:13.0395 0x1b8c  PlugPlay - ok
23:01:13.0582 0x1b8c  [ 627FA58ADC043704F9D14CA44340956F, 92306D5EE64812775E2A2E65F6666A5805CC4DD8BEB3E2FC64CCA087EF471D1F ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
23:01:13.0660 0x1b8c  PMBDeviceInfoProvider - ok
23:01:13.0707 0x1b8c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:01:13.0707 0x1b8c  PNRPAutoReg - ok
23:01:13.0738 0x1b8c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:01:13.0738 0x1b8c  PNRPsvc - ok
23:01:13.0801 0x1b8c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:01:13.0816 0x1b8c  PolicyAgent - ok
23:01:13.0957 0x1b8c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:01:13.0957 0x1b8c  Power - ok
23:01:14.0004 0x1b8c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:01:14.0004 0x1b8c  PptpMiniport - ok
23:01:14.0050 0x1b8c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:01:14.0066 0x1b8c  Processor - ok
23:01:14.0128 0x1b8c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:01:14.0144 0x1b8c  ProfSvc - ok
23:01:14.0191 0x1b8c  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
23:01:14.0191 0x1b8c  ProtectedStorage - ok
23:01:14.0253 0x1b8c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:01:14.0253 0x1b8c  Psched - ok
23:01:14.0316 0x1b8c  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
23:01:14.0316 0x1b8c  PxHlpa64 - ok
23:01:14.0487 0x1b8c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:01:14.0550 0x1b8c  ql2300 - ok
23:01:14.0612 0x1b8c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:01:14.0628 0x1b8c  ql40xx - ok
23:01:14.0706 0x1b8c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:01:14.0721 0x1b8c  QWAVE - ok
23:01:14.0737 0x1b8c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:01:14.0753 0x1b8c  QWAVEdrv - ok
23:01:14.0784 0x1b8c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:01:14.0784 0x1b8c  RasAcd - ok
23:01:14.0846 0x1b8c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:01:14.0862 0x1b8c  RasAgileVpn - ok
23:01:14.0971 0x1b8c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:01:14.0987 0x1b8c  RasAuto - ok
23:01:15.0018 0x1b8c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:15.0033 0x1b8c  Rasl2tp - ok
23:01:15.0111 0x1b8c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:01:15.0127 0x1b8c  RasMan - ok
23:01:15.0174 0x1b8c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:15.0174 0x1b8c  RasPppoe - ok
23:01:15.0189 0x1b8c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:01:15.0189 0x1b8c  RasSstp - ok
23:01:15.0236 0x1b8c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:01:15.0252 0x1b8c  rdbss - ok
23:01:15.0267 0x1b8c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:01:15.0283 0x1b8c  rdpbus - ok
23:01:15.0299 0x1b8c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:15.0299 0x1b8c  RDPCDD - ok
23:01:15.0314 0x1b8c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:01:15.0314 0x1b8c  RDPENCDD - ok
23:01:15.0330 0x1b8c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:01:15.0330 0x1b8c  RDPREFMP - ok
23:01:15.0408 0x1b8c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:01:15.0423 0x1b8c  RdpVideoMiniport - ok
23:01:15.0486 0x1b8c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:01:15.0486 0x1b8c  RDPWD - ok
23:01:15.0517 0x1b8c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:01:15.0533 0x1b8c  rdyboost - ok
23:01:15.0735 0x1b8c  [ A6BAEA839CC888D4961AB5FE16BB8C4A, A3DD50446BEDAE38A3DA8AC9809F3BCE95EA418C2DEF5DB433DB614591C6B51B ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:01:15.0798 0x1b8c  RegSrvc - ok
23:01:15.0829 0x1b8c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:01:15.0829 0x1b8c  RemoteAccess - ok
23:01:15.0938 0x1b8c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:01:15.0954 0x1b8c  RemoteRegistry - ok
23:01:15.0985 0x1b8c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:01:16.0001 0x1b8c  RFCOMM - ok
23:01:16.0063 0x1b8c  [ 6DED176A14770339F1415CFDBCC9E07F, 5949005C65964181EDCB40F6224AD8CE7DDCC9762C09957F2DC1E8CE9AEB12D2 ] rimspci         C:\Windows\system32\drivers\rimssne64.sys
23:01:16.0063 0x1b8c  rimspci - ok
23:01:16.0094 0x1b8c  [ DDF5F666C2A5B3729E8BEA01FB999CC0, 7143E35A8F9BA2A892FEAB6EDBC217DB6B20770A374C01F714105E67E10A7512 ] risdsnpe        C:\Windows\system32\drivers\risdsne64.sys
23:01:16.0094 0x1b8c  risdsnpe - ok
23:01:16.0250 0x1b8c  [ BA6CE930E1453677F7565AE45181AD76, 92DEB7BF8E9ED32B7E0FE20A05F8C0ECDE7B0EC6F25ABDAA58D27460C96003AD ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
23:01:16.0266 0x1b8c  Roxio UPnP Renderer 10 - ok
23:01:16.0344 0x1b8c  [ 3A3D707A35EA30A6CF88B9E555E3D815, 4763394E67F179D7048A460CB9B91E74F33D84C8DBDD4E28401ED473C7347410 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
23:01:16.0359 0x1b8c  Roxio Upnp Server 10 - ok
23:01:16.0391 0x1b8c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:01:16.0391 0x1b8c  RpcEptMapper - ok
23:01:16.0422 0x1b8c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:01:16.0422 0x1b8c  RpcLocator - ok
23:01:16.0500 0x1b8c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:01:16.0515 0x1b8c  RpcSs - ok
23:01:16.0562 0x1b8c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:01:16.0562 0x1b8c  rspndr - ok
23:01:16.0578 0x1b8c  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs           C:\Windows\system32\lsass.exe
23:01:16.0593 0x1b8c  SamSs - ok
23:01:16.0656 0x1b8c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:01:16.0656 0x1b8c  sbp2port - ok
23:01:16.0718 0x1b8c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:01:16.0734 0x1b8c  SCardSvr - ok
23:01:16.0859 0x1b8c  [ 4A16CB882367D701DB93F14896D48C22, 26B885BB9D9953C0A35244BF4A616D911A8C7E223DBEEC977A1B6611E2E60FB1 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
23:01:16.0874 0x1b8c  SCDEmu - ok
23:01:16.0921 0x1b8c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:01:16.0921 0x1b8c  scfilter - ok
23:01:17.0030 0x1b8c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:01:17.0061 0x1b8c  Schedule - ok
23:01:17.0093 0x1b8c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:01:17.0108 0x1b8c  SCPolicySvc - ok
23:01:17.0139 0x1b8c  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
23:01:17.0139 0x1b8c  sdbus - ok
23:01:17.0249 0x1b8c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:01:17.0249 0x1b8c  SDRSVC - ok
23:01:17.0295 0x1b8c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:01:17.0295 0x1b8c  secdrv - ok
23:01:17.0342 0x1b8c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:01:17.0342 0x1b8c  seclogon - ok
23:01:17.0436 0x1b8c  [ 1ED7A8574A28357097A5CB4063C96B00, 4E248CA66B7DE930AEC501A85F507AB813FC3CEBCBA347DFF3B05CE6CB8E496B ] semav6thermal64ro C:\Windows\system32\drivers\semav6thermal64ro.sys
23:01:17.0436 0x1b8c  semav6thermal64ro - ok
23:01:17.0467 0x1b8c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:01:17.0467 0x1b8c  SENS - ok
23:01:17.0483 0x1b8c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:01:17.0483 0x1b8c  SensrSvc - ok
23:01:17.0514 0x1b8c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:01:17.0514 0x1b8c  Serenum - ok
23:01:17.0545 0x1b8c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
23:01:17.0545 0x1b8c  Serial - ok
23:01:17.0639 0x1b8c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:01:17.0639 0x1b8c  sermouse - ok
23:01:17.0732 0x1b8c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:01:17.0732 0x1b8c  SessionEnv - ok
23:01:17.0779 0x1b8c  [ 286D3889E6AB5589646FF8A63CB928AE, 98D9D34521328F4F0B0B7C2CAB97BA0EC998B9F3F996B5ED08E17292F1CD9452 ] SFEP            C:\Windows\system32\drivers\SFEP.sys
23:01:17.0779 0x1b8c  SFEP - ok
23:01:17.0826 0x1b8c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:01:17.0826 0x1b8c  sffdisk - ok
23:01:17.0857 0x1b8c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:01:17.0857 0x1b8c  sffp_mmc - ok
23:01:17.0888 0x1b8c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:01:17.0888 0x1b8c  sffp_sd - ok
23:01:17.0935 0x1b8c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:01:17.0935 0x1b8c  sfloppy - ok
23:01:18.0138 0x1b8c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:01:18.0153 0x1b8c  SharedAccess - ok
23:01:18.0278 0x1b8c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:01:18.0309 0x1b8c  ShellHWDetection - ok
23:01:18.0325 0x1b8c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:01:18.0341 0x1b8c  SiSRaid2 - ok
23:01:18.0403 0x1b8c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:01:18.0403 0x1b8c  SiSRaid4 - ok
23:01:18.0809 0x1b8c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:01:18.0824 0x1b8c  SkypeUpdate - ok
23:01:18.0855 0x1b8c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:01:18.0855 0x1b8c  Smb - ok
23:01:18.0902 0x1b8c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:01:18.0902 0x1b8c  SNMPTRAP - ok
23:01:19.0089 0x1b8c  [ C3E69DB0A4E59564230E053232F39AC7, D7E4AC42C0731F69869E96F3AE9021ABD968E17C92283A54F265E73E6BD60ED5 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
23:01:19.0089 0x1b8c  SOHCImp - ok
23:01:19.0214 0x1b8c  [ C1CD71C672EA281A424FBCF24AC99553, 3C25D36EA36C5ACF7AD4BE47935DD055DCA010ACE4B1A7089493E5F282CDFA7B ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
23:01:19.0245 0x1b8c  SOHDms - ok
23:01:19.0261 0x1b8c  [ F47D75CEE1844EEF4A9EA6EE768828FB, 242550EB5879476DD2CFC0E38FAF3C6D0263FEA7504BD73ED3B004E274D7CDF6 ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
23:01:19.0261 0x1b8c  SOHDs - ok
23:01:19.0355 0x1b8c  [ E2E40C0D24456B6EB440BE01AF829829, 862A15D877DA95F341F77428D88DDEA7EC272C75546466DABDF59370ADD1A689 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
23:01:19.0370 0x1b8c  SpfService - ok
23:01:19.0401 0x1b8c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:01:19.0401 0x1b8c  spldr - ok
23:01:19.0448 0x1b8c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:01:19.0464 0x1b8c  Spooler - ok
23:01:19.0698 0x1b8c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:01:19.0854 0x1b8c  sppsvc - ok
23:01:19.0947 0x1b8c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:01:19.0947 0x1b8c  sppuinotify - ok
23:01:20.0213 0x1b8c  [ 3361466E3C5353CAB7E978C236FADF3B, DEF6FD4EB35C4CA9E67843A324FF1A8D6A064CBC76FD3392E70BBAF85D9421BA ] SRTSP           C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS
23:01:20.0244 0x1b8c  SRTSP - ok
23:01:20.0384 0x1b8c  [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX          C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS
23:01:20.0400 0x1b8c  SRTSPX - ok
23:01:20.0462 0x1b8c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:01:20.0478 0x1b8c  srv - ok
23:01:20.0556 0x1b8c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:01:20.0571 0x1b8c  srv2 - ok
23:01:20.0649 0x1b8c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:01:20.0649 0x1b8c  srvnet - ok
23:01:20.0743 0x1b8c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:01:20.0743 0x1b8c  SSDPSRV - ok
23:01:20.0837 0x1b8c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:01:20.0837 0x1b8c  SstpSvc - ok
23:01:20.0883 0x1b8c  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
23:01:20.0883 0x1b8c  ssudmdm - ok
23:01:20.0915 0x1b8c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:01:20.0915 0x1b8c  stexstor - ok
23:01:20.0977 0x1b8c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:01:20.0993 0x1b8c  stisvc - ok
23:01:21.0024 0x1b8c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:01:21.0024 0x1b8c  swenum - ok
23:01:21.0117 0x1b8c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:01:21.0149 0x1b8c  swprv - ok
23:01:21.0539 0x1b8c  [ C9EC22D5B3C6B32A7C8B4A73870A7379, BA530C64FDE63D9A4023BB9E667497D5248B2910BC1A214B592318CC64034735 ] SymEFASI        C:\Windows\system32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS
23:01:21.0773 0x1b8c  SymEFASI - ok
23:01:21.0866 0x1b8c  [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:01:21.0882 0x1b8c  SymEvent - ok
23:01:22.0022 0x1b8c  [ 0891E59A27208B9B727BAB863B853E80, 7BBDD53CB7AB003DF803D6D596A2B5216425DCC7FA8D3F311AE5BD4EC19FBB0A ] SymIRON         C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS
23:01:22.0038 0x1b8c  SymIRON - ok
23:01:22.0225 0x1b8c  [ 5EA70535B2A6504278E14943867B1B39, 53F191DE2F1F692983BD9068DCF0A851111B7A08FCEDFE871FA0594B0C46FCB7 ] SymNetS         C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS
23:01:22.0241 0x1b8c  SymNetS - ok
23:01:22.0287 0x1b8c  [ 20F8F4C2ED3F492DA318D98E72F77209, 89CCA334D137756CF6334EB3A4996AEBD3391EDABD84B63E415B0867C5C1EF5A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:01:22.0303 0x1b8c  SynTP - ok
