Hello. Thankyou in advance for taking the time to look over my request for help.
For a little over a month I have had Norton 360 running on my computer; previously I was running Malwarebytes Premium.
I noticed that i have been getting more frequent malware alerts, fake pop-up alerts and spam in general over the past two to three months; not sure why though as my browsing and computer usage habits haven't changed from what they were prior to this greater number of prompts appearing.
I started receiving this message about half a week ago and it pops up continuiously as soon as i am connected to the net. I have used Norton Power Tool to quaranteen suspect applications, but the pop-is still appearing regularly.
Have attached information from scan below for your perousal.
Please let me know if you have any suggestions about what i might do to try and fix this message from appearing anymore.
Also, on a side note, i have been receiving warnings about certain IP addresses attempting to hijack my computers applications and hardware at times. Could you elaborate on exactly what this means. If the source IP address is an american miltiary base, for what purpose would they have of doing this? (Please stick to the main thread about the Norton Power Erasor subject matter before this)
Kind Regards
J.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by Val (administrator) on JOEL (11-08-2015 16:25:52)
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9650720 2010-02-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [316784 2010-01-16] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-22] (Sony Corporation)
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-02-25] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.net/...php?referid=118
HKU\S-1-5-21-986212026-379418426-1859886101-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.com....nline.sony.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Toolbar: HKLM - No Name - {BA3E8250-8530-434F-B82F-B15AE5168E0A} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{42B4665E-1DB9-497C-90A7-B22F90104425}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FDF61F8A-62B0-421A-BF8F-42EA3217BC2E}: [DhcpNameServer] 192.168.0.1 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-986212026-379418426-1859886101-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Val\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-23] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mystartsearch.xml [2015-07-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\omiga-plus.xml [2014-06-29]
FF Extension: AllSaveer - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\[email protected] [2015-07-24]
FF Extension: No Name - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-11]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AntiPorn Pro The best AntiPorn addon) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2015-07-24]
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (AdBlock) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (AntiPorn Pro The best AntiPorn addon) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2015-07-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-25]
CHR Extension: (Google Wallet) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] () [File not signed]
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-08] (Electronic Arts)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-09] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-19] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150809.001\IDSvia64.sys [692984 2015-08-07] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.009\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.009\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-31] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-11 16:25 - 2015-08-11 16:26 - 00022814 _____ C:\Users\Val\Desktop\FRST.txt
2015-08-11 16:25 - 2015-08-11 16:25 - 00000000 ____D C:\FRST
2015-08-11 15:41 - 2015-08-11 15:41 - 02171392 _____ (Farbar) C:\Users\Val\Desktop\FRST64.exe
2015-08-11 00:33 - 2015-08-11 16:20 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-08-09 23:02 - 2015-08-09 23:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-08-09 22:54 - 2015-08-09 22:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-08-09 12:00 - 2015-08-09 12:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-07 12:11 - 2015-08-07 12:11 - 00000000 __SHD C:\found.000
2015-08-06 16:54 - 2015-08-11 16:20 - 00004934 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel
2015-08-05 09:14 - 2015-08-05 09:14 - 00000000 ____D C:\Users\Val\AppData\OICE_15_974FA576_32C1D314_3F31
2015-07-31 19:59 - 2015-08-09 13:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-07-31 09:13 - 2015-07-31 09:13 - 00003118 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2015-07-31 09:13 - 2015-07-31 09:13 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2015-07-31 09:13 - 2015-07-31 09:13 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-07-30 22:13 - 2015-08-11 00:16 - 00000000 ____D C:\NPE
2015-07-30 22:07 - 2015-08-11 15:20 - 00000000 ____D C:\Users\Val\AppData\Local\NPE
2015-07-29 14:46 - 2015-07-26 04:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-29 14:46 - 2015-07-26 04:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-29 14:46 - 2015-07-26 04:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-29 14:46 - 2015-07-26 04:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-29 14:46 - 2015-07-26 03:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-25 23:15 - 2015-07-25 23:15 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 20:05 - 2015-08-07 17:44 - 00000000 ____D C:\Users\Val\AppData\Local\CrashDumps
2015-07-24 10:39 - 2015-07-24 10:39 - 00003102 _____ C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95}
2015-07-24 10:21 - 2015-08-09 22:55 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-24 10:21 - 2015-08-09 12:22 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-24 10:21 - 2015-08-09 12:22 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-24 10:21 - 2015-08-09 12:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-24 10:20 - 2015-08-09 22:54 - 00002185 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-24 10:19 - 2015-08-09 22:55 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-24 10:19 - 2015-07-24 10:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2015-07-24 03:21 - 2015-07-24 03:21 - 00000000 ____D C:\Program Files (x86)\AllSaveer
2015-07-24 03:01 - 2015-07-24 10:49 - 00000000 ____D C:\Program Files (x86)\UpgraderLite
2015-07-23 11:54 - 2015-08-11 14:52 - 00041776 _____ C:\Windows\PFRO.log
2015-07-23 11:51 - 2015-07-23 11:51 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-23 11:51 - 2015-07-23 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-23 11:50 - 2015-07-23 11:51 - 00000000 ____D C:\Program Files\iTunes
2015-07-23 11:50 - 2015-07-23 11:50 - 00000000 ____D C:\Program Files\iPod
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files\Bonjour
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-23 11:44 - 2015-07-23 11:44 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-22 21:37 - 2015-08-11 16:18 - 00003472 _____ C:\Windows\setupact.log
2015-07-22 21:37 - 2015-07-22 21:37 - 00000000 _____ C:\Windows\setuperr.log
2015-07-21 11:51 - 2015-07-15 13:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 11:51 - 2015-07-15 13:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 11:51 - 2015-07-15 13:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 11:51 - 2015-07-15 13:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 11:51 - 2015-07-15 12:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 11:51 - 2015-07-15 12:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 11:51 - 2015-07-15 12:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 11:51 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 11:51 - 2015-07-15 11:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 11:51 - 2015-07-15 11:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-17 23:57 - 2015-07-17 23:57 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-17 23:09 - 2015-08-11 16:21 - 01589550 _____ C:\Windows\WindowsUpdate.log
2015-07-17 07:15 - 2015-07-17 07:15 - 00000000 _____ C:\Users\Val\AppData\Roaming\ED1A.tmp
2015-07-15 16:26 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Public\Documents\EA Games
2015-07-15 16:23 - 2015-07-15 16:23 - 00001700 _____ C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2015-07-15 16:23 - 2015-07-15 16:23 - 00001690 _____ C:\Users\Public\Desktop\The Sims 2 Body Shop.lnk
2015-07-15 16:23 - 2015-07-15 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2015-07-15 15:57 - 2015-07-15 16:00 - 00000000 ____D C:\Program Files (x86)\The Sims 2 Ultimate Collection
2015-07-15 15:57 - 2015-07-15 15:57 - 00000000 ____D C:\Users\Val\Documents\EA Games
2015-07-15 14:00 - 2015-07-15 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-07-15 12:05 - 2015-07-10 03:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 12:05 - 2015-07-10 03:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 12:05 - 2015-07-10 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 12:05 - 2015-07-10 03:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 12:05 - 2015-07-10 03:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 12:05 - 2015-07-10 03:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 12:05 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 12:05 - 2015-07-03 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 12:05 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 12:05 - 2015-07-03 06:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 12:05 - 2015-07-03 06:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 12:05 - 2015-07-03 06:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 12:05 - 2015-07-03 06:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 12:05 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 12:05 - 2015-07-03 06:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 12:05 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 12:05 - 2015-07-03 05:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 12:05 - 2015-07-03 04:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 12:05 - 2015-06-27 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 12:05 - 2015-06-27 12:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 12:05 - 2015-06-27 11:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 12:05 - 2015-06-27 11:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 12:05 - 2015-06-25 18:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 12:05 - 2015-06-18 03:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 12:05 - 2015-06-18 03:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 12:05 - 2015-06-10 04:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 12:05 - 2015-06-10 04:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 12:05 - 2015-06-02 10:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 12:05 - 2015-06-02 09:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 12:04 - 2015-06-26 04:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 12:04 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 12:04 - 2015-06-21 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 12:04 - 2015-06-21 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 12:04 - 2015-06-21 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 12:04 - 2015-06-21 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 12:04 - 2015-06-21 05:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 12:04 - 2015-06-21 05:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 12:04 - 2015-06-21 05:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 12:04 - 2015-06-21 05:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 12:04 - 2015-06-21 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 12:04 - 2015-06-21 05:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 12:04 - 2015-06-21 05:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 12:04 - 2015-06-21 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 12:04 - 2015-06-21 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 12:04 - 2015-06-21 04:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 12:04 - 2015-06-21 04:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 12:04 - 2015-06-21 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 12:04 - 2015-06-21 04:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 12:04 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 12:04 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 12:04 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 12:04 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 12:04 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 12:04 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 12:04 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 12:04 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 12:04 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 12:04 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 12:04 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 12:04 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 12:04 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 12:04 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 12:04 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 12:04 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 12:04 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 12:04 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 12:04 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 12:03 - 2015-06-21 05:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 12:03 - 2015-06-21 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 12:03 - 2015-06-21 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 12:03 - 2015-06-21 05:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 12:03 - 2015-06-21 04:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 12:03 - 2015-06-21 04:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 12:01 - 2015-07-05 04:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 12:01 - 2015-07-05 03:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 12:01 - 2015-07-02 06:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 12:01 - 2015-07-02 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 12:01 - 2015-07-02 06:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 12:01 - 2015-07-02 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 12:01 - 2015-07-02 06:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 12:01 - 2015-07-02 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 12:01 - 2015-07-02 06:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 12:01 - 2015-07-02 06:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 12:01 - 2015-07-02 06:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 12:01 - 2015-07-02 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 12:01 - 2015-07-02 06:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 12:01 - 2015-07-02 06:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 12:01 - 2015-07-02 06:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 12:01 - 2015-07-02 06:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 12:01 - 2015-07-02 06:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 12:01 - 2015-07-02 06:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 12:01 - 2015-07-02 06:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 12:01 - 2015-07-02 06:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 12:01 - 2015-07-02 05:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 12:01 - 2015-07-02 05:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 12:01 - 2015-07-02 05:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 12:01 - 2015-04-28 05:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 12:01 - 2015-04-28 05:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 12:01 - 2015-04-28 05:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 12:01 - 2015-04-28 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 12:01 - 2015-04-28 05:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 12:01 - 2015-04-28 05:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 12:01 - 2015-04-28 05:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 12:01 - 2015-04-28 05:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 12:00 - 2015-06-16 07:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 12:00 - 2015-06-16 07:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 12:00 - 2015-06-16 07:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 12:00 - 2015-06-16 07:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 12:00 - 2015-06-16 07:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 12:00 - 2015-06-16 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 12:00 - 2015-06-16 07:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 12:00 - 2015-06-16 07:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 12:00 - 2015-06-16 07:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 12:00 - 2015-06-16 07:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 12:00 - 2015-06-16 07:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 12:00 - 2015-06-16 07:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 06:22 - 2015-07-15 06:22 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-13 03:07 - 2015-07-24 03:01 - 00000000 ____D C:\ProgramData\a7dd8f7400002476
2015-07-13 03:05 - 2015-07-13 03:05 - 00000000 _____ C:\Users\Val\AppData\Local\Temp.dat
2015-07-13 02:57 - 2015-07-17 22:27 - 00000000 ____D C:\Program Files (x86)\Klout
2015-07-13 02:56 - 2015-07-24 03:22 - 00000000 ____D C:\ProgramData\3746226442181077489
2015-07-13 02:56 - 2015-07-17 22:27 - 00000000 ____D C:\Program Files (x86)\CutTheeePPricie
2015-07-13 02:54 - 2015-08-11 14:54 - 00000418 _____ C:\Windows\Tasks\YogaLite.job
2015-07-13 02:54 - 2015-07-13 02:54 - 00003326 _____ C:\Windows\System32\Tasks\YogaLite
2015-07-13 02:54 - 2015-07-13 02:54 - 00000000 ____D C:\ProgramData\{538c2888-fe67-11e2-538c-c2888fe6a223}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-11 16:22 - 2012-09-07 13:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-11 16:19 - 2011-12-13 16:24 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 16:18 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 16:17 - 2011-10-05 16:18 - 00000000 ____D C:\Users\Val
2015-08-11 15:46 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-11 15:46 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-11 15:31 - 2011-12-13 16:24 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-11 04:40 - 2013-03-20 14:47 - 00002148 _____ C:\Windows\epplauncher.mif
2015-08-11 04:39 - 2014-11-10 23:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-11 04:39 - 2013-03-20 14:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-11 02:00 - 2013-10-06 00:15 - 00000000 ____D C:\Users\Val\AppData\Roaming\vlc
2015-08-11 02:00 - 2011-10-09 21:59 - 00000000 ____D C:\Users\Val\AppData\Local\Adobe
2015-08-11 00:12 - 2011-11-06 14:34 - 00000000 ____D C:\Users\Val\AppData\Roaming\Azureus
2015-08-09 22:59 - 2014-10-29 01:20 - 00000000 ____D C:\Users\Val\Desktop\Joel's
2015-08-09 12:38 - 2011-11-06 14:33 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-08-09 12:22 - 2011-11-12 17:31 - 00000000 ____D C:\ProgramData\Norton
2015-08-07 21:51 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-03 17:50 - 2011-10-05 16:18 - 00120224 _____ C:\Users\Val\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-03 12:44 - 2009-07-14 14:45 - 05083680 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-02 17:45 - 2009-07-14 15:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-31 09:14 - 2011-11-14 10:47 - 00000000 ____D C:\Update
2015-07-31 09:13 - 2011-11-29 12:00 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2015-07-31 09:12 - 2011-10-06 10:21 - 00000000 ____D C:\Program Files\Sony
2015-07-31 09:10 - 2014-06-17 13:49 - 00013792 _____ C:\Windows\system32\Drivers\semav6thermal64ro.sys
2015-07-30 03:02 - 2014-06-08 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 21:19 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 14:36 - 2014-07-04 17:53 - 00000000 ____D C:\Program Files (x86)\Child of Light
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-24 11:02 - 2012-09-06 22:26 - 00000000 ____D C:\Users\Val\AppData\Roaming\Skype
2015-07-23 18:39 - 2013-03-25 16:42 - 00001808 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-07-23 18:39 - 2011-11-06 14:33 - 00001808 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-23 11:50 - 2014-11-14 21:58 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-23 11:50 - 2012-04-02 13:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-23 11:50 - 2011-11-06 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 10:42 - 2015-07-04 08:17 - 00000000 ____D C:\Users\Val\AppData\Local\SKIDROW
2015-07-23 10:42 - 2014-07-09 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-23 10:42 - 2014-01-25 12:47 - 00000000 ____D C:\Users\Val\Documents\My Games
2015-07-23 10:39 - 2014-07-13 22:05 - 00000000 ____D C:\Users\Val\AppData\Roaming\Yacht Club Games
2015-07-23 10:39 - 2014-06-22 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-07-23 10:39 - 2014-06-22 06:43 - 00000000 ____D C:\GOG Games
2015-07-23 10:39 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-23 10:38 - 2015-07-08 01:28 - 00000000 ____D C:\Users\Val\AppData\Roaming\Arrowhead
2015-07-22 19:28 - 2014-05-03 03:07 - 00000000 ____D C:\Users\Val\Documents\Temps
2015-07-22 19:26 - 2014-03-19 19:06 - 00000000 ____D C:\Users\Val\Documents\Paperwork
2015-07-22 19:18 - 2012-02-01 21:27 - 00000000 ____D C:\Users\Val\Documents\Games
2015-07-19 03:03 - 2014-08-15 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-19 03:02 - 2014-11-11 21:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-17 23:57 - 2011-11-11 15:57 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-17 23:57 - 2011-11-11 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-17 23:08 - 2011-12-13 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-17 22:27 - 2014-06-25 07:27 - 00000000 ____D C:\Program Files\PowerISO
2015-07-17 22:27 - 2010-04-16 05:30 - 00000000 ____D C:\Windows\Panther
2015-07-17 04:59 - 2015-07-03 04:56 - 00003262 _____ C:\Windows\System32\Tasks\Megasoft Security Viewer
2015-07-17 03:03 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 04:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:46 - 2015-07-01 15:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:46 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 03:17 - 2009-07-14 12:34 - 00000510 _____ C:\Windows\win.ini
2015-07-16 03:10 - 2013-08-08 12:36 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 14:00 - 2014-06-25 07:27 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-07-15 06:22 - 2012-09-07 13:51 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 06:22 - 2012-09-07 13:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 06:22 - 2011-11-11 16:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 23:41 - 2009-07-14 15:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-13 23:36 - 2015-07-04 04:58 - 00000000 ____D C:\Users\Val\AppData\Roaming\InetStat
2015-07-13 23:34 - 2014-06-29 07:55 - 00000000 ____D C:\Users\Val\AppData\Local\com
2015-07-13 23:34 - 2013-08-08 12:39 - 00000000 ____D C:\Windows\Temp383E7311-341C-5D50-3CF0-584E889A0D48-Signatures
2015-07-13 04:56 - 2011-10-05 16:19 - 00001172 _____ C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-12 03:33 - 2014-11-27 22:40 - 00000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories =======
2015-07-03 04:55 - 2015-07-03 04:55 - 0000000 _____ () C:\Users\Val\AppData\Roaming\3C86.tmp
2014-06-21 01:44 - 2014-06-21 01:44 - 0000320 _____ () C:\Users\Val\AppData\Roaming\aps.uninstall.scan.results
2015-07-17 07:15 - 2015-07-17 07:15 - 0000000 _____ () C:\Users\Val\AppData\Roaming\ED1A.tmp
2014-04-23 11:29 - 2014-04-23 11:29 - 0017408 ___SH () C:\Users\Val\AppData\Roaming\Thumbs.db
2012-03-10 01:55 - 2012-03-10 01:55 - 0012841 _____ () C:\Users\Val\AppData\Roaming\UserTile.png
2015-07-13 03:05 - 2015-07-13 03:05 - 0000000 _____ () C:\Users\Val\AppData\Local\Temp.dat
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-986212026-379418426-1859886101-1000\$b59c2d2b86ada98909b69bf192f30e8c
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$b59c2d2b86ada98909b69bf192f30e8c
Some files in TEMP:
====================
C:\Users\Val\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
LastRegBack: 2015-08-02 19:25
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Val (2015-08-11 16:27:05)
Running from C:\Users\Val\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-986212026-379418426-1859886101-500 - Administrator - Disabled)
Guest (S-1-5-21-986212026-379418426-1859886101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-986212026-379418426-1859886101-1002 - Limited - Enabled)
Val (S-1-5-21-986212026-379418426-1859886101-1000 - Administrator - Enabled) => C:\Users\Val
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
ePub to PDF Converter 2.0.4 (HKLM-x32\...\ePub to PDF Converter_is1) (Version: - DONGSOFT Company, Inc.)
e-tax 2012 (HKLM-x32\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.2.1525 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.2.0.15040 - Sony Corporation)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pillars of Eternity v.1.0.5.0567 (HKLM-x32\...\Pillars of Eternity_is1) (Version: - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.1.02.03310 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.07140 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6013 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.14250 - Sony Corporation)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.1.0.14240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
The Sims 2 Ultimate Collection version 1.17.0.66 (HKLM-x32\...\The Sims 2 Ultimate Collection_is1) (Version: 1.17.0.66 - EA Games)
Unity Web Player (HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
UpgraderLite (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{774350ce}) (Version: - Software Publisher) <==== ATTENTION
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.07140 - Sony Corporation)
VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Content Monitoring Settings (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.5.0.13220 - Sony Corporation)
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.3.0.13150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.13210 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.7.0.16080 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.0.0.04160 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}) (Version: 4.1.0.13180 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.15040 - Sony Corporation)
VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.1.0.14080 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.1.00.14040 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.1.0.13120 - Sony Corporation)
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.13200 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.2.0.14010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.1.0.14090 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.3950 - Broadcom Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YTD Video Downloader 4.8.5 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.5 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
05-08-2015 03:00:22 Windows Update
06-08-2015 03:00:25 Windows Update
08-08-2015 03:00:51 Windows Update
09-08-2015 03:00:11 Windows Update
09-08-2015 23:13:41 Norton_Power_Eraser_20150809231335123
10-08-2015 11:32:22 Windows Update
11-08-2015 00:24:06 Norton_Power_Eraser_20150811002400949
11-08-2015 02:00:58 Norton_Power_Eraser_20150811020053526
11-08-2015 03:00:16 Windows Update
11-08-2015 04:39:33 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2014-06-29 08:06 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {018567D4-21EE-42D0-BA7B-1628FB10060B} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {0D41DB0F-7F93-4993-A4D8-F2A70D4669B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A4E420-0D66-439A-A270-B9B6094E42B1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {13BE7939-B31D-4D0B-8B0D-E56C76D245DF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {1FE833B4-BD1E-40CB-BD91-0A84C32AD76A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {235CFED4-2ACA-415F-83CD-1ED604B23B79} - System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => pcalua.exe -a "C:\Program Files (x86)\V-9.1HD\Uninstall.exe" -c /fcp=1
Task: {29D71B1D-3393-4954-94BE-A4AB9AF8919F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {2B1E979D-21A7-4787-BFCE-264A6106A5CD} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {36C9E78A-4483-420D-A4E0-8F86F4FD5A8C} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {393BBB8D-441C-4C4F-8AF1-6C82E3AA690E} - \RocketTab -> No File <==== ATTENTION
Task: {40789279-1C96-4C37-9D94-33B7CE113DBE} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {41CC72F1-B55A-4769-9D94-69AF8A03A436} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {428E7C88-0901-4650-9A80-77D1F6E27A5E} - System32\Tasks\SONY\Prepare Your VAIO\Prepare Your VAIO => C:\Program Files (x86)\Sony\Prepare Your VAIO\PYV.exe [2010-02-25] (Sony Corporation)
Task: {45E56A76-06DB-4921-8A19-EB472A27DBC5} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {4731AEF1-F633-4633-9E2A-D8BDE23F364F} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {48F56E4C-F2E2-4FD1-884C-89375100CBAF} - System32\Tasks\YogaLite => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
Task: {491A119B-5FE8-4731-9C8E-434BA6759B9D} - System32\Tasks\AdobeAAMUpdater-1.0-Val-VAIO-Val => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {4A6C63B3-5EC4-4CF6-8FF0-C5D3FB1D813D} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {4E22B097-D3DA-4787-B4F0-58B23EE2D230} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {5274D606-0786-4992-9B46-8E504E985106} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56004971-BDC7-40AE-8F3E-7AF931168EFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5C0B34AD-45D8-41CA-8C62-990BB13B983E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {60A91ADB-F825-4877-AA9F-8247B79F339D} - System32\Tasks\Malware Cleaner => C:\Users\Val\AppData\Roaming\3C86.tmp.exe <==== ATTENTION
Task: {637B059C-9874-42C1-910A-730791BDF02C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {64334B5F-626A-4957-AA73-99104CDAA1AF} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {65C250D4-888B-4B96-B24F-E1A958CD2424} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-17] (Symantec Corporation)
Task: {66455886-0F06-4A60-A971-9669985B547A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DAFB589-7BF3-4796-A22F-4F27D65C2F9D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DD85A0C-B4DF-42F9-BF51-37EB787D02F2} - System32\Tasks\Megasoft Security Viewer => C:\Program Files (x86)\Megasoft Security\jptask.exe
Task: {6E63CE98-39F5-4765-9736-99909BB2BDDE} - System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95} => pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {75E0C3BD-AAE6-4DC6-AAF1-AE43B2CEA6F5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {792606F4-0A69-47CF-84C4-700A17ECB811} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {8109AE46-C26B-4FED-8063-8D5FD629AC6D} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {897F74B7-DE82-4D80-B145-3BB27D32F9AE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
Task: {8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB} - System32\Tasks\Security Installer => C:\Users\Val\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {8F8F0474-F880-4A0E-89F0-9760B9AF48D1} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
Task: {905B07D2-6D78-4D57-BBEB-3B9F48757DA2} - System32\Tasks\{6ED7D482-686C-4A8C-A394-0FBCE695804E} => pcalua.exe -a C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED\setup_legend_of_grimrock_1.0.0.6.exe -d C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED
Task: {9CBB4F4F-3A66-45AB-9CF1-B493DE5EDFEC} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {A14BD500-46E1-47BE-9266-6E662074AA12} - System32\Tasks\{8F42C2F7-755C-491B-B067-0F304A7D13F5} => pcalua.exe -a C:\Users\Val\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\Val\Desktop
Task: {A1C1779F-D704-4DCE-A789-A100712AF941} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {AFC71B52-293D-4930-945B-84B0FDFB349E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {B39B622A-A986-4094-8E27-9B48B7576F81} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B3B302CA-6F56-41DE-93AF-795CA9E90D62} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {B5573480-3025-4CD8-ACC5-97F65DBDE0BE} - System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => pcalua.exe -a "C:\Program Files (x86)\Fraveen 1.4\Uninstall.exe" -c /fcp=1
Task: {B8684772-8ACD-4D61-B1B9-4BDB02A7D167} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {BDE114C7-E118-4D97-9A67-DCD2E3A10007} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {BE363EB0-7472-4830-8D86-39453475A990} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {BF6B4189-EA58-406D-8962-FE284BB18EB3} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C3F08A49-5EE6-4B2F-BDBF-938DDDCFB1A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C4867012-4448-4148-A5E1-343A99136352} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {D0DC214B-07FF-48A0-B3A7-CB94AF555CF3} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {D248F8B9-8060-4F5C-905C-53A93E9B6B36} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6B71070-5725-483E-8482-F0C671F834C7} - System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlayer\Uninstall.exe" -c /fcp=1
Task: {EDCF36B0-19D2-44FE-85E9-7E256F5F3FCD} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {EFB74764-C091-4473-A75E-20BB449789A3} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {F12734FA-A9D4-42CC-835C-83C6C8AEB16A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-11] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\YogaLite.job => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2010-07-19 15:48 - 2010-07-19 15:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-08 18:35 - 2013-01-08 18:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00379904 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll
2010-04-16 07:10 - 2009-11-21 08:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\6cyPRKj9G:dgV72Q0w8TYtF2X6pc7J
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-986212026-379418426-1859886101-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/11/2015 04:40:03 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 04:40:02 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.