23:01:22.0397 0x1b8c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:01:22.0475 0x1b8c  SysMain - ok
23:01:22.0553 0x1b8c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:01:22.0568 0x1b8c  TabletInputService - ok
23:01:22.0584 0x1b8c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:01:22.0599 0x1b8c  TapiSrv - ok
23:01:22.0693 0x1b8c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:01:22.0709 0x1b8c  TBS - ok
23:01:22.0927 0x1b8c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:01:23.0005 0x1b8c  Tcpip - ok
23:01:23.0161 0x1b8c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:01:23.0208 0x1b8c  TCPIP6 - ok
23:01:23.0286 0x1b8c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:01:23.0286 0x1b8c  tcpipreg - ok
23:01:23.0348 0x1b8c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:01:23.0348 0x1b8c  TDPIPE - ok
23:01:23.0395 0x1b8c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:01:23.0395 0x1b8c  TDTCP - ok
23:01:23.0442 0x1b8c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:01:23.0457 0x1b8c  tdx - ok
23:01:23.0520 0x1b8c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:01:23.0520 0x1b8c  TermDD - ok
23:01:23.0567 0x1b8c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:01:23.0598 0x1b8c  TermService - ok
23:01:23.0613 0x1b8c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:01:23.0629 0x1b8c  Themes - ok
23:01:23.0645 0x1b8c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:01:23.0660 0x1b8c  THREADORDER - ok
23:01:23.0676 0x1b8c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:01:23.0676 0x1b8c  TrkWks - ok
23:01:23.0754 0x1b8c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:01:23.0754 0x1b8c  TrustedInstaller - ok
23:01:23.0785 0x1b8c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:23.0801 0x1b8c  tssecsrv - ok
23:01:23.0847 0x1b8c  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:01:23.0847 0x1b8c  TsUsbFlt - ok
23:01:23.0879 0x1b8c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:01:23.0894 0x1b8c  tunnel - ok
23:01:23.0941 0x1b8c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:01:23.0941 0x1b8c  uagp35 - ok
23:01:24.0003 0x1b8c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:01:24.0019 0x1b8c  udfs - ok
23:01:24.0081 0x1b8c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:01:24.0081 0x1b8c  UI0Detect - ok
23:01:24.0128 0x1b8c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:01:24.0128 0x1b8c  uliagpkx - ok
23:01:24.0191 0x1b8c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
23:01:24.0191 0x1b8c  umbus - ok
23:01:24.0253 0x1b8c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:01:24.0253 0x1b8c  UmPass - ok
23:01:24.0456 0x1b8c  [ AD88AF249ABDC546151F9BFC4093FA9B, DA8D17CFDBC671F3699E9A4CCFC0F4A5557DA0A9887984E96115E774555AA5D4 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:01:24.0581 0x1b8c  UNS - ok
23:01:24.0659 0x1b8c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:01:24.0674 0x1b8c  upnphost - ok
23:01:24.0705 0x1b8c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:01:24.0705 0x1b8c  USBAAPL64 - ok
23:01:24.0768 0x1b8c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:01:24.0768 0x1b8c  usbaudio - ok
23:01:24.0799 0x1b8c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:24.0799 0x1b8c  usbccgp - ok
23:01:24.0815 0x1b8c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:01:24.0830 0x1b8c  usbcir - ok
23:01:24.0846 0x1b8c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:01:24.0861 0x1b8c  usbehci - ok
23:01:24.0893 0x1b8c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:01:24.0893 0x1b8c  usbhub - ok
23:01:24.0924 0x1b8c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:01:24.0924 0x1b8c  usbohci - ok
23:01:24.0955 0x1b8c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:01:24.0955 0x1b8c  usbprint - ok
23:01:25.0002 0x1b8c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:25.0002 0x1b8c  USBSTOR - ok
23:01:25.0033 0x1b8c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:01:25.0033 0x1b8c  usbuhci - ok
23:01:25.0064 0x1b8c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:01:25.0080 0x1b8c  usbvideo - ok
23:01:25.0111 0x1b8c  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:01:25.0111 0x1b8c  usb_rndisx - ok
23:01:25.0267 0x1b8c  [ 34349E7B488FA61B639117F6BF1EBF99, A7A7E60511F7D6370473D41867F5323695308CC27D3EEB0286687D3A9E0084E9 ] USER_ESRV_SVC   C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
23:01:25.0267 0x1b8c  USER_ESRV_SVC - ok
23:01:25.0298 0x1b8c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:01:25.0298 0x1b8c  UxSms - ok
23:01:25.0361 0x1b8c  [ 4E7135D6D0127067E4CFEE12259F895D, 2542257E3912591AC4902FF08E43C46CC91BA97D67EED9375CC5DB5DEE71797F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
23:01:25.0376 0x1b8c  VAIO Entertainment TV Device Arbitration Service - ok
23:01:25.0423 0x1b8c  [ 218F78B39832A2A0761CE2422828A57C, 008056848A7C2F5205A5B4B3719A68C75348058F1022A4259E3FC155D9FFD49A ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
23:01:25.0439 0x1b8c  VAIO Event Service - ok
23:01:25.0532 0x1b8c  [ 1CF1A4DD7A58C966C9014B83C7229CF3, 950799BF8DA7B6125FB6D373F1EB64C9E0E2B80C7C849F1776C4B4B9820988C0 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
23:01:25.0548 0x1b8c  VAIO Power Management - ok
23:01:25.0610 0x1b8c  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc        C:\Windows\system32\lsass.exe
23:01:25.0610 0x1b8c  VaultSvc - ok
23:01:25.0704 0x1b8c  [ 917FB366B6CF2834CDBF9256D18A8FF0, 87CAF895B73FE2E3A7CCA0302DAC5056233228079A7A8EE20CFE246BBB14B89D ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
23:01:25.0719 0x1b8c  VCFw - ok
23:01:25.0797 0x1b8c  [ 10E212BFB7EAB152A64C1AAEC2F7F4E0, 2ECAF721B94C2C89FF32547547368DDC747D2F3CE335F0DC95B4E296F263BD82 ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
23:01:25.0813 0x1b8c  VcmIAlzMgr - ok
23:01:25.0922 0x1b8c  [ 7A88CFD3FE99F2C9B95A6E2A08B96E14, E9CDC538293603A2AE206867E939BEEE6DD8ED5687B83BA7173D25D2A0192B74 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
23:01:25.0938 0x1b8c  VcmINSMgr - ok
23:01:26.0031 0x1b8c  [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69, 43415C27E10F39A4AA32102EE700D08EC0700AD854FBF31FDF8B93F4C3CE1D72 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
23:01:26.0031 0x1b8c  VcmXmlIfHelper - ok
23:01:26.0156 0x1b8c  [ 2B76946699F79704F243ACBF08BD3856, A90147C280427AFA61C9C9D93D1761B8BA83BF8A15D71B48047B95756BF3E74D ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
23:01:26.0203 0x1b8c  VCService - ok
23:01:26.0250 0x1b8c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:01:26.0250 0x1b8c  vdrvroot - ok
23:01:26.0359 0x1b8c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:01:26.0375 0x1b8c  vds - ok
23:01:26.0406 0x1b8c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:26.0406 0x1b8c  vga - ok
23:01:26.0437 0x1b8c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:01:26.0437 0x1b8c  VgaSave - ok
23:01:26.0484 0x1b8c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:01:26.0484 0x1b8c  vhdmp - ok
23:01:26.0499 0x1b8c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:01:26.0499 0x1b8c  viaide - ok
23:01:26.0562 0x1b8c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:01:26.0562 0x1b8c  volmgr - ok
23:01:26.0609 0x1b8c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:01:26.0624 0x1b8c  volmgrx - ok
23:01:26.0702 0x1b8c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:01:26.0733 0x1b8c  volsnap - ok
23:01:26.0765 0x1b8c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:01:26.0780 0x1b8c  vsmraid - ok
23:01:26.0858 0x1b8c  [ 047F22BDFDAE6DF6F1E47E747A1237A2, D6B6996B0E3BB95A71FB425BD47294A175D29F258BAA7CDD167ABB477B56D5DB ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
23:01:26.0905 0x1b8c  VSNService - ok
23:01:27.0045 0x1b8c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:01:27.0123 0x1b8c  VSS - ok
23:01:27.0357 0x1b8c  [ C1FAE2E81955DCCD79034A23EC4F3F37, 61B6477C6068B5542D3EE9C6336FBD7589F1CFFD3E850473A539619033533286 ] VUAgent         C:\Program Files\Sony\VAIO Update\vuagent.exe
23:01:27.0404 0x1b8c  VUAgent - ok
23:01:27.0435 0x1b8c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:01:27.0435 0x1b8c  vwifibus - ok
23:01:27.0451 0x1b8c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:01:27.0451 0x1b8c  vwififlt - ok
23:01:27.0498 0x1b8c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:01:27.0498 0x1b8c  vwifimp - ok
23:01:27.0529 0x1b8c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:01:27.0545 0x1b8c  W32Time - ok
23:01:27.0623 0x1b8c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:01:27.0623 0x1b8c  WacomPen - ok
23:01:27.0654 0x1b8c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:01:27.0669 0x1b8c  WANARP - ok
23:01:27.0669 0x1b8c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:01:27.0669 0x1b8c  Wanarpv6 - ok
23:01:27.0810 0x1b8c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:01:27.0857 0x1b8c  WatAdminSvc - ok
23:01:27.0997 0x1b8c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:01:28.0059 0x1b8c  wbengine - ok
23:01:28.0106 0x1b8c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:01:28.0106 0x1b8c  WbioSrvc - ok
23:01:28.0153 0x1b8c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:01:28.0184 0x1b8c  wcncsvc - ok
23:01:28.0215 0x1b8c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:01:28.0215 0x1b8c  WcsPlugInService - ok
23:01:28.0247 0x1b8c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:01:28.0247 0x1b8c  Wd - ok
23:01:28.0293 0x1b8c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:01:28.0325 0x1b8c  Wdf01000 - ok
23:01:28.0387 0x1b8c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:01:28.0403 0x1b8c  WdiServiceHost - ok
23:01:28.0418 0x1b8c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:01:28.0418 0x1b8c  WdiSystemHost - ok
23:01:28.0512 0x1b8c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:01:28.0512 0x1b8c  WebClient - ok
23:01:28.0559 0x1b8c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:01:28.0559 0x1b8c  Wecsvc - ok
23:01:28.0652 0x1b8c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:01:28.0668 0x1b8c  wercplsupport - ok
23:01:28.0699 0x1b8c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:01:28.0699 0x1b8c  WerSvc - ok
23:01:28.0730 0x1b8c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:01:28.0730 0x1b8c  WfpLwf - ok
23:01:28.0746 0x1b8c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:01:28.0746 0x1b8c  WIMMount - ok
23:01:28.0777 0x1b8c  WinHttpAutoProxySvc - ok
23:01:28.0839 0x1b8c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:01:28.0839 0x1b8c  Winmgmt - ok
23:01:28.0980 0x1b8c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:01:29.0058 0x1b8c  WinRM - ok
23:01:29.0105 0x1b8c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
23:01:29.0120 0x1b8c  WinUsb - ok
23:01:29.0214 0x1b8c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:01:29.0245 0x1b8c  Wlansvc - ok
23:01:29.0292 0x1b8c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:01:29.0292 0x1b8c  WmiAcpi - ok
23:01:29.0339 0x1b8c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:01:29.0339 0x1b8c  wmiApSrv - ok
23:01:29.0370 0x1b8c  WMPNetworkSvc - ok
23:01:29.0401 0x1b8c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:01:29.0417 0x1b8c  WPCSvc - ok
23:01:29.0479 0x1b8c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:01:29.0479 0x1b8c  WPDBusEnum - ok
23:01:29.0526 0x1b8c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:01:29.0526 0x1b8c  ws2ifsl - ok
23:01:29.0635 0x1b8c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:01:29.0651 0x1b8c  wscsvc - ok
23:01:29.0651 0x1b8c  WSearch - ok
23:01:29.0947 0x1b8c  [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:01:30.0072 0x1b8c  wuauserv - ok
23:01:30.0103 0x1b8c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:01:30.0103 0x1b8c  WudfPf - ok
23:01:30.0119 0x1b8c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
23:01:30.0134 0x1b8c  WUDFRd - ok
23:01:30.0228 0x1b8c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:01:30.0243 0x1b8c  wudfsvc - ok
23:01:30.0290 0x1b8c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:01:30.0290 0x1b8c  WwanSvc - ok
23:01:30.0337 0x1b8c  ================ Scan global ===============================
23:01:30.0399 0x1b8c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:01:30.0477 0x1b8c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
23:01:30.0509 0x1b8c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