Error: (08/11/2015 04:39:53 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 04:39:52 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.
Error: (08/11/2015 03:01:30 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 03:01:28 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.
Error: (08/11/2015 03:01:16 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 03:01:14 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.
Error: (08/11/2015 12:03:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Sims2ep9.exe version 1.17.0.66 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1bd8
Start Time: 01d0d363cdc2a95e
Termination Time: 44
Application Path: C:\Program Files (x86)\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2ep9.exe
Report Id:
Error: (08/10/2015 11:33:43 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
System errors:
=============
Error: (08/11/2015 04:20:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
Error: (08/11/2015 04:20:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error:
%%268439612
Error: (08/11/2015 04:18:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5
Error: (08/11/2015 04:18:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:16:10 PM on 11/08/2015 was unexpected.
Error: (08/11/2015 02:54:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
Error: (08/11/2015 02:54:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error:
%%268439612
Error: (08/11/2015 02:52:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5
Error: (08/11/2015 04:40:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.8.204.0 (KB3063917).
Error: (08/11/2015 04:40:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (08/11/2015 04:39:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
Microsoft Office:
=========================
Error: (08/11/2015 04:40:03 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 04:40:02 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/11/2015 04:39:53 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 04:39:52 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/11/2015 03:01:30 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 03:01:28 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/11/2015 03:01:16 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
Error: (08/11/2015 03:01:14 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/11/2015 12:03:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Sims2ep9.exe1.17.0.661bd801d0d363cdc2a95e44C:\Program Files (x86)\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2ep9.exe
Error: (08/10/2015 11:33:43 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.
CodeIntegrity:
===================================
Date: 2013-07-15 18:04:53.807
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:53.675
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:51.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:51.386
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:49.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:49.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:46.839
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:46.714
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:44.530
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:44.406
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 56%
Total physical RAM: 3766.88 MB
Available physical RAM: 1640.65 MB
Total Virtual: 7531.97 MB
Available Virtual: 5068.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:284.99 GB) (Free:68.7 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C4EA7D6B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
==================== End of log ============================
Outbound Traffic - Security Issue [Solved]
#1
Posted 11 August 2015 - 01:22 AM
#2
Posted 11 August 2015 - 01:43 AM
Before we get started, please keep these things in mind:
- Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
- If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
- Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
- You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
- Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
- The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
- I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
- Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
- Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
- Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
- Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
I'll check the log provided and be back with appropriate instructions once they are approved by my teacher.
Stay calm
#3
Posted 11 August 2015 - 05:03 AM
Let's start with an important information.
WARNING!
One or more of the identified infections on your computer is known to use a backdoor!
Backdoors allow hackers to remotely control your computer, which may result in stealing important system information, files and download and run more malware.
I recommend you to disconnect this PC from the Internet immediately. If you use that computer for banking or any other financial transactions or sensitive information, you should use a malware-free computer to change all passwords where applicable. You should also contact those financial institutions and explain them your situation.
Even if it has been identified and can be deleted, because of the way it affects your computer, that PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the operation system.
Please, read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can attempt to clean this machine, but I cannot guarantee that it will be 100% secure again. If you still want to proceed with cleaning process, follow the instructions below.
Step #1
TDSSKiller
Please download the latest version of TDSSKiller from here and save it to your Desktop.
- Right click TDSSKiller.exe and select Run as Administrator to run the application. Accept the license agreements, then click on Change parameters.
- Check all boxes then click OK.
Note: You will be prompted to reboot. Please do so. - Click the Start Scan button. This scan should take no longer than 2 minutes.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. - A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step #2
Uninstalling programs
Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove YTD Video Downloader 4.8.5.
Step #3
FRST Fix
- Download attached fixlist.txt file to your desktop.
fixlist.txt 4.76KB 292 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system - Right click FRST64.exe on your desktop and click Run as administrator.
- Press the Fix button just once and wait.
NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work. - If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Things that should appear in your next post:
- TDSSKiller log content
- Fixlog.txt log content
#4
Posted 11 August 2015 - 07:05 AM
As requested
Thank you!
23:00:22.0397 0x1ae4 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
23:00:26.0203 0x1ae4 ============================================================
23:00:26.0203 0x1ae4 Current date / time: 2015/08/11 23:00:26.0203
23:00:26.0203 0x1ae4 SystemInfo:
23:00:26.0203 0x1ae4
23:00:26.0203 0x1ae4 OS Version: 6.1.7601 ServicePack: 1.0
23:00:26.0203 0x1ae4 Product type: Workstation
23:00:26.0203 0x1ae4 ComputerName: JOEL
23:00:26.0203 0x1ae4 UserName: Val
23:00:26.0203 0x1ae4 Windows directory: C:\Windows
23:00:26.0203 0x1ae4 System windows directory: C:\Windows
23:00:26.0203 0x1ae4 Running under WOW64
23:00:26.0203 0x1ae4 Processor architecture: Intel x64
23:00:26.0203 0x1ae4 Number of processors: 4
23:00:26.0203 0x1ae4 Page size: 0x1000
23:00:26.0203 0x1ae4 Boot type: Normal boot
23:00:26.0203 0x1ae4 ============================================================
23:00:28.0372 0x1ae4 KLMD registered as C:\Windows\system32\drivers\73685000.sys
23:00:29.0089 0x1ae4 System UUID: {D1D5FD69-D450-8135-BD40-6630BEA5859C}
23:00:31.0648 0x1ae4 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:00:31.0663 0x1ae4 ============================================================
23:00:31.0663 0x1ae4 \Device\Harddisk0\DR0:
23:00:31.0663 0x1ae4 MBR partitions:
23:00:31.0663 0x1ae4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A03800, BlocksNum 0x32000
23:00:31.0663 0x1ae4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A35800, BlocksNum 0x239F8800
23:00:31.0663 0x1ae4 ============================================================
23:00:31.0741 0x1ae4 C: <-> \Device\Harddisk0\DR0\Partition2
23:00:31.0741 0x1ae4 ============================================================
23:00:31.0741 0x1ae4 Initialize success
23:00:31.0741 0x1ae4 ============================================================
23:00:37.0404 0x1b8c ============================================================
23:00:37.0404 0x1b8c Scan started
23:00:37.0404 0x1b8c Mode: Manual;
23:00:37.0404 0x1b8c ============================================================
23:00:37.0404 0x1b8c KSN ping started
23:00:40.0446 0x1b8c KSN ping finished: true
23:00:42.0895 0x1b8c ================ Scan system memory ========================
23:00:42.0895 0x1b8c System memory - ok
23:00:42.0895 0x1b8c ================ Scan services =============================
23:00:43.0254 0x1b8c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:00:43.0254 0x1b8c 1394ohci - ok
23:00:43.0301 0x1b8c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:00:43.0316 0x1b8c ACPI - ok
23:00:43.0363 0x1b8c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:00:43.0363 0x1b8c AcpiPmi - ok
23:00:43.0660 0x1b8c [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:00:43.0675 0x1b8c AdobeFlashPlayerUpdateSvc - ok
23:00:43.0769 0x1b8c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:00:43.0784 0x1b8c adp94xx - ok
23:00:43.0831 0x1b8c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:00:43.0878 0x1b8c adpahci - ok
23:00:43.0894 0x1b8c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:00:43.0894 0x1b8c adpu320 - ok
23:00:43.0956 0x1b8c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:00:43.0956 0x1b8c AeLookupSvc - ok
23:00:44.0018 0x1b8c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
23:00:44.0034 0x1b8c AFD - ok
23:00:44.0096 0x1b8c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
23:00:44.0096 0x1b8c agp440 - ok
23:00:44.0143 0x1b8c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:00:44.0143 0x1b8c ALG - ok
23:00:44.0190 0x1b8c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
23:00:44.0190 0x1b8c aliide - ok
23:00:44.0237 0x1b8c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
23:00:44.0237 0x1b8c amdide - ok
23:00:44.0284 0x1b8c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:00:44.0284 0x1b8c AmdK8 - ok
23:00:44.0315 0x1b8c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:00:44.0315 0x1b8c AmdPPM - ok
23:00:44.0362 0x1b8c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:00:44.0362 0x1b8c amdsata - ok
23:00:44.0408 0x1b8c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:00:44.0408 0x1b8c amdsbs - ok
23:00:44.0440 0x1b8c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:00:44.0440 0x1b8c amdxata - ok
23:00:44.0518 0x1b8c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
23:00:44.0518 0x1b8c AppID - ok
23:00:44.0580 0x1b8c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:00:44.0580 0x1b8c AppIDSvc - ok
23:00:44.0627 0x1b8c [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
23:00:44.0627 0x1b8c Appinfo - ok
23:00:44.0830 0x1b8c [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:00:44.0830 0x1b8c Apple Mobile Device Service - ok
23:00:44.0861 0x1b8c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
23:00:44.0876 0x1b8c arc - ok
23:00:44.0908 0x1b8c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:00:44.0908 0x1b8c arcsas - ok
23:00:45.0188 0x1b8c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:00:45.0220 0x1b8c aspnet_state - ok
23:00:45.0251 0x1b8c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:45.0251 0x1b8c AsyncMac - ok
23:00:45.0313 0x1b8c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
23:00:45.0313 0x1b8c atapi - ok
23:00:45.0688 0x1b8c [ 08BAAA2432E81031A6C3B11AD5A67E2B, BB909746B0FBC731BA7D64E9332FF367C8D37E7053B304F0FC08B270D3683D57 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:00:45.0828 0x1b8c athr - ok
23:00:45.0937 0x1b8c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:00:45.0953 0x1b8c AudioEndpointBuilder - ok
23:00:45.0984 0x1b8c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:00:46.0000 0x1b8c AudioSrv - ok
23:00:46.0031 0x1b8c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:00:46.0046 0x1b8c AxInstSV - ok
23:00:46.0093 0x1b8c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:00:46.0109 0x1b8c b06bdrv - ok
23:00:46.0140 0x1b8c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:00:46.0156 0x1b8c b57nd60a - ok
23:00:46.0202 0x1b8c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:00:46.0218 0x1b8c BDESVC - ok
23:00:46.0265 0x1b8c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:00:46.0265 0x1b8c Beep - ok
23:00:46.0452 0x1b8c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
23:00:46.0468 0x1b8c BFE - ok
23:00:46.0904 0x1b8c [ 3E2882C7D02E34D5528BDDECD8CEF930, 39AEB34BD5BFD0BE6C8D0E37D5D5912B76B87A442C2AD91AC3E5F709D73C809C ] BHDrvx64 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150728.001\BHDrvx64.sys
23:00:46.0951 0x1b8c BHDrvx64 - ok
23:00:47.0107 0x1b8c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
23:00:47.0123 0x1b8c BITS - ok
23:00:47.0154 0x1b8c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:00:47.0154 0x1b8c blbdrive - ok
23:00:47.0310 0x1b8c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:00:47.0326 0x1b8c Bonjour Service - ok
23:00:47.0372 0x1b8c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:00:47.0372 0x1b8c bowser - ok
23:00:47.0388 0x1b8c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:00:47.0388 0x1b8c BrFiltLo - ok
23:00:47.0419 0x1b8c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:00:47.0419 0x1b8c BrFiltUp - ok
23:00:47.0450 0x1b8c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
23:00:47.0450 0x1b8c Browser - ok
23:00:47.0482 0x1b8c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:00:47.0513 0x1b8c Brserid - ok
23:00:47.0560 0x1b8c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:00:47.0560 0x1b8c BrSerWdm - ok
23:00:47.0591 0x1b8c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:00:47.0591 0x1b8c BrUsbMdm - ok
23:00:47.0606 0x1b8c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:00:47.0606 0x1b8c BrUsbSer - ok
23:00:47.0653 0x1b8c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:00:47.0653 0x1b8c BthEnum - ok
23:00:47.0700 0x1b8c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:00:47.0700 0x1b8c BTHMODEM - ok
23:00:47.0747 0x1b8c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:00:47.0762 0x1b8c BthPan - ok
23:00:47.0856 0x1b8c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:00:47.0887 0x1b8c BTHPORT - ok
23:00:47.0950 0x1b8c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:00:47.0950 0x1b8c bthserv - ok
23:00:47.0981 0x1b8c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:00:47.0996 0x1b8c BTHUSB - ok
23:00:48.0121 0x1b8c [ 71A07B6FC98030935E60EDBFFE9E9C85, DEEDEF1381E16C41646EB28915BC6BABEB4F47CFA30549F904D08E341FA987AC ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
23:00:48.0137 0x1b8c btwampfl - ok
23:00:48.0168 0x1b8c [ BA5622F5544C6C445DFF1A05ACC8B19D, D9B3FBED2EDE92E16AEC5A6E3E69768540083A9AB3D80E3E8DC9218B7BD78DED ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:00:48.0184 0x1b8c btwaudio - ok
23:00:48.0199 0x1b8c [ A11905D0F4BD34771F195217B6AA5AE0, 2E7096E278978773C42E06833D2207DE7B4A9DBC4AF09415DCADD27372C4C0AE ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
23:00:48.0199 0x1b8c btwavdt - ok
23:00:48.0324 0x1b8c [ 1AF4ADB12E5EC25041166DA38C3B42C9, 1EFC43C4B0F4F83DFB40FBAEC8DCAF45FEEC6221EC2036C07A7774B511D104EE ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:00:48.0355 0x1b8c btwdins - ok
23:00:48.0371 0x1b8c [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:00:48.0371 0x1b8c btwl2cap - ok
23:00:48.0418 0x1b8c [ BD776F32D64EC615BE4563DC2747224E, D0CFB25919051DC5654CC47BBD785D304BEEA4BEBC99BEFCE74C53C439AB33ED ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:00:48.0418 0x1b8c btwrchid - ok
23:00:48.0636 0x1b8c [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys
23:00:48.0652 0x1b8c ccSet_N360 - ok
23:00:48.0683 0x1b8c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:00:48.0698 0x1b8c cdfs - ok
23:00:48.0792 0x1b8c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:00:48.0792 0x1b8c cdrom - ok
23:00:48.0823 0x1b8c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
23:00:48.0823 0x1b8c CertPropSvc - ok
23:00:48.0886 0x1b8c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
23:00:48.0886 0x1b8c circlass - ok
23:00:48.0995 0x1b8c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
23:00:49.0026 0x1b8c CLFS - ok
23:00:49.0104 0x1b8c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:49.0104 0x1b8c clr_optimization_v2.0.50727_32 - ok
23:00:49.0182 0x1b8c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:00:49.0182 0x1b8c clr_optimization_v2.0.50727_64 - ok
23:00:49.0322 0x1b8c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:49.0666 0x1b8c clr_optimization_v4.0.30319_32 - ok
23:00:49.0681 0x1b8c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:00:49.0853 0x1b8c clr_optimization_v4.0.30319_64 - ok
23:00:49.0900 0x1b8c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:00:49.0900 0x1b8c CmBatt - ok
23:00:49.0962 0x1b8c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:00:49.0978 0x1b8c cmdide - ok
23:00:50.0118 0x1b8c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
23:00:50.0118 0x1b8c CNG - ok
23:00:50.0196 0x1b8c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:00:50.0196 0x1b8c Compbatt - ok
23:00:50.0258 0x1b8c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:00:50.0258 0x1b8c CompositeBus - ok
23:00:50.0258 0x1b8c COMSysApp - ok
23:00:50.0305 0x1b8c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:00:50.0305 0x1b8c crcdisk - ok
23:00:50.0430 0x1b8c [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:00:50.0446 0x1b8c CryptSvc - ok
23:00:50.0586 0x1b8c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:00:50.0617 0x1b8c DcomLaunch - ok
23:00:50.0664 0x1b8c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:00:50.0680 0x1b8c defragsvc - ok
23:00:50.0773 0x1b8c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:00:50.0773 0x1b8c DfsC - ok
23:00:50.0836 0x1b8c [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:00:50.0836 0x1b8c dg_ssudbus - ok
23:00:50.0929 0x1b8c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:00:50.0945 0x1b8c Dhcp - ok
23:00:51.0210 0x1b8c [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
23:00:51.0241 0x1b8c DiagTrack - ok
23:00:51.0319 0x1b8c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:00:51.0319 0x1b8c discache - ok
23:00:51.0366 0x1b8c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
23:00:51.0366 0x1b8c Disk - ok
23:00:51.0397 0x1b8c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:00:51.0413 0x1b8c Dnscache - ok
23:00:51.0460 0x1b8c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
23:00:51.0460 0x1b8c dot3svc - ok
23:00:51.0506 0x1b8c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
23:00:51.0506 0x1b8c DPS - ok
23:00:51.0569 0x1b8c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:00:51.0569 0x1b8c drmkaud - ok
23:00:51.0647 0x1b8c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:00:51.0678 0x1b8c DXGKrnl - ok
23:00:51.0725 0x1b8c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:00:51.0725 0x1b8c EapHost - ok
23:00:51.0896 0x1b8c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:00:52.0037 0x1b8c ebdrv - ok
23:00:52.0162 0x1b8c [ 93EA893A8C2C561648A559E48C723412, 14F9AD8BCF423BC40F7B3D2D7BC0F795CD3C54800C854873BD170ADF2A735B64 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:00:52.0177 0x1b8c eeCtrl - ok
23:00:52.0224 0x1b8c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS C:\Windows\System32\lsass.exe
23:00:52.0224 0x1b8c EFS - ok
23:00:52.0302 0x1b8c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:00:52.0333 0x1b8c ehRecvr - ok
23:00:52.0349 0x1b8c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:00:52.0364 0x1b8c ehSched - ok
23:00:52.0411 0x1b8c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:00:52.0427 0x1b8c elxstor - ok
23:00:52.0474 0x1b8c [ 8400C9E33B68C556BF63AEF490EB145C, A840DF1A27C935DD427E53C5D2FFFE79E612D0B4074CE26AA992DA62D4925806 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:00:52.0474 0x1b8c EraserUtilRebootDrv - ok
23:00:52.0520 0x1b8c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:00:52.0520 0x1b8c ErrDev - ok
23:00:52.0614 0x1b8c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:00:52.0630 0x1b8c EventSystem - ok
23:00:52.0817 0x1b8c [ BDFCB7E8C108D042B213957D2B044E7E, 2840637123E40ACEB6F78A618C7C230B62388C36C49D5AD9BE795A1063FA5845 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:00:52.0864 0x1b8c EvtEng - ok
23:00:52.0879 0x1b8c ewusbnet - ok
23:00:52.0895 0x1b8c ew_hwusbdev - ok
23:00:52.0926 0x1b8c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:00:52.0926 0x1b8c exfat - ok
23:00:52.0988 0x1b8c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:00:53.0004 0x1b8c fastfat - ok
23:00:53.0191 0x1b8c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
23:00:53.0222 0x1b8c Fax - ok
23:00:53.0238 0x1b8c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
23:00:53.0238 0x1b8c fdc - ok
23:00:53.0316 0x1b8c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:00:53.0316 0x1b8c fdPHost - ok
23:00:53.0347 0x1b8c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:00:53.0347 0x1b8c FDResPub - ok
23:00:53.0410 0x1b8c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:00:53.0410 0x1b8c FileInfo - ok
23:00:53.0441 0x1b8c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:00:53.0441 0x1b8c Filetrace - ok
23:00:53.0566 0x1b8c [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:00:53.0597 0x1b8c FLEXnet Licensing Service - ok
23:00:53.0612 0x1b8c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:00:53.0612 0x1b8c flpydisk - ok
23:00:53.0675 0x1b8c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:00:53.0675 0x1b8c FltMgr - ok