23:01:30.0571 0x1b8c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:01:30.0633 0x1b8c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:01:30.0649 0x1b8c  [ Global ] - ok
23:01:30.0649 0x1b8c  ================ Scan MBR ==================================
23:01:30.0696 0x1b8c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:01:31.0101 0x1b8c  \Device\Harddisk0\DR0 - ok
23:01:31.0101 0x1b8c  ================ Scan VBR ==================================
23:01:31.0117 0x1b8c  [ E531F5C25CD81E6ADC35779C8C58BA06 ] \Device\Harddisk0\DR0\Partition1
23:01:31.0117 0x1b8c  \Device\Harddisk0\DR0\Partition1 - ok
23:01:31.0133 0x1b8c  [ 11C2D8EC78AA7CA036D34FBDC1E88C2C ] \Device\Harddisk0\DR0\Partition2
23:01:31.0133 0x1b8c  \Device\Harddisk0\DR0\Partition2 - ok
23:01:31.0133 0x1b8c  ================ Scan generic autorun ======================
23:01:31.0148 0x1b8c  NvCplDaemon - ok
23:01:31.0679 0x1b8c  [ 1DDB28DBB837A37F6E467F41E04C3C6F, F7550205E7FA5DAFA685847C74F985FADE2235A8C9432CFB653D246A1BF60519 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:01:32.0022 0x1b8c  RtHDVCpl - ok
23:01:32.0037 0x1b8c  SynTPEnh - ok
23:01:32.0178 0x1b8c  [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
23:01:32.0193 0x1b8c  AdobeAAMUpdater-1.0 - ok
23:01:32.0225 0x1b8c  [ 107FBD25F821A3EAFDEB26CFBFAF2D10, 1D91FB21B693F06999AD1DB05628771D5ACDFC7D6F2092F9E69F80B30966628A ] C:\Windows\system32\igfxtray.exe
23:01:32.0225 0x1b8c  IgfxTray - ok
23:01:32.0271 0x1b8c  [ D04A0C154CBB5668E5CDE22673F0175A, 1B7697A3749810E924F8B1750986D9870136D279EFB4A06D82F77F89DC61EEE4 ] C:\Windows\system32\hkcmd.exe
23:01:32.0287 0x1b8c  HotKeysCmds - ok
23:01:32.0318 0x1b8c  [ 01CE5648AE5DECDC07966AE30FA434F3, 57430DF9C747AF50B141929967A9A420579E85C76F2AA4D91442202088ECF9EF ] C:\Windows\system32\igfxpers.exe
23:01:32.0318 0x1b8c  Persistence - ok
23:01:32.0396 0x1b8c  [ 02A27FC0972181EF743160BE9F62F2B4, 0E5B5684E892B1CE83C8A50A23F8478E8D01E2DD283337B5B263FDA4C2654E9F ] C:\Program Files\iTunes\iTunesHelper.exe
23:01:32.0396 0x1b8c  iTunesHelper - ok
23:01:32.0474 0x1b8c  [ EF4BF6AB09A06867104DAC48DF35E779, 8B459DB06DF1CAC2B35B041D3DD5C0C15B6A942CC38CE31FD2D0883EC2C0AA22 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
23:01:32.0474 0x1b8c  IAStorIcon - ok
23:01:32.0552 0x1b8c  [ 90D7972A9F2463E5AFBF6637A3EF61D0, B231471D563540DC8BFD0AF6D4E73E32969556511B9AC3ACDC733FA5AA0A9ED0 ] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
23:01:32.0568 0x1b8c  ISBMgr.exe - ok
23:01:32.0677 0x1b8c  [ 88C7319B0D171537A59520FE4DD8C357, EDE64778648E8DA5AA59B69F28C24F2B529D41859C38EE2FB6F5C4C857894E89 ] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
23:01:32.0724 0x1b8c  PMBVolumeWatcher - ok
23:01:32.0739 0x1b8c  [ 96A8933D2F6D731E6BA2AC4914513A2B, 5343B53525D17EFD7E7DD4F256F41D8A33B2543B73761C3EC9435463B5B955C3 ] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
23:01:32.0739 0x1b8c  SHTtray.exe - ok
23:01:32.0802 0x1b8c  [ 0080EB1CDD83F14C01534B1DC754234D, D0FC9B95A12D0C92730F8031B3DB287D1309008CF15EA0C02FC14B56FAE8C320 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:01:32.0802 0x1b8c  APSDaemon - ok
23:01:32.0911 0x1b8c  [ D42C1672E1D207D9BCA9A75615584774, B901DB1016BDC61960C176EF2B2A077A8832192C643D87DE9FCE8BE4BCD2322E ] C:\Program Files\PowerISO\PWRISOVM.EXE
23:01:32.0958 0x1b8c  PWRISOVM.EXE - ok
23:01:33.0083 0x1b8c  [ C2CE42005E3381A95460876020518440, 562EB30DA9A1DB58DB221423177C0680E69A4C38EEE2D5FD936633B2EB8A616E ] C:\Program Files (x86)\QuickTime\QTTask.exe
23:01:33.0098 0x1b8c  QuickTime Task - ok
23:01:33.0223 0x1b8c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:01:33.0285 0x1b8c  Sidebar - ok
23:01:33.0317 0x1b8c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:01:33.0317 0x1b8c  mctadmin - ok
23:01:33.0379 0x1b8c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:01:33.0395 0x1b8c  Sidebar - ok
23:01:33.0426 0x1b8c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:01:33.0426 0x1b8c  mctadmin - ok
23:01:33.0785 0x1b8c  [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files\CCleaner\CCleaner64.exe
23:01:34.0097 0x1b8c  CCleaner Monitoring - ok
23:01:34.0112 0x1b8c  Waiting for KSN requests completion. In queue: 117
23:01:35.0126 0x1b8c  Waiting for KSN requests completion. In queue: 117
23:01:36.0140 0x1b8c  Waiting for KSN requests completion. In queue: 117
23:01:37.0154 0x1b8c  Waiting for KSN requests completion. In queue: 117
23:01:38.0184 0x1b8c  AV detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe ( 22.5.0.0 ), 0x51000 ( enabled : updated )
23:01:38.0231 0x1b8c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.2.223.0 ), 0x61010 ( enabled : outofdate )
23:01:38.0231 0x1b8c  FW detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe ( 22.5.0.0 ), 0x51010 ( enabled )
23:01:51.0896 0x1b8c  ============================================================
23:01:51.0896 0x1b8c  Scan finished
23:01:51.0896 0x1b8c  ============================================================
23:01:51.0896 0x1b84  Detected object count: 0
23:01:51.0896 0x1b84  Actual detected object count: 0
 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Val (2015-08-11 22:53:49) Run:1
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Toolbar: HKLM - No Name - {BA3E8250-8530-434F-B82F-B15AE5168E0A} -  No File
Winsock: Catalog5 01 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Extension: AllSaveer - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\[email protected] [2015-07-24]
2015-08-11 00:33 - 2015-08-11 16:20 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-24 03:21 - 2015-07-24 03:21 - 00000000 ____D C:\Program Files (x86)\AllSaveer
2015-07-24 03:01 - 2015-07-24 10:49 - 00000000 ____D C:\Program Files (x86)\UpgraderLite
2015-07-13 02:56 - 2015-07-24 03:22 - 00000000 ____D C:\ProgramData\3746226442181077489
2015-07-13 02:56 - 2015-07-17 22:27 - 00000000 ____D C:\Program Files (x86)\CutTheeePPricie
2015-07-13 02:54 - 2015-08-11 14:54 - 00000418 _____ C:\Windows\Tasks\YogaLite.job
2015-07-13 02:54 - 2015-07-13 02:54 - 00003326 _____ C:\Windows\System32\Tasks\YogaLite
2015-07-13 02:54 - 2015-07-13 02:54 - 00000000 ____D C:\ProgramData\{538c2888-fe67-11e2-538c-c2888fe6a223}
C:\$Recycle.Bin\S-1-5-21-986212026-379418426-1859886101-1000\$b59c2d2b86ada98909b69bf192f30e8c
C:\$Recycle.Bin\S-1-5-18\$b59c2d2b86ada98909b69bf192f30e8c
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
Task: {018567D4-21EE-42D0-BA7B-1628FB10060B} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {393BBB8D-441C-4C4F-8AF1-6C82E3AA690E} - \RocketTab -> No File <==== ATTENTION
Task: {48F56E4C-F2E2-4FD1-884C-89375100CBAF} - System32\Tasks\YogaLite => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
Task: {4E22B097-D3DA-4787-B4F0-58B23EE2D230} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {60A91ADB-F825-4877-AA9F-8247B79F339D} - System32\Tasks\Malware Cleaner => C:\Users\Val\AppData\Roaming\3C86.tmp.exe <==== ATTENTION
Task: {8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB} - System32\Tasks\Security Installer => C:\Users\Val\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {B3B302CA-6F56-41DE-93AF-795CA9E90D62} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {D0DC214B-07FF-48A0-B3A7-CB94AF555CF3} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-11] ()
Task: C:\Windows\Tasks\YogaLite.job => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\6cyPRKj9G:dgV72Q0w8TYtF2X6pc7J
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz
File: C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95}
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
"HKU\S-1-5-21-986212026-379418426-1859886101-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-986212026-379418426-1859886101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-986212026-379418426-1859886101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA3E8250-8530-434F-B82F-B15AE5168E0A} => value removed successfully
HKCR\CLSID\{BA3E8250-8530-434F-B82F-B15AE5168E0A} => key not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully(: %SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully(: %SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully(: %SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000006\\LibraryPath => restored successfully(: %SystemRoot%\System32\mswsock.dll)
C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\[email protected] not found.
C:\Windows\System32\Tasks\AutoKMS => moved successfully.
C:\Program Files (x86)\AllSaveer => moved successfully.
C:\Program Files (x86)\UpgraderLite => moved successfully.
C:\ProgramData\3746226442181077489 => moved successfully.
C:\Program Files (x86)\CutTheeePPricie => moved successfully.
C:\Windows\Tasks\YogaLite.job => moved successfully.
C:\Windows\System32\Tasks\YogaLite => moved successfully.
C:\ProgramData\{538c2888-fe67-11e2-538c-c2888fe6a223} => moved successfully.
C:\$Recycle.Bin\S-1-5-21-986212026-379418426-1859886101-1000\$b59c2d2b86ada98909b69bf192f30e8c => moved successfully.
C:\$Recycle.Bin\S-1-5-18\$b59c2d2b86ada98909b69bf192f30e8c => moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started:
"C:\Program Files\Windows Defender\en-US" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpAsDesc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpClient.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCmdRun.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCommu.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpEvMsg.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpOAV.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRTP.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSvc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MSASCui.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpCom.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpLics.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpRes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started:
"C:\Program Files\Microsoft Security Client\Backup" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Drivers" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\en-us" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpClient.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseces.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisLog.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Setup.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\shellext.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" =>Deleting reparse point and unlocking completed.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{018567D4-21EE-42D0-BA7B-1628FB10060B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{018567D4-21EE-42D0-BA7B-1628FB10060B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{393BBB8D-441C-4C4F-8AF1-6C82E3AA690E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{393BBB8D-441C-4C4F-8AF1-6C82E3AA690E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48F56E4C-F2E2-4FD1-884C-89375100CBAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48F56E4C-F2E2-4FD1-884C-89375100CBAF}" => key removed successfully
C:\Windows\System32\Tasks\YogaLite not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YogaLite" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E22B097-D3DA-4787-B4F0-58B23EE2D230}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E22B097-D3DA-4787-B4F0-58B23EE2D230}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A91ADB-F825-4877-AA9F-8247B79F339D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A91ADB-F825-4877-AA9F-8247B79F339D}" => key removed successfully
C:\Windows\System32\Tasks\Malware Cleaner => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB}" => key removed successfully
C:\Windows\System32\Tasks\Security Installer => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Installer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3B302CA-6F56-41DE-93AF-795CA9E90D62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3B302CA-6F56-41DE-93AF-795CA9E90D62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0DC214B-07FF-48A0-B3A7-CB94AF555CF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0DC214B-07FF-48A0-B3A7-CB94AF555CF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\Windows\Tasks\YogaLite.job not found.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
"C:\Users\Val\Cookies" => ":AWOvEjCeixwoghHetITiPPRP" ADS not found.
C:\Users\Val\AppData\Local\6cyPRKj9G => ":dgV72Q0w8TYtF2X6pc7J" ADS removed successfully.
"C:\Users\Val\AppData\Local\Temporary Internet Files" => ":MP8Uflmc0xnGiVYhhUU06AxEM0kz" ADS not found.