23:00:53.0784 0x1b8c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
23:00:53.0815 0x1b8c FontCache - ok
23:00:53.0893 0x1b8c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:00:53.0893 0x1b8c FontCache3.0.0.0 - ok
23:00:53.0940 0x1b8c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:00:53.0940 0x1b8c FsDepends - ok
23:00:54.0408 0x1b8c [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
23:00:54.0408 0x1b8c FsUsbExDisk - ok
23:00:54.0439 0x1b8c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:00:54.0439 0x1b8c Fs_Rec - ok
23:00:54.0502 0x1b8c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:00:54.0517 0x1b8c fvevol - ok
23:00:54.0580 0x1b8c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:00:54.0595 0x1b8c gagp30kx - ok
23:00:54.0673 0x1b8c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:00:54.0673 0x1b8c GEARAspiWDM - ok
23:00:54.0798 0x1b8c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
23:00:54.0829 0x1b8c gpsvc - ok
23:00:54.0876 0x1b8c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:00:54.0892 0x1b8c hcw85cir - ok
23:00:55.0001 0x1b8c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:00:55.0016 0x1b8c HdAudAddService - ok
23:00:55.0063 0x1b8c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:00:55.0063 0x1b8c HDAudBus - ok
23:00:55.0110 0x1b8c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
23:00:55.0110 0x1b8c HECIx64 - ok
23:00:55.0126 0x1b8c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:00:55.0141 0x1b8c HidBatt - ok
23:00:55.0157 0x1b8c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:00:55.0157 0x1b8c HidBth - ok
23:00:55.0188 0x1b8c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
23:00:55.0188 0x1b8c HidIr - ok
23:00:55.0235 0x1b8c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:00:55.0235 0x1b8c hidserv - ok
23:00:55.0297 0x1b8c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:00:55.0297 0x1b8c HidUsb - ok
23:00:55.0344 0x1b8c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:00:55.0344 0x1b8c hkmsvc - ok
23:00:55.0406 0x1b8c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:00:55.0422 0x1b8c HomeGroupListener - ok
23:00:55.0453 0x1b8c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:00:55.0453 0x1b8c HomeGroupProvider - ok
23:00:55.0500 0x1b8c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:00:55.0500 0x1b8c HpSAMD - ok
23:00:55.0578 0x1b8c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:00:55.0594 0x1b8c HTTP - ok
23:00:55.0609 0x1b8c huawei_enumerator - ok
23:00:55.0625 0x1b8c hwdatacard - ok
23:00:55.0672 0x1b8c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:00:55.0672 0x1b8c hwpolicy - ok
23:00:55.0734 0x1b8c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:00:55.0750 0x1b8c i8042prt - ok
23:00:55.0781 0x1b8c [ 073A606333B6F7BBF20AA856DF7F0997, 513927CA430511A5B95F6CBE5FBD20F8C2202B609F88C4526C174A4FF7F761FC ] iaStor C:\Windows\system32\drivers\iaStor.sys
23:00:55.0796 0x1b8c iaStor - ok
23:00:55.0937 0x1b8c [ CC800D2D9FD467542BAC7C186C4774AD, 2C2B975DAE6643D3CC5B93B6B58266C0B7E752651FB73B512ECA44FADB8AB839 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:00:55.0937 0x1b8c IAStorDataMgrSvc - ok
23:00:56.0046 0x1b8c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:00:56.0062 0x1b8c iaStorV - ok
23:00:56.0218 0x1b8c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:00:56.0420 0x1b8c IDriverT - ok
23:00:56.0592 0x1b8c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:00:56.0701 0x1b8c idsvc - ok
23:00:56.0935 0x1b8c [ 19F52CF90BB4D05B5265773CA7011E4C, BA28BAEE9D64859775C6DF56E407104D1463BD1374CF3F6AA414AB85946ED1F5 ] IDSVia64 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150809.001\IDSvia64.sys
23:00:56.0951 0x1b8c IDSVia64 - ok
23:00:56.0998 0x1b8c IEEtwCollectorService - ok
23:00:58.0091 0x1b8c [ 4128D51B770BB68FE44EAF3AD1DBAB25, 1E0C63D03E51C257CFDFF95F7BDC11FA58CA10166A0C4A5D2BD11647B88C6EC7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:00:58.0574 0x1b8c igfx - ok
23:00:58.0637 0x1b8c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:00:58.0637 0x1b8c iirsp - ok
23:00:58.0777 0x1b8c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
23:00:58.0808 0x1b8c IKEEXT - ok
23:00:58.0886 0x1b8c [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
23:00:58.0886 0x1b8c Impcd - ok
23:00:59.0262 0x1b8c [ C1E2D46EB6E533DD087C684D33411F4A, 1C7634A6CEC5359D41798E2E2BD5E5D3E6B3ED2D8BDB0E0B8331693A69920B9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:00:59.0308 0x1b8c IntcAzAudAddService - ok
23:00:59.0340 0x1b8c [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:00:59.0355 0x1b8c IntcDAud - ok
23:00:59.0386 0x1b8c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
23:00:59.0386 0x1b8c intelide - ok
23:00:59.0418 0x1b8c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
23:00:59.0418 0x1b8c intelppm - ok
23:00:59.0496 0x1b8c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:00:59.0511 0x1b8c IPBusEnum - ok
23:00:59.0542 0x1b8c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:00:59.0542 0x1b8c IpFilterDriver - ok
23:00:59.0667 0x1b8c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
23:00:59.0683 0x1b8c IpHlpSvc - ok
23:00:59.0714 0x1b8c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:00:59.0730 0x1b8c IPMIDRV - ok
23:00:59.0776 0x1b8c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:00:59.0776 0x1b8c IPNAT - ok
23:00:59.0964 0x1b8c [ 2208D673C5D4B22EB0235EA1EC6269CC, 3E73032D67B3B740E11CEA0748CDFFBE35619CBF1AC1C3D86EF089CA326D7918 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:00:59.0979 0x1b8c iPod Service - ok
23:01:00.0026 0x1b8c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:01:00.0026 0x1b8c IRENUM - ok
23:01:00.0073 0x1b8c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:01:00.0073 0x1b8c isapnp - ok
23:01:00.0135 0x1b8c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:01:00.0135 0x1b8c iScsiPrt - ok
23:01:00.0166 0x1b8c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:00.0166 0x1b8c kbdclass - ok
23:01:00.0198 0x1b8c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:01:00.0198 0x1b8c kbdhid - ok
23:01:00.0213 0x1b8c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso C:\Windows\system32\lsass.exe
23:01:00.0213 0x1b8c KeyIso - ok
23:01:00.0276 0x1b8c [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:01:00.0276 0x1b8c KSecDD - ok
23:01:00.0307 0x1b8c [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:01:00.0322 0x1b8c KSecPkg - ok
23:01:00.0354 0x1b8c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:01:00.0354 0x1b8c ksthunk - ok
23:01:00.0463 0x1b8c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:01:00.0478 0x1b8c KtmRm - ok
23:01:00.0541 0x1b8c [ E84DA1A93978B3700EA63414357B9BA3, B6119D23457CDEE2CCEBA433F5427B183387C3C54E9E51B42D7C79D1524727A4 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
23:01:00.0541 0x1b8c L1C - ok
23:01:00.0603 0x1b8c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:01:00.0603 0x1b8c LanmanServer - ok
23:01:00.0666 0x1b8c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:01:00.0666 0x1b8c LanmanWorkstation - ok
23:01:00.0775 0x1b8c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:01:00.0775 0x1b8c lltdio - ok
23:01:00.0837 0x1b8c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:01:00.0853 0x1b8c lltdsvc - ok
23:01:00.0868 0x1b8c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:01:00.0884 0x1b8c lmhosts - ok
23:01:01.0024 0x1b8c [ AD1CF8471B06BADB93D87CC4D63B8483, 0465CFBA7A12F74CCD155949837694D3F67F57B831A9BA7D40E08882AD3E1815 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:01:01.0040 0x1b8c LMS - ok
23:01:01.0071 0x1b8c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:01:01.0071 0x1b8c LSI_FC - ok
23:01:01.0087 0x1b8c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:01:01.0102 0x1b8c LSI_SAS - ok
23:01:01.0118 0x1b8c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:01:01.0118 0x1b8c LSI_SAS2 - ok
23:01:01.0149 0x1b8c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:01:01.0149 0x1b8c LSI_SCSI - ok
23:01:01.0165 0x1b8c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:01:01.0180 0x1b8c luafv - ok
23:01:01.0196 0x1b8c MBAMSwissArmy - ok
23:01:01.0290 0x1b8c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:01:01.0290 0x1b8c Mcx2Svc - ok
23:01:01.0305 0x1b8c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
23:01:01.0383 0x1b8c megasas - ok
23:01:01.0461 0x1b8c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:01:01.0477 0x1b8c MegaSR - ok
23:01:01.0524 0x1b8c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:01:01.0524 0x1b8c MMCSS - ok
23:01:01.0570 0x1b8c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:01:01.0570 0x1b8c Modem - ok
23:01:01.0617 0x1b8c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:01:01.0617 0x1b8c monitor - ok
23:01:01.0695 0x1b8c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:01:01.0695 0x1b8c mouclass - ok
23:01:01.0742 0x1b8c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:01:01.0758 0x1b8c mouhid - ok
23:01:01.0820 0x1b8c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:01:01.0820 0x1b8c mountmgr - ok
23:01:01.0992 0x1b8c [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:01:01.0992 0x1b8c MozillaMaintenance - ok
23:01:02.0054 0x1b8c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:01:02.0070 0x1b8c mpio - ok
23:01:02.0163 0x1b8c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:01:02.0163 0x1b8c mpsdrv - ok
23:01:02.0288 0x1b8c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:01:02.0335 0x1b8c MpsSvc - ok
23:01:02.0397 0x1b8c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:01:02.0413 0x1b8c MRxDAV - ok
23:01:02.0491 0x1b8c [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:02.0491 0x1b8c mrxsmb - ok
23:01:02.0538 0x1b8c [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:02.0538 0x1b8c mrxsmb10 - ok
23:01:02.0569 0x1b8c [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:02.0584 0x1b8c mrxsmb20 - ok
23:01:02.0662 0x1b8c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
23:01:02.0662 0x1b8c msahci - ok
23:01:02.0725 0x1b8c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:01:02.0725 0x1b8c msdsm - ok
23:01:02.0772 0x1b8c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:01:02.0772 0x1b8c MSDTC - ok
23:01:02.0881 0x1b8c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:01:02.0881 0x1b8c Msfs - ok
23:01:02.0912 0x1b8c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:01:02.0912 0x1b8c mshidkmdf - ok
23:01:03.0006 0x1b8c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:01:03.0006 0x1b8c msisadrv - ok
23:01:03.0099 0x1b8c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:01:03.0115 0x1b8c MSiSCSI - ok
23:01:03.0115 0x1b8c msiserver - ok
23:01:03.0208 0x1b8c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:01:03.0208 0x1b8c MSKSSRV - ok
23:01:03.0442 0x1b8c [ E07DEC52FF801841BA9B6878A60304FB, A57A999F411559EA97C830C9FE0234578E2E98EDAF72F9949891F901B83B22A4 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:01:03.0442 0x1b8c MsMpSvc - ok
23:01:03.0458 0x1b8c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:03.0458 0x1b8c MSPCLOCK - ok
23:01:03.0489 0x1b8c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:01:03.0505 0x1b8c MSPQM - ok
23:01:03.0567 0x1b8c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:01:03.0567 0x1b8c MsRPC - ok
23:01:03.0614 0x1b8c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:01:03.0614 0x1b8c mssmbios - ok
23:01:03.0661 0x1b8c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:01:03.0661 0x1b8c MSTEE - ok
23:01:03.0676 0x1b8c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:01:03.0676 0x1b8c MTConfig - ok
23:01:03.0692 0x1b8c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:01:03.0708 0x1b8c Mup - ok
23:01:03.0957 0x1b8c [ 09EA30AD32C1B0B4581CB51D183164E4, 0EE238B87E048F4E44F04FA58C6351090C875016C158A2921598BCAED1BA05DF ] N360 C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
23:01:03.0973 0x1b8c N360 - ok
23:01:04.0020 0x1b8c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
23:01:04.0035 0x1b8c napagent - ok
23:01:04.0113 0x1b8c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:01:04.0113 0x1b8c NativeWifiP - ok
23:01:04.0425 0x1b8c [ 5A4EC58A5F2E63DB2092B343CF1B2834, 33F957565E38A3A2842DDB16D7C969F93A4FB888DB5AFBBF5431A712FADE4E13 ] NAVENG C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.024\ENG64.SYS
23:01:04.0425 0x1b8c NAVENG - ok
23:01:05.0205 0x1b8c [ 526EA496D7F06B3746775046B33027C1, FEC0B860F49C28ED6ED721A09D19239BB1E20CE3A29697B24B2FE604AE0EB808 ] NAVEX15 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150810.024\EX64.SYS
23:01:05.0268 0x1b8c NAVEX15 - ok
23:01:05.0408 0x1b8c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
23:01:05.0486 0x1b8c NDIS - ok
23:01:05.0533 0x1b8c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:05.0704 0x1b8c NdisCap - ok
23:01:05.0736 0x1b8c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:05.0736 0x1b8c NdisTapi - ok
23:01:05.0782 0x1b8c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:05.0782 0x1b8c Ndisuio - ok
23:01:05.0829 0x1b8c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:05.0845 0x1b8c NdisWan - ok
23:01:05.0876 0x1b8c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:01:05.0876 0x1b8c NDProxy - ok
23:01:05.0907 0x1b8c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:01:05.0907 0x1b8c NetBIOS - ok
23:01:05.0970 0x1b8c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:01:05.0985 0x1b8c NetBT - ok
23:01:06.0032 0x1b8c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon C:\Windows\system32\lsass.exe
23:01:06.0032 0x1b8c Netlogon - ok
23:01:06.0157 0x1b8c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:01:06.0172 0x1b8c Netman - ok
23:01:06.0235 0x1b8c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:01:06.0250 0x1b8c netprofm - ok
23:01:06.0344 0x1b8c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:01:06.0375 0x1b8c NetTcpActivator - ok
23:01:06.0391 0x1b8c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:01:06.0391 0x1b8c NetTcpPortSharing - ok
23:01:06.0843 0x1b8c [ 39EDE676D17F37AF4573C2B33EC28ACA, 6C897C8B72D7AC1385302E58509688790CC5F428E967485F92C3CD646907EF59 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
23:01:07.0171 0x1b8c NETw5s64 - ok
23:01:07.0920 0x1b8c [ EB43840BABF5589E33186D094DE7381D, 028750D33516773258FEA120FE4108A2EEA3FC6FEC49C6B2C1926F57858173AC ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
23:01:08.0232 0x1b8c NETwNs64 - ok
23:01:08.0263 0x1b8c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:01:08.0263 0x1b8c nfrd960 - ok
23:01:08.0310 0x1b8c [ 162100E0BC8377710F9D170631921C03, B4FC4F6BCCA5A61EC86F9D10F4FE284E9393CE4599CE64BC8360202F0108B499 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:01:08.0310 0x1b8c NisDrv - ok
23:01:08.0388 0x1b8c [ C6E15F2F95F9C0A6098D43510B604E52, 7B621846EC4DD066657536755455ADB016207A45D49FC5E5F1D50EAD2CCB6B13 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:01:08.0388 0x1b8c NisSrv - ok
23:01:08.0434 0x1b8c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:01:08.0450 0x1b8c NlaSvc - ok
23:01:08.0497 0x1b8c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:01:08.0497 0x1b8c Npfs - ok
23:01:08.0544 0x1b8c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:01:08.0544 0x1b8c nsi - ok
23:01:08.0715 0x1b8c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:01:08.0715 0x1b8c nsiproxy - ok
23:01:08.0934 0x1b8c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:01:09.0012 0x1b8c Ntfs - ok
23:01:09.0090 0x1b8c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:01:09.0090 0x1b8c Null - ok
23:01:09.0152 0x1b8c [ AD37248BD442D41C9A896E53EB8A85EE, 9CC50602480544DBD0B873B3444D355CC13CB97EC1BCA97F85668C45DEFE78C1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:01:09.0152 0x1b8c NVHDA - ok
23:01:09.0870 0x1b8c [ DB2BEE926E7DFC59896A2D6800EB13F7, D24E924E7045B5BA38814B7A350C3669E44C68112083B96303556D09A8C6B232 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:01:10.0353 0x1b8c nvlddmkm - ok
23:01:10.0416 0x1b8c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:01:10.0431 0x1b8c nvraid - ok
23:01:10.0572 0x1b8c [ 445CD678770FEE791665E2650594BFC2, 85BA48EB978DBF0A7C0E608DF8FB5D6A57786FC517DE35F0556516A661DA00D8 ] nvservice C:\Windows\system32\nvservice.exe
23:01:10.0572 0x1b8c nvservice - ok
23:01:10.0587 0x1b8c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:01:10.0603 0x1b8c nvstor - ok
23:01:10.0650 0x1b8c [ 24AB15D09A13D5A40567211A1AB9B479, D0CC30473CAD6254CFE6F0D6ACEB8A33BA38DBEDB6824793DB2CA30057F10BF3 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:01:10.0665 0x1b8c nvsvc - ok
23:01:10.0759 0x1b8c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:01:10.0774 0x1b8c nv_agp - ok
23:01:10.0821 0x1b8c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:01:10.0821 0x1b8c ohci1394 - ok
23:01:10.0977 0x1b8c [ 880CD3C9ACE342F29AB2F90C751B91A4, 7882ED604EE443E182B323D9A38E35B49FD8C28EDC1196B65EDFABB22CBF6161 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
23:01:11.0164 0x1b8c Origin Client Service - ok
23:01:11.0352 0x1b8c [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:01:11.0367 0x1b8c ose64 - ok
23:01:11.0882 0x1b8c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:01:12.0069 0x1b8c osppsvc - ok
23:01:12.0147 0x1b8c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:01:12.0147 0x1b8c p2pimsvc - ok
23:01:12.0178 0x1b8c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:01:12.0194 0x1b8c p2psvc - ok
23:01:12.0241 0x1b8c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
23:01:12.0241 0x1b8c Parport - ok
23:01:12.0366 0x1b8c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:01:12.0366 0x1b8c partmgr - ok
23:01:12.0475 0x1b8c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:01:12.0475 0x1b8c PcaSvc - ok
23:01:12.0553 0x1b8c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
23:01:12.0584 0x1b8c pci - ok
23:01:12.0662 0x1b8c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
23:01:12.0662 0x1b8c pciide - ok
23:01:12.0709 0x1b8c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:01:12.0724 0x1b8c pcmcia - ok
23:01:12.0740 0x1b8c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:01:12.0740 0x1b8c pcw - ok
23:01:12.0865 0x1b8c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:01:12.0880 0x1b8c PEAUTH - ok
23:01:13.0068 0x1b8c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:01:13.0068 0x1b8c PerfHost - ok
23:01:13.0255 0x1b8c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
23:01:13.0317 0x1b8c pla - ok
23:01:13.0380 0x1b8c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:01:13.0395 0x1b8c PlugPlay - ok
23:01:13.0582 0x1b8c [ 627FA58ADC043704F9D14CA44340956F, 92306D5EE64812775E2A2E65F6666A5805CC4DD8BEB3E2FC64CCA087EF471D1F ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
23:01:13.0660 0x1b8c PMBDeviceInfoProvider - ok
23:01:13.0707 0x1b8c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:01:13.0707 0x1b8c PNRPAutoReg - ok
23:01:13.0738 0x1b8c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:01:13.0738 0x1b8c PNRPsvc - ok
23:01:13.0801 0x1b8c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:01:13.0816 0x1b8c PolicyAgent - ok
23:01:13.0957 0x1b8c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:01:13.0957 0x1b8c Power - ok
23:01:14.0004 0x1b8c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:01:14.0004 0x1b8c PptpMiniport - ok
23:01:14.0050 0x1b8c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
23:01:14.0066 0x1b8c Processor - ok
23:01:14.0128 0x1b8c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
23:01:14.0144 0x1b8c ProfSvc - ok
23:01:14.0191 0x1b8c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
23:01:14.0191 0x1b8c ProtectedStorage - ok
23:01:14.0253 0x1b8c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:01:14.0253 0x1b8c Psched - ok
23:01:14.0316 0x1b8c [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:01:14.0316 0x1b8c PxHlpa64 - ok
23:01:14.0487 0x1b8c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:01:14.0550 0x1b8c ql2300 - ok
23:01:14.0612 0x1b8c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:01:14.0628 0x1b8c ql40xx - ok
23:01:14.0706 0x1b8c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:01:14.0721 0x1b8c QWAVE - ok
23:01:14.0737 0x1b8c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:01:14.0753 0x1b8c QWAVEdrv - ok
23:01:14.0784 0x1b8c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:01:14.0784 0x1b8c RasAcd - ok
23:01:14.0846 0x1b8c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:01:14.0862 0x1b8c RasAgileVpn - ok
23:01:14.0971 0x1b8c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:01:14.0987 0x1b8c RasAuto - ok
23:01:15.0018 0x1b8c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:15.0033 0x1b8c Rasl2tp - ok
23:01:15.0111 0x1b8c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
23:01:15.0127 0x1b8c RasMan - ok
23:01:15.0174 0x1b8c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:15.0174 0x1b8c RasPppoe - ok
23:01:15.0189 0x1b8c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:01:15.0189 0x1b8c RasSstp - ok
23:01:15.0236 0x1b8c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:01:15.0252 0x1b8c rdbss - ok
23:01:15.0267 0x1b8c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:01:15.0283 0x1b8c rdpbus - ok
23:01:15.0299 0x1b8c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:15.0299 0x1b8c RDPCDD - ok
23:01:15.0314 0x1b8c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:01:15.0314 0x1b8c RDPENCDD - ok
23:01:15.0330 0x1b8c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:01:15.0330 0x1b8c RDPREFMP - ok
23:01:15.0408 0x1b8c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:01:15.0423 0x1b8c RdpVideoMiniport - ok
23:01:15.0486 0x1b8c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:01:15.0486 0x1b8c RDPWD - ok
23:01:15.0517 0x1b8c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:01:15.0533 0x1b8c rdyboost - ok
23:01:15.0735 0x1b8c [ A6BAEA839CC888D4961AB5FE16BB8C4A, A3DD50446BEDAE38A3DA8AC9809F3BCE95EA418C2DEF5DB433DB614591C6B51B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:01:15.0798 0x1b8c RegSrvc - ok
23:01:15.0829 0x1b8c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:01:15.0829 0x1b8c RemoteAccess - ok
23:01:15.0938 0x1b8c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:01:15.0954 0x1b8c RemoteRegistry - ok