========================= File: C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95} ========================

MD5: D102F3B93E653003DAC39337027EF68C
Creation and modification date: 2015-07-24 10:39 - 2015-07-24 10:39
Size: 0003102
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========


An unrecoverable Windows Firewall error (0x3) occurred.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


=========  netsh advfirewall reset =========


An unrecoverable Windows Firewall error (0x3) occurred.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4101:e9ea:a66:9e40%11
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:7a96:514:246e:2157:3f57:fffb
   Link-local IPv6 Address . . . . . : fe80::246e:2157:3f57:fffb%18
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{D6ED0AF8-2C6D-414F-967B-4E9576A68FDD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{42B4665E-1DB9-497C-90A7-B22F90104425}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{232D4272-5B34-4E28-B36E-734BDD0AFFFC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4101:e9ea:a66:9e40%11
   IPv4 Address. . . . . . . . . . . : 192.168.0.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:7a96:514:246e:2157:3f57:fffb
   Link-local IPv6 Address . . . . . : fe80::246e:2157:3f57:fffb%18
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{D6ED0AF8-2C6D-414F-967B-4E9576A68FDD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{42B4665E-1DB9-497C-90A7-B22F90104425}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{232D4272-5B34-4E28-B36E-734BDD0AFFFC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

EmptyTemp: => 488.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 22:55:19 ====


  • 0

#5
Nevan
Posted 11 August 2015 - 11:10 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, orwellian1984.

I see that you ran FRST before TDSSKiller. Please follow the instructions provided in the same order as they are placed. Otherwise you may cause some unwanted complications.

Please tell me if you still are receiving those alerts from Norton.

Also perform the instructions below.

Step #1
INQmTSa.png Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
LHBIenm.pngAdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
cnUOkXS.png Farbar Service Scanner
  • Download FSS.exe to your desktop.
  • Right click FSS.exe on your desktop and click Run as administrator.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) on the Desktop.
  • Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
Things that should appear in your next post:
  • FSS.txt log content
  • JRT.txt log content
  • AdwCleaner[S0].txt log content
  • Please tell me if you still are receiving those alerts from Norton.