23:01:15.0985 0x1b8c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:01:16.0001 0x1b8c RFCOMM - ok
23:01:16.0063 0x1b8c [ 6DED176A14770339F1415CFDBCC9E07F, 5949005C65964181EDCB40F6224AD8CE7DDCC9762C09957F2DC1E8CE9AEB12D2 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
23:01:16.0063 0x1b8c rimspci - ok
23:01:16.0094 0x1b8c [ DDF5F666C2A5B3729E8BEA01FB999CC0, 7143E35A8F9BA2A892FEAB6EDBC217DB6B20770A374C01F714105E67E10A7512 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
23:01:16.0094 0x1b8c risdsnpe - ok
23:01:16.0250 0x1b8c [ BA6CE930E1453677F7565AE45181AD76, 92DEB7BF8E9ED32B7E0FE20A05F8C0ECDE7B0EC6F25ABDAA58D27460C96003AD ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
23:01:16.0266 0x1b8c Roxio UPnP Renderer 10 - ok
23:01:16.0344 0x1b8c [ 3A3D707A35EA30A6CF88B9E555E3D815, 4763394E67F179D7048A460CB9B91E74F33D84C8DBDD4E28401ED473C7347410 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
23:01:16.0359 0x1b8c Roxio Upnp Server 10 - ok
23:01:16.0391 0x1b8c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:01:16.0391 0x1b8c RpcEptMapper - ok
23:01:16.0422 0x1b8c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:01:16.0422 0x1b8c RpcLocator - ok
23:01:16.0500 0x1b8c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
23:01:16.0515 0x1b8c RpcSs - ok
23:01:16.0562 0x1b8c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:01:16.0562 0x1b8c rspndr - ok
23:01:16.0578 0x1b8c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs C:\Windows\system32\lsass.exe
23:01:16.0593 0x1b8c SamSs - ok
23:01:16.0656 0x1b8c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:01:16.0656 0x1b8c sbp2port - ok
23:01:16.0718 0x1b8c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:01:16.0734 0x1b8c SCardSvr - ok
23:01:16.0859 0x1b8c [ 4A16CB882367D701DB93F14896D48C22, 26B885BB9D9953C0A35244BF4A616D911A8C7E223DBEEC977A1B6611E2E60FB1 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
23:01:16.0874 0x1b8c SCDEmu - ok
23:01:16.0921 0x1b8c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:01:16.0921 0x1b8c scfilter - ok
23:01:17.0030 0x1b8c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
23:01:17.0061 0x1b8c Schedule - ok
23:01:17.0093 0x1b8c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:01:17.0108 0x1b8c SCPolicySvc - ok
23:01:17.0139 0x1b8c [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:01:17.0139 0x1b8c sdbus - ok
23:01:17.0249 0x1b8c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:01:17.0249 0x1b8c SDRSVC - ok
23:01:17.0295 0x1b8c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:01:17.0295 0x1b8c secdrv - ok
23:01:17.0342 0x1b8c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
23:01:17.0342 0x1b8c seclogon - ok
23:01:17.0436 0x1b8c [ 1ED7A8574A28357097A5CB4063C96B00, 4E248CA66B7DE930AEC501A85F507AB813FC3CEBCBA347DFF3B05CE6CB8E496B ] semav6thermal64ro C:\Windows\system32\drivers\semav6thermal64ro.sys
23:01:17.0436 0x1b8c semav6thermal64ro - ok
23:01:17.0467 0x1b8c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:01:17.0467 0x1b8c SENS - ok
23:01:17.0483 0x1b8c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:01:17.0483 0x1b8c SensrSvc - ok
23:01:17.0514 0x1b8c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:01:17.0514 0x1b8c Serenum - ok
23:01:17.0545 0x1b8c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
23:01:17.0545 0x1b8c Serial - ok
23:01:17.0639 0x1b8c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:01:17.0639 0x1b8c sermouse - ok
23:01:17.0732 0x1b8c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
23:01:17.0732 0x1b8c SessionEnv - ok
23:01:17.0779 0x1b8c [ 286D3889E6AB5589646FF8A63CB928AE, 98D9D34521328F4F0B0B7C2CAB97BA0EC998B9F3F996B5ED08E17292F1CD9452 ] SFEP C:\Windows\system32\drivers\SFEP.sys
23:01:17.0779 0x1b8c SFEP - ok
23:01:17.0826 0x1b8c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:01:17.0826 0x1b8c sffdisk - ok
23:01:17.0857 0x1b8c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:01:17.0857 0x1b8c sffp_mmc - ok
23:01:17.0888 0x1b8c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:01:17.0888 0x1b8c sffp_sd - ok
23:01:17.0935 0x1b8c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:01:17.0935 0x1b8c sfloppy - ok
23:01:18.0138 0x1b8c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:01:18.0153 0x1b8c SharedAccess - ok
23:01:18.0278 0x1b8c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:01:18.0309 0x1b8c ShellHWDetection - ok
23:01:18.0325 0x1b8c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:01:18.0341 0x1b8c SiSRaid2 - ok
23:01:18.0403 0x1b8c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:01:18.0403 0x1b8c SiSRaid4 - ok
23:01:18.0809 0x1b8c [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:01:18.0824 0x1b8c SkypeUpdate - ok
23:01:18.0855 0x1b8c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:01:18.0855 0x1b8c Smb - ok
23:01:18.0902 0x1b8c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:01:18.0902 0x1b8c SNMPTRAP - ok
23:01:19.0089 0x1b8c [ C3E69DB0A4E59564230E053232F39AC7, D7E4AC42C0731F69869E96F3AE9021ABD968E17C92283A54F265E73E6BD60ED5 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
23:01:19.0089 0x1b8c SOHCImp - ok
23:01:19.0214 0x1b8c [ C1CD71C672EA281A424FBCF24AC99553, 3C25D36EA36C5ACF7AD4BE47935DD055DCA010ACE4B1A7089493E5F282CDFA7B ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
23:01:19.0245 0x1b8c SOHDms - ok
23:01:19.0261 0x1b8c [ F47D75CEE1844EEF4A9EA6EE768828FB, 242550EB5879476DD2CFC0E38FAF3C6D0263FEA7504BD73ED3B004E274D7CDF6 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
23:01:19.0261 0x1b8c SOHDs - ok
23:01:19.0355 0x1b8c [ E2E40C0D24456B6EB440BE01AF829829, 862A15D877DA95F341F77428D88DDEA7EC272C75546466DABDF59370ADD1A689 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
23:01:19.0370 0x1b8c SpfService - ok
23:01:19.0401 0x1b8c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:01:19.0401 0x1b8c spldr - ok
23:01:19.0448 0x1b8c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
23:01:19.0464 0x1b8c Spooler - ok
23:01:19.0698 0x1b8c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
23:01:19.0854 0x1b8c sppsvc - ok
23:01:19.0947 0x1b8c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:01:19.0947 0x1b8c sppuinotify - ok
23:01:20.0213 0x1b8c [ 3361466E3C5353CAB7E978C236FADF3B, DEF6FD4EB35C4CA9E67843A324FF1A8D6A064CBC76FD3392E70BBAF85D9421BA ] SRTSP C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS
23:01:20.0244 0x1b8c SRTSP - ok
23:01:20.0384 0x1b8c [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS
23:01:20.0400 0x1b8c SRTSPX - ok
23:01:20.0462 0x1b8c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:01:20.0478 0x1b8c srv - ok
23:01:20.0556 0x1b8c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:01:20.0571 0x1b8c srv2 - ok
23:01:20.0649 0x1b8c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:01:20.0649 0x1b8c srvnet - ok
23:01:20.0743 0x1b8c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:01:20.0743 0x1b8c SSDPSRV - ok
23:01:20.0837 0x1b8c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:01:20.0837 0x1b8c SstpSvc - ok
23:01:20.0883 0x1b8c [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:01:20.0883 0x1b8c ssudmdm - ok
23:01:20.0915 0x1b8c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:01:20.0915 0x1b8c stexstor - ok
23:01:20.0977 0x1b8c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
23:01:20.0993 0x1b8c stisvc - ok
23:01:21.0024 0x1b8c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
23:01:21.0024 0x1b8c swenum - ok
23:01:21.0117 0x1b8c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:01:21.0149 0x1b8c swprv - ok
23:01:21.0539 0x1b8c [ C9EC22D5B3C6B32A7C8B4A73870A7379, BA530C64FDE63D9A4023BB9E667497D5248B2910BC1A214B592318CC64034735 ] SymEFASI C:\Windows\system32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS
23:01:21.0773 0x1b8c SymEFASI - ok
23:01:21.0866 0x1b8c [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:01:21.0882 0x1b8c SymEvent - ok
23:01:22.0022 0x1b8c [ 0891E59A27208B9B727BAB863B853E80, 7BBDD53CB7AB003DF803D6D596A2B5216425DCC7FA8D3F311AE5BD4EC19FBB0A ] SymIRON C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS
23:01:22.0038 0x1b8c SymIRON - ok
23:01:22.0225 0x1b8c [ 5EA70535B2A6504278E14943867B1B39, 53F191DE2F1F692983BD9068DCF0A851111B7A08FCEDFE871FA0594B0C46FCB7 ] SymNetS C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS
23:01:22.0241 0x1b8c SymNetS - ok
23:01:22.0287 0x1b8c [ 20F8F4C2ED3F492DA318D98E72F77209, 89CCA334D137756CF6334EB3A4996AEBD3391EDABD84B63E415B0867C5C1EF5A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:01:22.0303 0x1b8c SynTP - ok
23:01:22.0397 0x1b8c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
23:01:22.0475 0x1b8c SysMain - ok
23:01:22.0553 0x1b8c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:01:22.0568 0x1b8c TabletInputService - ok
23:01:22.0584 0x1b8c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:01:22.0599 0x1b8c TapiSrv - ok
23:01:22.0693 0x1b8c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:01:22.0709 0x1b8c TBS - ok
23:01:22.0927 0x1b8c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:01:23.0005 0x1b8c Tcpip - ok
23:01:23.0161 0x1b8c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:01:23.0208 0x1b8c TCPIP6 - ok
23:01:23.0286 0x1b8c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:01:23.0286 0x1b8c tcpipreg - ok
23:01:23.0348 0x1b8c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:01:23.0348 0x1b8c TDPIPE - ok
23:01:23.0395 0x1b8c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:01:23.0395 0x1b8c TDTCP - ok
23:01:23.0442 0x1b8c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:01:23.0457 0x1b8c tdx - ok
23:01:23.0520 0x1b8c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
23:01:23.0520 0x1b8c TermDD - ok
23:01:23.0567 0x1b8c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
23:01:23.0598 0x1b8c TermService - ok
23:01:23.0613 0x1b8c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:01:23.0629 0x1b8c Themes - ok
23:01:23.0645 0x1b8c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:01:23.0660 0x1b8c THREADORDER - ok
23:01:23.0676 0x1b8c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:01:23.0676 0x1b8c TrkWks - ok
23:01:23.0754 0x1b8c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:01:23.0754 0x1b8c TrustedInstaller - ok
23:01:23.0785 0x1b8c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:23.0801 0x1b8c tssecsrv - ok
23:01:23.0847 0x1b8c [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:01:23.0847 0x1b8c TsUsbFlt - ok
23:01:23.0879 0x1b8c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:01:23.0894 0x1b8c tunnel - ok
23:01:23.0941 0x1b8c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:01:23.0941 0x1b8c uagp35 - ok
23:01:24.0003 0x1b8c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:01:24.0019 0x1b8c udfs - ok
23:01:24.0081 0x1b8c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:01:24.0081 0x1b8c UI0Detect - ok
23:01:24.0128 0x1b8c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:01:24.0128 0x1b8c uliagpkx - ok
23:01:24.0191 0x1b8c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
23:01:24.0191 0x1b8c umbus - ok
23:01:24.0253 0x1b8c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
23:01:24.0253 0x1b8c UmPass - ok
23:01:24.0456 0x1b8c [ AD88AF249ABDC546151F9BFC4093FA9B, DA8D17CFDBC671F3699E9A4CCFC0F4A5557DA0A9887984E96115E774555AA5D4 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:01:24.0581 0x1b8c UNS - ok
23:01:24.0659 0x1b8c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:01:24.0674 0x1b8c upnphost - ok
23:01:24.0705 0x1b8c [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:01:24.0705 0x1b8c USBAAPL64 - ok
23:01:24.0768 0x1b8c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:01:24.0768 0x1b8c usbaudio - ok
23:01:24.0799 0x1b8c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:24.0799 0x1b8c usbccgp - ok
23:01:24.0815 0x1b8c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:01:24.0830 0x1b8c usbcir - ok
23:01:24.0846 0x1b8c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:01:24.0861 0x1b8c usbehci - ok
23:01:24.0893 0x1b8c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:01:24.0893 0x1b8c usbhub - ok
23:01:24.0924 0x1b8c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:01:24.0924 0x1b8c usbohci - ok
23:01:24.0955 0x1b8c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:01:24.0955 0x1b8c usbprint - ok
23:01:25.0002 0x1b8c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:25.0002 0x1b8c USBSTOR - ok
23:01:25.0033 0x1b8c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:01:25.0033 0x1b8c usbuhci - ok
23:01:25.0064 0x1b8c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:01:25.0080 0x1b8c usbvideo - ok
23:01:25.0111 0x1b8c [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:01:25.0111 0x1b8c usb_rndisx - ok
23:01:25.0267 0x1b8c [ 34349E7B488FA61B639117F6BF1EBF99, A7A7E60511F7D6370473D41867F5323695308CC27D3EEB0286687D3A9E0084E9 ] USER_ESRV_SVC C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
23:01:25.0267 0x1b8c USER_ESRV_SVC - ok
23:01:25.0298 0x1b8c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:01:25.0298 0x1b8c UxSms - ok
23:01:25.0361 0x1b8c [ 4E7135D6D0127067E4CFEE12259F895D, 2542257E3912591AC4902FF08E43C46CC91BA97D67EED9375CC5DB5DEE71797F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
23:01:25.0376 0x1b8c VAIO Entertainment TV Device Arbitration Service - ok
23:01:25.0423 0x1b8c [ 218F78B39832A2A0761CE2422828A57C, 008056848A7C2F5205A5B4B3719A68C75348058F1022A4259E3FC155D9FFD49A ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
23:01:25.0439 0x1b8c VAIO Event Service - ok
23:01:25.0532 0x1b8c [ 1CF1A4DD7A58C966C9014B83C7229CF3, 950799BF8DA7B6125FB6D373F1EB64C9E0E2B80C7C849F1776C4B4B9820988C0 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
23:01:25.0548 0x1b8c VAIO Power Management - ok
23:01:25.0610 0x1b8c [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc C:\Windows\system32\lsass.exe
23:01:25.0610 0x1b8c VaultSvc - ok
23:01:25.0704 0x1b8c [ 917FB366B6CF2834CDBF9256D18A8FF0, 87CAF895B73FE2E3A7CCA0302DAC5056233228079A7A8EE20CFE246BBB14B89D ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
23:01:25.0719 0x1b8c VCFw - ok
23:01:25.0797 0x1b8c [ 10E212BFB7EAB152A64C1AAEC2F7F4E0, 2ECAF721B94C2C89FF32547547368DDC747D2F3CE335F0DC95B4E296F263BD82 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
23:01:25.0813 0x1b8c VcmIAlzMgr - ok
23:01:25.0922 0x1b8c [ 7A88CFD3FE99F2C9B95A6E2A08B96E14, E9CDC538293603A2AE206867E939BEEE6DD8ED5687B83BA7173D25D2A0192B74 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
23:01:25.0938 0x1b8c VcmINSMgr - ok
23:01:26.0031 0x1b8c [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69, 43415C27E10F39A4AA32102EE700D08EC0700AD854FBF31FDF8B93F4C3CE1D72 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
23:01:26.0031 0x1b8c VcmXmlIfHelper - ok
23:01:26.0156 0x1b8c [ 2B76946699F79704F243ACBF08BD3856, A90147C280427AFA61C9C9D93D1761B8BA83BF8A15D71B48047B95756BF3E74D ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
23:01:26.0203 0x1b8c VCService - ok
23:01:26.0250 0x1b8c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:01:26.0250 0x1b8c vdrvroot - ok
23:01:26.0359 0x1b8c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
23:01:26.0375 0x1b8c vds - ok
23:01:26.0406 0x1b8c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:26.0406 0x1b8c vga - ok
23:01:26.0437 0x1b8c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:01:26.0437 0x1b8c VgaSave - ok
23:01:26.0484 0x1b8c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:01:26.0484 0x1b8c vhdmp - ok
23:01:26.0499 0x1b8c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
23:01:26.0499 0x1b8c viaide - ok
23:01:26.0562 0x1b8c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:01:26.0562 0x1b8c volmgr - ok
23:01:26.0609 0x1b8c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:01:26.0624 0x1b8c volmgrx - ok
23:01:26.0702 0x1b8c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:01:26.0733 0x1b8c volsnap - ok
23:01:26.0765 0x1b8c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:01:26.0780 0x1b8c vsmraid - ok
23:01:26.0858 0x1b8c [ 047F22BDFDAE6DF6F1E47E747A1237A2, D6B6996B0E3BB95A71FB425BD47294A175D29F258BAA7CDD167ABB477B56D5DB ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
23:01:26.0905 0x1b8c VSNService - ok
23:01:27.0045 0x1b8c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
23:01:27.0123 0x1b8c VSS - ok
23:01:27.0357 0x1b8c [ C1FAE2E81955DCCD79034A23EC4F3F37, 61B6477C6068B5542D3EE9C6336FBD7589F1CFFD3E850473A539619033533286 ] VUAgent C:\Program Files\Sony\VAIO Update\vuagent.exe
23:01:27.0404 0x1b8c VUAgent - ok
23:01:27.0435 0x1b8c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:01:27.0435 0x1b8c vwifibus - ok
23:01:27.0451 0x1b8c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:01:27.0451 0x1b8c vwififlt - ok
23:01:27.0498 0x1b8c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:01:27.0498 0x1b8c vwifimp - ok
23:01:27.0529 0x1b8c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:01:27.0545 0x1b8c W32Time - ok
23:01:27.0623 0x1b8c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:01:27.0623 0x1b8c WacomPen - ok
23:01:27.0654 0x1b8c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:01:27.0669 0x1b8c WANARP - ok
23:01:27.0669 0x1b8c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:01:27.0669 0x1b8c Wanarpv6 - ok
23:01:27.0810 0x1b8c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:01:27.0857 0x1b8c WatAdminSvc - ok
23:01:27.0997 0x1b8c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
23:01:28.0059 0x1b8c wbengine - ok
23:01:28.0106 0x1b8c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:01:28.0106 0x1b8c WbioSrvc - ok
23:01:28.0153 0x1b8c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:01:28.0184 0x1b8c wcncsvc - ok
23:01:28.0215 0x1b8c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:01:28.0215 0x1b8c WcsPlugInService - ok
23:01:28.0247 0x1b8c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
23:01:28.0247 0x1b8c Wd - ok
23:01:28.0293 0x1b8c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:01:28.0325 0x1b8c Wdf01000 - ok
23:01:28.0387 0x1b8c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:01:28.0403 0x1b8c WdiServiceHost - ok
23:01:28.0418 0x1b8c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:01:28.0418 0x1b8c WdiSystemHost - ok
23:01:28.0512 0x1b8c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
23:01:28.0512 0x1b8c WebClient - ok
23:01:28.0559 0x1b8c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:01:28.0559 0x1b8c Wecsvc - ok
23:01:28.0652 0x1b8c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:01:28.0668 0x1b8c wercplsupport - ok
23:01:28.0699 0x1b8c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:01:28.0699 0x1b8c WerSvc - ok
23:01:28.0730 0x1b8c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:01:28.0730 0x1b8c WfpLwf - ok
23:01:28.0746 0x1b8c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:01:28.0746 0x1b8c WIMMount - ok
23:01:28.0777 0x1b8c WinHttpAutoProxySvc - ok
23:01:28.0839 0x1b8c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:01:28.0839 0x1b8c Winmgmt - ok
23:01:28.0980 0x1b8c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
23:01:29.0058 0x1b8c WinRM - ok
23:01:29.0105 0x1b8c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
23:01:29.0120 0x1b8c WinUsb - ok
23:01:29.0214 0x1b8c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:01:29.0245 0x1b8c Wlansvc - ok
23:01:29.0292 0x1b8c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:01:29.0292 0x1b8c WmiAcpi - ok
23:01:29.0339 0x1b8c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:01:29.0339 0x1b8c wmiApSrv - ok
23:01:29.0370 0x1b8c WMPNetworkSvc - ok
23:01:29.0401 0x1b8c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:01:29.0417 0x1b8c WPCSvc - ok
23:01:29.0479 0x1b8c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:01:29.0479 0x1b8c WPDBusEnum - ok
23:01:29.0526 0x1b8c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:01:29.0526 0x1b8c ws2ifsl - ok
23:01:29.0635 0x1b8c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:01:29.0651 0x1b8c wscsvc - ok
23:01:29.0651 0x1b8c WSearch - ok
23:01:29.0947 0x1b8c [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv C:\Windows\system32\wuaueng.dll
23:01:30.0072 0x1b8c wuauserv - ok
23:01:30.0103 0x1b8c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:01:30.0103 0x1b8c WudfPf - ok
23:01:30.0119 0x1b8c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
23:01:30.0134 0x1b8c WUDFRd - ok
23:01:30.0228 0x1b8c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:01:30.0243 0x1b8c wudfsvc - ok
23:01:30.0290 0x1b8c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:01:30.0290 0x1b8c WwanSvc - ok
23:01:30.0337 0x1b8c ================ Scan global ===============================
23:01:30.0399 0x1b8c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:01:30.0477 0x1b8c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
23:01:30.0509 0x1b8c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
23:01:30.0571 0x1b8c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:01:30.0633 0x1b8c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:01:30.0649 0x1b8c [ Global ] - ok
23:01:30.0649 0x1b8c ================ Scan MBR ==================================
23:01:30.0696 0x1b8c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:01:31.0101 0x1b8c \Device\Harddisk0\DR0 - ok
23:01:31.0101 0x1b8c ================ Scan VBR ==================================
23:01:31.0117 0x1b8c [ E531F5C25CD81E6ADC35779C8C58BA06 ] \Device\Harddisk0\DR0\Partition1
23:01:31.0117 0x1b8c \Device\Harddisk0\DR0\Partition1 - ok
23:01:31.0133 0x1b8c [ 11C2D8EC78AA7CA036D34FBDC1E88C2C ] \Device\Harddisk0\DR0\Partition2
23:01:31.0133 0x1b8c \Device\Harddisk0\DR0\Partition2 - ok
23:01:31.0133 0x1b8c ================ Scan generic autorun ======================
23:01:31.0148 0x1b8c NvCplDaemon - ok
23:01:31.0679 0x1b8c [ 1DDB28DBB837A37F6E467F41E04C3C6F, F7550205E7FA5DAFA685847C74F985FADE2235A8C9432CFB653D246A1BF60519 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:01:32.0022 0x1b8c RtHDVCpl - ok
23:01:32.0037 0x1b8c SynTPEnh - ok
23:01:32.0178 0x1b8c [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
23:01:32.0193 0x1b8c AdobeAAMUpdater-1.0 - ok
23:01:32.0225 0x1b8c [ 107FBD25F821A3EAFDEB26CFBFAF2D10, 1D91FB21B693F06999AD1DB05628771D5ACDFC7D6F2092F9E69F80B30966628A ] C:\Windows\system32\igfxtray.exe
23:01:32.0225 0x1b