  • 0

#6
orwellian1984
Posted 11 August 2015 - 12:56 PM

orwellian1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

FSS.txt log content

 

Farbar Service Scanner Version: 26-07-2015
Ran by Val (administrator) on 12-08-2015 at 04:41:38
Running from "C:\Users\Val\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

JRT.txt log content

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Val on Wed 12/08/2015 at  3:59:30.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update outobox



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\sho1B69.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho893C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoC5AA.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoD7B6.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoDD4A.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoE3AC.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\delta
Successfully deleted: [Folder] C:\Program Files (x86)\ilivid
Successfully deleted: [Folder] C:\Program Files (x86)\mobogenie
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Program Files (x86)\predm
Successfully deleted: [Folder] C:\Program Files\002
Successfully deleted: [Folder] C:\Program Files\003
Successfully deleted: [Folder] C:\ProgramData\premium
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\chromatic browser
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\com
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\genienext
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\globalupdate
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\ilivid player
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\mobogenie
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\packageaware
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\torch
Successfully deleted: [Folder] C:\Users\Val\Appdata\LocalLow\conduit
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\performersoft
Successfully deleted: [Folder] C:\ProgramData\33fd4519ce60e9f1
Successfully deleted: [Folder] C:\ProgramData\a7dd8f7400002476
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\StormFall944



~~~ FireFox

Failed to delete: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\mystartsearch.xml
Failed to delete: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\omiga-plus.xml
Successfully deleted: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\mystartsearch.xml
Successfully deleted: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\omiga-plus.xml
Successfully deleted: [File] C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\searchplugins\safesearch.xml
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\searchqutoolbar
Successfully deleted the following from C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\prefs.js

user_pref(extensions.PHSPdf5jKtbd5Gyr.scode, (function(){try{if(window.location.href.indexOf(\rjkFqdk8pdrHrTU9pdY6rHk4rdw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.m5zFXcHb1x3IsiOS.scode, (function(){try{if(window.location.href.indexOf(\rjkFqdk8pdrHrTU9pdY6rHk4rdw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.pzEja0tVOvtcfS8B.scode, (function(){try{if(window.location.href.indexOf(\rjkFqdk8pdrHrTU9pdY6rHk4rdw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka

[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/08/2015 at  4:06:03.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ADWCLEANER[S0].txt log content

 

# AdwCleaner v4.208 - Logfile created 12/08/2015 at 04:13:47
# Updated 09/07/2015 by Xplode
# Database : 2015-08-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Val - JOEL
# Running from : C:\Users\Val\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Val\AppData\Local\PCP_100_v3
Folder Deleted : C:\Users\Val\AppData\Roaming\InetStat
Folder Deleted : C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delta
Folder Deleted : C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
File Deleted : C:\END
File Deleted : C:\Users\Val\daemonprocess.txt
File Deleted : C:\Users\Val\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****

Task Deleted : StormFall TW1
Task Deleted : StormFall TW2
Task Deleted : StormFall W1
Task Deleted : StormFall W2

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
Key Deleted : HKLM\SOFTWARE\821f5097-728f-c1dd-0530-46a5731500fb
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{774350ce}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A917E10-567D-4720-A3EF-FF6C79904954}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SecureWebChannel
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)

[lay4lng0.default\prefs.js] - Line Deleted : user_pref("extensions.PHSPdf5jKtbd5Gyr.scode", "(function(){try{if(window.location.href.indexOf(\"rjkFqdk8pdrHrTU9pdY6rHk4rdw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[lay4lng0.default\prefs.js] - Line Deleted : user_pref("extensions.m5zFXcHb1x3IsiOS.scode", "(function(){try{if(window.location.href.indexOf(\"rjkFqdk8pdrHrTU9pdY6rHk4rdw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[lay4lng0.default\prefs.js] - Line Deleted : user_pref("extensions.pzEja0tVOvtcfS8B.scode", "(function(){try{if(window.location.href.indexOf(\"rjkFqdk8pdrHrTU9pdY6rHk4rdw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]

-\\ Google Chrome v35.0.1916.153


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [8840 bytes] - [12/08/2015 04:09:04]
AdwCleaner[S0].txt - [8578 bytes] - [12/08/2015 04:13:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8637  bytes] ##########
 

No longer receiving any threat prompts from Norton Eraser.  However my OS is laggy and computer programs are a bit unresponsive since running these system tests etc.

 

Could you in lamens terms explain to me what was wrong with/or is still wrong with the system when you conclude your analysis please? 

Should I reinstall the operating system as suggested in one of the previous posts if a rootkit has been or is being used on my computer?

What should I do in future to avoid similar issues?

Any software you can recommend for protection?

 

I will await your reply

 

Thanks in advance for your time and effort.

 

Appreciate it

 

:)


  • 0

#7
Nevan
Posted 12 August 2015 - 02:06 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, orwellian1984.
 

Could you in lamens terms explain to me what was wrong with/or is still wrong with the system when you conclude your analysis please?

Well, besides a little bit of adware your system was infected by ZeroAccess rootkit. You can have a read on that here. You'll find both simple and more advanced information about that threat there :)
 

Should I reinstall the operating system as suggested in one of the previous posts if a rootkit has been or is being used on my computer?

It's all up to you. After reading what I told you earlier and the article above you should be able to judge by yourself if the situation was dangerous enough to reinstall the operating system. We can remove everything visible but this still doesn't make us 100% sure that the infection is gone.
 

What should I do in future to avoid similar issues?

Honestly it all boils down to being careful when using the Internet. Staying away from P2P programs (uTorrent, etc.), unchecking unnecessary tickboxes when installing programs, avoiding untrusted websites, etc.. Even the best Antivirus program cannot protect you from some infections.
 

Any software you can recommend for protection?

When we're done with cleaning I'll mention a few tips to remain safe in the future :)

For now, let's continue with the cleaning if you decide not to reinstall your operating system.

Step #1
JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
jyv2Te8.png ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click RYa1k8g.png
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that the options are set as the example below:
    temh2Om.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content

  • 0

#8
orwellian1984
Posted 14 August 2015 - 08:03 PM

orwellian1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Ive run your programs twice now.  My computer feels as though it is becoming more sluggish as more is removed from it.  Barely works now.  Will try to send through scan information when computer stays on long enough for me to complete a scan without a complete crash.  Please dont close the thread.


  • 0

#9
orwellian1984
Posted 15 August 2015 - 02:36 AM

orwellian1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Sorry for the delay, computer has been an unhappy camper.

 

Thanks.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/08/2015
Scan Time: 11:46 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.14.03
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Val

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 444155
Time Elapsed: 46 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall FM, Quarantined, [85366c9cf19a65d1c90c9186c63d9967],
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall TM, Quarantined, [edce4bbd335835013e97fb1cc63da55b],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

Thought the first ESET scanner failed, but didn't, also I didn't properly set options of first attempt, second attempt fine though.  Hope all is well.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=init
# utc_time=2015-08-14 02:54:01
# local_time=2015-08-15 12:54:01 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=init
# utc_time=2015-08-14 03:03:17
# local_time=2015-08-15 01:03:17 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25280
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=updated
# utc_time=2015-08-14 03:33:01
# local_time=2015-08-15 01:33:01 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# engine=25280
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-14 11:41:57
# local_time=2015-08-15 09:41:57 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 202188702 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 275494 80102633 0 0
# scanned=273972
# found=13
# cleaned=13
# scan_time=29335
sh=3FB7B58261DD8E7187AC6E49B915EACCEC60E9B5 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\content.js.vir"
sh=87BCCB930E822C48E2F45B131C85B0B1B22C6A97 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\Gn.js.vir"
sh=3E1F932939D832617487FE1553655B1FF7451CBC ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\lsdb.js.vir"
sh=62787B5CFC7CEC19C3B235551BFC3818ECF037A2 ft=1 fh=97702881defef2e1 vn="a variant of Win32/Systweak potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\PCP_100_v3\PCPerformerSetup.exe.vir"
sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\AllSaveer\AllSaveer.exe"
sh=B682EFB39A109243C22764BC82486615980159B4 ft=1 fh=a025b83c67ce3dca vn="Win32/Patched.NFU trojan (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll"
sh=E0B37C57E99FE566CE70DE1FE6B0A8E222BC133A ft=1 fh=040dd3f1fe168480 vn="Win32/Somoto.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe"
sh=3FB7B58261DD8E7187AC6E49B915EACCEC60E9B5 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\content.js"
sh=87BCCB930E822C48E2F45B131C85B0B1B22C6A97 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\Gn.js"
sh=3E1F932939D832617487FE1553655B1FF7451CBC ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\lsdb.js"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\cbsidlm-cbsi188-ePub_to_PDF_Converter-ORG-75532612.exe"
sh=A99F4FDD706A9501157F17474F3DEC1656E1180A ft=1 fh=9412232a9f4339ee vn="Win32/Toolbar.Conduit.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\PowerISO5-x64.exe"
sh=A108A4C77538493D4947678F0BBDCEE35BAF8764 ft=1 fh=f69c12bd02f703f1 vn="Win32/Toolbar.Widgi.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\YTDSetup.exe"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=init
# utc_time=2015-08-15 02:27:53
# local_time=2015-08-15 12:27:53 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25286
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=updated
# utc_time=2015-08-15 02:28:59
# local_time=2015-08-15 12:28:59 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# engine=25286
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-15 06:55:05
# local_time=2015-08-15 04:55:05 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 202214690 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 305082 80128621 0 0
# scanned=274352
# found=4
# cleaned=0
# scan_time=15965
sh=A96820CD585E00B9F6C344BC1E7BFCE2C5A08A31 ft=1 fh=7bed3e477a04d6b3 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\A2D275BD-14FE-4D77-8EE9-A7DA99D356AF\nfapi.dll"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.dll"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\ccsetup500.exe"

 


  • 0

#10
Nevan
Posted 15 August 2015 - 06:12 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Please dont close the thread.

Don't worry. As long as you're here, so am I.

About the ESET scan, please remember to check my instructions and follow them carefully. The tool has removed some files automatically and nothing important has been removed, but it could have been.

Don't worry about the computer's sluggishness. We'll try to do something about it once we're sure that there aren't any more traces of infections visible.

It'd like to have a fresh look at your system. Please perform the instructions below.

Step #1
4rr98tz.pngFRST Scan
  • Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #2
bABuPc2.pngSecurity Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
EOEdyWG.png Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Checkup.txt log content

  • 0

Advertisements

#11
orwellian1984
Posted 15 August 2015 - 07:51 AM

orwellian1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

As requested.

 

Awaiting your instructions good sir.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Val (administrator) on JOEL (15-08-2015 23:35:51)
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9650720 2010-02-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [316784 2010-01-16] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-22] (Sony Corporation)
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-02-25] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.news.net/index.php?referid=118
HKU\S-1-5-21-986212026-379418426-1859886101-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sony.com.au/productcategory/it-personal-computer?referer=http%3A%2F%2Fvaio-online.sony.com%2F
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{42B4665E-1DB9-497C-90A7-B22F90104425}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FDF61F8A-62B0-421A-BF8F-42EA3217BC2E}: [DhcpNameServer] 192.168.0.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default
FF NewTab: hxxp://search.norton.com
FF Homepage: hxxp://search.norton.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-986212026-379418426-1859886101-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Val\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-23] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (AdBlock) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (AntiPorn Pro  The best AntiPorn addon) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2015-07-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-25]
CHR Extension: (Google Wallet) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-08] (Electronic Arts)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-09] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-19] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-07-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150814.002\IDSvia64.sys [692984 2015-08-07] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150814.016\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150814.016\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-31] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 23:35 - 2015-08-15 23:36 - 00022021 _____ C:\Users\Val\Desktop\FRST.txt
2015-08-15 23:35 - 2015-08-15 23:35 - 00000000 ____D C:\Users\Val\Desktop\FRST-OlderVersion
2015-08-15 23:34 - 2015-08-15 23:34 - 00852684 _____ C:\Users\Val\Desktop\SecurityCheck.exe
2015-08-15 21:28 - 2015-08-15 23:35 - 00000000 ____D C:\Users\Val\Desktop\Fix tools
2015-08-15 00:53 - 2015-08-15 00:53 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-14 23:41 - 2015-08-15 18:34 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 23:41 - 2015-08-14 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 23:41 - 2015-08-14 23:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-14 23:41 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-14 23:41 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 23:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-14 23:30 - 2015-08-14 23:30 - 00003288 ____N C:\bootsqm.dat
2015-08-14 23:28 - 2015-08-14 23:28 - 00000000 __SHD C:\found.001
2015-08-13 01:53 - 2015-07-30 23:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 01:53 - 2015-07-30 23:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:54 - 2015-07-16 04:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 13:54 - 2015-07-16 04:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 13:54 - 2015-07-16 04:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 13:54 - 2015-07-16 04:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 13:54 - 2015-07-16 04:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 13:54 - 2015-07-16 04:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 13:54 - 2015-07-16 04:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 13:54 - 2015-07-16 04:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 13:54 - 2015-07-16 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 13:54 - 2015-07-16 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 13:54 - 2015-07-16 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 13:54 - 2015-07-16 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 13:54 - 2015-07-16 03:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 13:54 - 2015-07-16 03:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 13:54 - 2015-07-16 03:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 13:54 - 2015-07-16 03:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 13:54 - 2015-07-16 03:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 13:54 - 2015-07-16 03:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 13:54 - 2015-07-16 02:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 13:54 - 2015-07-16 02:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 13:54 - 2015-07-16 02:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 13:54 - 2015-07-16 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 13:54 - 2015-07-16 02:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:53 - 2015-07-29 06:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 13:53 - 2015-07-29 06:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 13:53 - 2015-07-29 05:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 13:53 - 2015-07-15 13:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:51 - 2015-07-21 10:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 13:51 - 2015-07-21 10:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 13:51 - 2015-07-17 07:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-12 13:51 - 2015-07-17 06:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-12 13:51 - 2015-07-17 06:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 13:51 - 2015-07-17 06:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 13:51 - 2015-07-17 06:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:51 - 2015-07-17 06:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:51 - 2015-07-17 06:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 13:51 - 2015-07-17 06:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:51 - 2015-07-17 06:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 13:51 - 2015-07-17 06:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:51 - 2015-07-17 06:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:51 - 2015-07-17 06:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 13:51 - 2015-07-17 06:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:51 - 2015-07-17 06:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:51 - 2015-07-17 06:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 13:51 - 2015-07-17 06:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:51 - 2015-07-17 06:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 13:51 - 2015-07-17 06:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 13:51 - 2015-07-17 06:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 13:51 - 2015-07-17 06:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:51 - 2015-07-17 06:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-12 13:51 - 2015-07-17 06:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 13:51 - 2015-07-17 05:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 13:51 - 2015-07-17 05:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:51 - 2015-07-17 05:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 13:51 - 2015-07-17 05:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:51 - 2015-07-17 05:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 13:51 - 2015-07-17 05:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 13:51 - 2015-07-17 05:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 13:51 - 2015-07-17 05:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 13:51 - 2015-07-17 05:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 13:51 - 2015-07-17 05:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 13:51 - 2015-07-17 05:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 13:51 - 2015-07-17 05:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 13:51 - 2015-07-17 05:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 13:51 - 2015-07-17 05:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 13:51 - 2015-07-17 05:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 13:51 - 2015-07-17 05:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:51 - 2015-07-17 05:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 13:51 - 2015-07-17 05:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:51 - 2015-07-17 05:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 13:51 - 2015-07-17 05:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:51 - 2015-07-17 05:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 13:51 - 2015-07-17 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 13:51 - 2015-07-17 05:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 13:51 - 2015-07-17 05:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 13:51 - 2015-07-17 05:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 13:51 - 2015-07-17 05:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 13:51 - 2015-07-17 05:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:51 - 2015-07-17 05:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 13:51 - 2015-07-17 05:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 13:51 - 2015-07-17 05:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 13:51 - 2015-07-17 05:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 13:51 - 2015-07-17 05:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:51 - 2015-07-17 04:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 13:51 - 2015-07-17 04:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 13:51 - 2015-07-17 04:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 13:51 - 2015-07-17 04:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 13:50 - 2015-07-15 13:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:50 - 2015-07-15 13:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:50 - 2015-07-15 13:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 13:50 - 2015-07-15 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 13:50 - 2015-07-15 12:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 13:50 - 2015-07-15 12:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 13:50 - 2015-07-15 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 13:50 - 2015-07-15 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 13:50 - 2015-07-02 06:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:50 - 2015-07-02 06:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 13:50 - 2015-07-02 06:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 13:50 - 2015-07-02 06:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 13:45 - 2015-07-31 03:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 13:45 - 2015-07-31 02:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:45 - 2015-07-31 02:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:45 - 2015-07-31 02:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 13:45 - 2015-07-17 05:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 13:45 - 2015-07-17 05:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 13:45 - 2015-07-17 05:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 13:45 - 2015-07-17 05:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 13:45 - 2015-07-17 05:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 13:45 - 2015-07-17 05:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 13:45 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:45 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:45 - 2015-07-10 03:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 13:44 - 2015-07-21 04:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 13:44 - 2015-07-21 04:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 13:44 - 2015-07-21 04:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 13:44 - 2015-07-21 03:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 13:44 - 2015-07-11 03:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:44 - 2015-07-11 03:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 13:37 - 2015-05-10 04:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 04:00 - 2015-08-12 04:19 - 00000000 ____D C:\AdwCleaner
2015-08-11 16:25 - 2015-08-15 23:35 - 00000000 ____D C:\FRST
2015-08-11 15:41 - 2015-08-15 23:35 - 02173952 _____ (Farbar) C:\Users\Val\Desktop\FRST64.exe
2015-08-09 23:02 - 2015-08-09 23:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-08-09 22:54 - 2015-08-09 22:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-08-09 12:00 - 2015-08-09 12:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-07 12:11 - 2015-08-07 12:11 - 00000000 __SHD C:\found.000
2015-08-06 16:54 - 2015-08-12 15:43 - 00004934 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel
2015-08-05 09:14 - 2015-08-05 09:14 - 00000000 ____D C:\Users\Val\AppData\OICE_15_974FA576_32C1D314_3F31
2015-07-31 19:59 - 2015-08-09 13:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-07-31 09:13 - 2015-07-31 09:13 - 00003118 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2015-07-31 09:13 - 2015-07-31 09:13 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2015-07-31 09:13 - 2015-07-31 09:13 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-07-30 22:13 - 2015-08-11 00:16 - 00000000 ____D C:\NPE
2015-07-30 22:07 - 2015-08-11 15:20 - 00000000 ____D C:\Users\Val\AppData\Local\NPE
2015-07-25 23:15 - 2015-07-25 23:15 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 20:05 - 2015-08-07 17:44 - 00000000 ____D C:\Users\Val\AppData\Local\CrashDumps
2015-07-24 10:39 - 2015-07-24 10:39 - 00003102 _____ C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95}
2015-07-24 10:21 - 2015-08-09 22:55 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-24 10:21 - 2015-08-09 12:22 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-24 10:21 - 2015-08-09 12:22 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-24 10:21 - 2015-08-09 12:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-24 10:20 - 2015-08-09 22:54 - 00002185 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-24 10:19 - 2015-08-09 22:55 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-24 10:19 - 2015-07-24 10:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2015-07-23 11:54 - 2015-08-15 11:57 - 00046692 _____ C:\Windows\PFRO.log
2015-07-23 11:51 - 2015-07-23 11:51 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-23 11:51 - 2015-07-23 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-23 11:50 - 2015-07-23 11:51 - 00000000 ____D C:\Program Files\iTunes
2015-07-23 11:50 - 2015-07-23 11:50 - 00000000 ____D C:\Program Files\iPod
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files\Bonjour
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-23 11:44 - 2015-07-23 11:44 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-22 21:37 - 2015-08-15 11:58 - 00004256 _____ C:\Windows\setupact.log
2015-07-22 21:37 - 2015-07-22 21:37 - 00000000 _____ C:\Windows\setuperr.log
2015-07-17 23:57 - 2015-07-17 23:57 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-17 23:09 - 2015-08-15 23:19 - 01557319 _____ C:\Windows\WindowsUpdate.log
2015-07-17 07:15 - 2015-07-17 07:15 - 00000000 _____ C:\Users\Val\AppData\Roaming\ED1A.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 23:35 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-15 23:35 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-15 23:31 - 2011-12-13 16:24 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-15 23:22 - 2012-09-07 13:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-15 11:58 - 2011-12-13 16:24 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 11:58 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-15 02:21 - 2013-10-06 00:15 - 00000000 ____D C:\Users\Val\AppData\Roaming\vlc
2015-08-15 02:17 - 2011-10-09 21:59 - 00000000 ____D C:\Users\Val\AppData\Local\Adobe
2015-08-15 01:00 - 2014-10-29 01:20 - 00000000 ____D C:\Users\Val\Desktop\Joel's
2015-08-14 19:00 - 2011-11-06 14:34 - 00000000 ____D C:\Users\Val\AppData\Roaming\Azureus
2015-08-14 10:59 - 2009-07-14 15:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 10:56 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-14 04:28 - 2011-11-06 14:33 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-08-14 03:03 - 2014-08-15 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 22:16 - 2011-10-05 16:18 - 00000000 ____D C:\Users\Val
2015-08-13 19:29 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 14:22 - 2012-09-07 13:51 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 14:22 - 2012-09-07 13:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-13 14:22 - 2011-11-11 16:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-13 13:02 - 2009-07-14 14:45 - 05083680 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 12:59 - 2015-07-01 15:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 12:59 - 2014-06-08 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 01:55 - 2014-11-11 21:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-13 01:53 - 2013-03-20 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 01:51 - 2013-03-20 14:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 01:51 - 2013-03-20 14:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 01:41 - 2009-07-14 12:34 - 00000510 _____ C:\Windows\win.ini
2015-08-12 05:10 - 2014-11-10 23:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-12 05:10 - 2013-03-20 14:47 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-12 05:10 - 2013-03-20 14:47 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-12 05:10 - 2013-03-20 14:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-09 12:22 - 2011-11-12 17:31 - 00000000 ____D C:\ProgramData\Norton
2015-08-03 17:50 - 2011-10-05 16:18 - 00120224 _____ C:\Users\Val\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-31 09:14 - 2011-11-14 10:47 - 00000000 ____D C:\Update
2015-07-31 09:13 - 2011-11-29 12:00 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2015-07-31 09:12 - 2011-10-06 10:21 - 00000000 ____D C:\Program Files\Sony
2015-07-31 09:10 - 2014-06-17 13:49 - 00013792 _____ C:\Windows\system32\Drivers\semav6thermal64ro.sys
2015-07-25 21:19 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 14:36 - 2014-07-04 17:53 - 00000000 ____D C:\Program Files (x86)\Child of Light
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-24 11:02 - 2012-09-06 22:26 - 00000000 ____D C:\Users\Val\AppData\Roaming\Skype
2015-07-23 18:39 - 2013-03-25 16:42 - 00001808 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-07-23 18:39 - 2011-11-06 14:33 - 00001808 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-23 11:50 - 2014-11-14 21:58 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-23 11:50 - 2012-04-02 13:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-23 11:50 - 2011-11-06 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 10:42 - 2015-07-04 08:17 - 00000000 ____D C:\Users\Val\AppData\Local\SKIDROW
2015-07-23 10:42 - 2014-07-09 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-23 10:42 - 2014-01-25 12:47 - 00000000 ____D C:\Users\Val\Documents\My Games
2015-07-23 10:39 - 2014-07-13 22:05 - 00000000 ____D C:\Users\Val\AppData\Roaming\Yacht Club Games
2015-07-23 10:39 - 2014-06-22 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-07-23 10:39 - 2014-06-22 06:43 - 00000000 ____D C:\GOG Games
2015-07-23 10:39 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-23 10:38 - 2015-07-08 01:28 - 00000000 ____D C:\Users\Val\AppData\Roaming\Arrowhead
2015-07-22 19:28 - 2014-05-03 03:07 - 00000000 ____D C:\Users\Val\Documents\Temps
2015-07-22 19:26 - 2014-03-19 19:06 - 00000000 ____D C:\Users\Val\Documents\Paperwork
2015-07-22 19:18 - 2012-02-01 21:27 - 00000000 ____D C:\Users\Val\Documents\Games
2015-07-17 23:57 - 2011-11-11 15:57 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-17 23:57 - 2011-11-11 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-17 23:08 - 2011-12-13 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-17 22:27 - 2015-07-13 02:57 - 00000000 ____D C:\Program Files (x86)\Klout
2015-07-17 22:27 - 2014-06-25 07:27 - 00000000 ____D C:\Program Files\PowerISO
2015-07-17 22:27 - 2010-04-16 05:30 - 00000000 ____D C:\Windows\Panther
2015-07-17 04:59 - 2015-07-03 04:56 - 00003262 _____ C:\Windows\System32\Tasks\Megasoft Security Viewer
2015-07-17 03:03 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 03:46 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 03:10 - 2013-08-08 12:36 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2015-07-03 04:55 - 2015-07-03 04:55 - 0000000 _____ () C:\Users\Val\AppData\Roaming\3C86.tmp
2015-07-17 07:15 - 2015-07-17 07:15 - 0000000 _____ () C:\Users\Val\AppData\Roaming\ED1A.tmp
2014-04-23 11:29 - 2014-04-23 11:29 - 0017408 ___SH () C:\Users\Val\AppData\Roaming\Thumbs.db
2012-03-10 01:55 - 2012-03-10 01:55 - 0012841 _____ () C:\Users\Val\AppData\Roaming\UserTile.png
2015-07-13 03:05 - 2015-07-13 03:05 - 0000000 _____ () C:\Users\Val\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Val\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 17:13

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Val (2015-08-15 23:37:15)
Running from C:\Users\Val\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-986212026-379418426-1859886101-500 - Administrator - Disabled)
Guest (S-1-5-21-986212026-379418426-1859886101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-986212026-379418426-1859886101-1002 - Limited - Enabled)
Val (S-1-5-21-986212026-379418426-1859886101-1000 - Administrator - Enabled) => C:\Users\Val

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
ePub to PDF Converter 2.0.4 (HKLM-x32\...\ePub to PDF Converter_is1) (Version:  - DONGSOFT Company, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
e-tax 2012 (HKLM-x32\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.2.1525 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java™ 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.2.0.15040 - Sony Corporation)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pillars of Eternity v.1.0.5.0567 (HKLM-x32\...\Pillars of Eternity_is1) (Version:  - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.1.02.03310 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.07140 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6013 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.14250 - Sony Corporation)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.1.0.14240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
The Sims 2 Ultimate Collection version 1.17.0.66 (HKLM-x32\...\The Sims 2 Ultimate Collection_is1) (Version: 1.17.0.66 - EA Games)
Unity Web Player (HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.07140 - Sony Corporation)
VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Content Monitoring Settings (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.5.0.13220 - Sony Corporation)
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.3.0.13150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.13210 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.7.0.16080 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.0.0.04160 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}) (Version: 4.1.0.13180 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.15040 - Sony Corporation)
VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.1.0.14080 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.1.00.14040 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.1.0.13120 - Sony Corporation)
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.13200 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.2.0.14010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.1.0.14090 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.3950 - Broadcom Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-08-2015 02:00:58 Norton_Power_Eraser_20150811020053526
11-08-2015 03:00:16 Windows Update
11-08-2015 04:39:33 Windows Update
11-08-2015 22:53:56 Restore Point Created by FRST
12-08-2015 03:00:16 Windows Update
12-08-2015 03:59:32 JRT Pre-Junkware Removal
12-08-2015 05:09:21 Windows Update
13-08-2015 01:25:12 Windows Update
14-08-2015 03:00:23 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2014-06-29 08:06 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D41DB0F-7F93-4993-A4D8-F2A70D4669B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A4E420-0D66-439A-A270-B9B6094E42B1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-06-26] (Microsoft Corporation)
Task: {13BE7939-B31D-4D0B-8B0D-E56C76D245DF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {1FE833B4-BD1E-40CB-BD91-0A84C32AD76A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {235CFED4-2ACA-415F-83CD-1ED604B23B79} - System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => pcalua.exe -a "C:\Program Files (x86)\V-9.1HD\Uninstall.exe" -c /fcp=1
Task: {2B1E979D-21A7-4787-BFCE-264A6106A5CD} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {31D0115F-C18F-4B4A-956A-A5DAAB28675F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {36C9E78A-4483-420D-A4E0-8F86F4FD5A8C} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {40789279-1C96-4C37-9D94-33B7CE113DBE} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {41CC72F1-B55A-4769-9D94-69AF8A03A436} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {428E7C88-0901-4650-9A80-77D1F6E27A5E} - System32\Tasks\SONY\Prepare Your VAIO\Prepare Your VAIO => C:\Program Files (x86)\Sony\Prepare Your VAIO\PYV.exe [2010-02-25] (Sony Corporation)
Task: {45E56A76-06DB-4921-8A19-EB472A27DBC5} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {4731AEF1-F633-4633-9E2A-D8BDE23F364F} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {491A119B-5FE8-4731-9C8E-434BA6759B9D} - System32\Tasks\AdobeAAMUpdater-1.0-Val-VAIO-Val => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {4A6C63B3-5EC4-4CF6-8FF0-C5D3FB1D813D} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {5274D606-0786-4992-9B46-8E504E985106} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56004971-BDC7-40AE-8F3E-7AF931168EFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5C0B34AD-45D8-41CA-8C62-990BB13B983E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {637B059C-9874-42C1-910A-730791BDF02C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {64334B5F-626A-4957-AA73-99104CDAA1AF} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {65C250D4-888B-4B96-B24F-E1A958CD2424} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-17] (Symantec Corporation)
Task: {66455886-0F06-4A60-A971-9669985B547A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DAFB589-7BF3-4796-A22F-4F27D65C2F9D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DD85A0C-B4DF-42F9-BF51-37EB787D02F2} - System32\Tasks\Megasoft Security Viewer => C:\Program Files (x86)\Megasoft Security\jptask.exe
Task: {6E63CE98-39F5-4765-9736-99909BB2BDDE} - System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95} => pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {75E0C3BD-AAE6-4DC6-AAF1-AE43B2CEA6F5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {792606F4-0A69-47CF-84C4-700A17ECB811} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {8109AE46-C26B-4FED-8063-8D5FD629AC6D} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {8F8F0474-F880-4A0E-89F0-9760B9AF48D1} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
Task: {905B07D2-6D78-4D57-BBEB-3B9F48757DA2} - System32\Tasks\{6ED7D482-686C-4A8C-A394-0FBCE695804E} => pcalua.exe -a C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED\setup_legend_of_grimrock_1.0.0.6.exe -d C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED
Task: {9CBB4F4F-3A66-45AB-9CF1-B493DE5EDFEC} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {A14BD500-46E1-47BE-9266-6E662074AA12} - System32\Tasks\{8F42C2F7-755C-491B-B067-0F304A7D13F5} => pcalua.exe -a C:\Users\Val\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\Val\Desktop
Task: {A1C1779F-D704-4DCE-A789-A100712AF941} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {AFC71B52-293D-4930-945B-84B0FDFB349E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {B39B622A-A986-4094-8E27-9B48B7576F81} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B5573480-3025-4CD8-ACC5-97F65DBDE0BE} - System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => pcalua.exe -a "C:\Program Files (x86)\Fraveen 1.4\Uninstall.exe" -c /fcp=1
Task: {B8684772-8ACD-4D61-B1B9-4BDB02A7D167} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {BDE114C7-E118-4D97-9A67-DCD2E3A10007} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {BE363EB0-7472-4830-8D86-39453475A990} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {BF6B4189-EA58-406D-8962-FE284BB18EB3} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C3F08A49-5EE6-4B2F-BDBF-938DDDCFB1A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C4867012-4448-4148-A5E1-343A99136352} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {D248F8B9-8060-4F5C-905C-53A93E9B6B36} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6B71070-5725-483E-8482-F0C671F834C7} - System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlayer\Uninstall.exe" -c /fcp=1
Task: {D95E82FE-8AE9-4FF0-BFAE-6B33348276DE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {EDCF36B0-19D2-44FE-85E9-7E256F5F3FCD} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {EFB74764-C091-4473-A75E-20BB449789A3} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {F12734FA-A9D4-42CC-835C-83C6C8AEB16A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-07-19 15:48 - 2010-07-19 15:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-08 18:35 - 2013-01-08 18:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00379904 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll
2010-04-16 07:10 - 2009-11-21 08:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-05-13 18:31 - 2015-05-13 18:31 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-986212026-379418426-1859886101-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2015 04:46:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 12:26:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 12:26:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 12:26:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 12:26:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 01:02:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 12:53:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2015 12:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (08/15/2015 05:28:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (08/15/2015 04:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (08/15/2015 04:55:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/15/2015 04:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (08/15/2015 04:55:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/15/2015 04:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (08/15/2015 04:55:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/15/2015 04:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (08/15/2015 04:55:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/15/2015 04:55:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275


Microsoft Office:
=========================
Error: (08/15/2015 04:46:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/15/2015 12:26:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 12:26:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 12:26:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 12:26:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 01:02:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 12:53:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2015 12:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity:
===================================
  Date: 2013-07-15 18:04:53.807
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:53.675
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:51.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:51.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:49.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:49.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:46.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:46.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:44.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-15 18:04:44.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 71%
Total physical RAM: 3766.88 MB
Available physical RAM: 1079.84 MB
Total Virtual: 7531.97 MB
Available Virtual: 3886.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:284.99 GB) (Free:63.32 GB) NTFS
Drive g: (Transcend) (Removable) (Total:3.73 GB) (Free:2.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C4EA7D6B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of log ============================

 

 Results of screen317's Security Check version 1.006  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360                      
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 17  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.232  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (39.0)
 Google Chrome 35.0.1916.114 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 


  • 0

#12
Nevan
Posted 15 August 2015 - 09:19 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, orwellian1984.

Let's take care of the remnants and then we'll try to deal with the sluggishness of your system.

Warning!

I noticed that you have more than one antivirus program installed and active. It is very important not to have more than one antivirus program active at one time. They work in background, continuously scanning and protecting your system. That function is called Real-Time Protection. Having two or more of them at one time not only multiplies the amount of system resources that are used all the time, but more importantly, the programs are always fighting with each other for control of the system. That causes system slowness, false positives, system crashes, as well as lower detection rates. You will very likely end up with little or no protection.

Your Norton 360 program is a paid subscription. If the subscription was recently renewed I would suggest you keep it. If the subscription is about to expire you will need to decide if you want to renew the subscription and keep it or uninstall it and keep Microsoft Security Essentials program.

Please let me know which you would like to keep and I will remove the other one.


 
Step #1
Reinstalling Google Chrome

As your Google Chrome is now in development build, which leaves you vulnerable to further infections, we have to reinstall it. To do that:
  • Make sure that you save your bookmarks by exporting them. Here's how to do it.
  • Sign into your account at Google Sync, then scroll down until you see "Stop and Clear" button then click it. Click "OK" when the prompt appears.
  • Now uninstall Google Chrome. Make sure that you delete all data and settings when asked about it.
  • Restart the computer and download the latest version of Google Chrome from here.
  • Import your bookmarks into Google Chrome and sign back to the browser so that your bookmarks sync with your account.
 
Step #2
Service fix

Please download the files below.
Attached File  SharedAccess.reg   354.38KB   191 downloads
Attached File  wscsvc.reg   5.13KB   179 downloads
Attached File  wuauserv.reg   6.03KB   175 downloads

Launch the files by double-clicking them. Allow each file to be added to the registry.
After that, restart the system.

 
Step #3
cnUOkXS.png Farbar Service Scanner
  • Right click FSS.exe on your desktop and click Run as administrator.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) on the Desktop.
  • Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
EOEdyWG.png Things that should appear in your next post:
  • FSS.txt log content
  • Please tell me which Antivirus you want to keep
  • Please tell me if you have successfully reinstalled Google Chrome

  • 0

#13
orwellian1984
Posted 15 August 2015 - 07:21 PM

orwellian1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Lets remove Windows Security Essentials

 

Farbar Service Scanner Version: 26-07-2015
Ran by Val (administrator) on 16-08-2015 at 11:19:29
Running from "C:\Users\Val\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Thanks


  • 0

#14
Nevan
Posted 16 August 2015 - 03:53 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, orwellian1984.

How about Google Chrome? Have you successfully reinstalled it?

Some final cleaning to do. Please tell me if your system gets any better after this.

Step #1
4lSuPAR.pngUninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove Microsoft Security Essentials.

 
Step #2
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   1.41KB   240 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
Updating programs

Your Java version is too old. Keeping Java updated is very important as well.
  • WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
    Read this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)
If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Large icons view on the upper right of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
 
Your Adobe Reader is outdated. Adobe products have to always be updated as well, because they also are being used to infect your computer.
Visit this site to update it.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if you have successfully reinstalled Google Chrome earlier
  • Please tell me if you have successfully uninstalled Microsoft Security Essentials
  • Please tell me if you have successfully updated (or removed) Java and Adobe Reader.
  • How's your system doing now?

  • 0

#15
orwellian1984
Posted 16 August 2015 - 05:28 AM

orwellian1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Tired tonight! Completed your instructions slightly out of order, hope it doesn't matter!  Ran the FIX after removing Microsoft Security Essentials, removing JAVA and after updating Adobe Reader..

 

Successfully installed Chrome from last post, sorry I didn't mention that.

 

And as above uninstalled successfully MSE and JAVA and updated AR.

 

Computer appears to be running relatively smoothly, its an old computer, i'd say it is running better then when you first started helping me..

 

Awaiting further instructions..

 

Thanks.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Val (2015-08-16 21:08:11) Run:2
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
2015-07-17 04:59 - 2015-07-03 04:56 - 00003262 _____ C:\Windows\System32\Tasks\Megasoft Security Viewer
Task: {235CFED4-2ACA-415F-83CD-1ED604B23B79} - System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => pcalua.exe -a "C:\Program Files (x86)\V-9.1HD\Uninstall.exe" -c /fcp=1
Task: {6DD85A0C-B4DF-42F9-BF51-37EB787D02F2} - System32\Tasks\Megasoft Security Viewer => C:\Program Files (x86)\Megasoft Security\jptask.exe
Task: {B5573480-3025-4CD8-ACC5-97F65DBDE0BE} - System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => pcalua.exe -a "C:\Program Files (x86)\Fraveen 1.4\Uninstall.exe" -c /fcp=1
Task: {D6B71070-5725-483E-8482-F0C671F834C7} - System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlayer\Uninstall.exe" -c /fcp=1
C:\Program Files (x86)\V-9.1HD
C:\Program Files (x86)\Megasoft Security
C:\Program Files (x86)\Fraveen 1.4
C:\Program Files (x86)\video MediaPlayer
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz
C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\ccsetup500.exe
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.dll
C:\Program Files (x86)\A2D275BD-14FE-4D77-8EE9-A7DA99D356AF
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\System32\Tasks\Megasoft Security Viewer => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{235CFED4-2ACA-415F-83CD-1ED604B23B79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{235CFED4-2ACA-415F-83CD-1ED604B23B79}" => key removed successfully
C:\Windows\System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{221A1B6C-C041-49E7-BEEE-AA1423068F74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DD85A0C-B4DF-42F9-BF51-37EB787D02F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DD85A0C-B4DF-42F9-BF51-37EB787D02F2}" => key removed successfully
C:\Windows\System32\Tasks\Megasoft Security Viewer not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Megasoft Security Viewer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5573480-3025-4CD8-ACC5-97F65DBDE0BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5573480-3025-4CD8-ACC5-97F65DBDE0BE}" => key removed successfully
C:\Windows\System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6B71070-5725-483E-8482-F0C671F834C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6B71070-5725-483E-8482-F0C671F834C7}" => key removed successfully
C:\Windows\System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3521E609-332A-476E-91DB-7DAC22AFCCE2}" => key removed successfully
"C:\Program Files (x86)\V-9.1HD" => File/Folder not found.
"C:\Program Files (x86)\Megasoft Security" => File/Folder not found.
"C:\Program Files (x86)\Fraveen 1.4" => File/Folder not found.
"C:\Program Files (x86)\video MediaPlayer" => File/Folder not found.
"C:\Users\Val\Cookies" => ":AWOvEjCeixwoghHetITiPPRP" ADS not found.
"C:\Users\Val\AppData\Local\Temporary Internet Files" => ":MP8Uflmc0xnGiVYhhUU06AxEM0kz" ADS not found.
C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\ccsetup500.exe => moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll => moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.dll => moved successfully.
C:\Program Files (x86)\A2D275BD-14FE-4D77-8EE9-A7DA99D356AF => moved successfully.
EmptyTemp: => 451.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:10:12 ====


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Outbound, Outbound Traffic, Security, Norton 360, Security Request, Suspicious Outbound Activity

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP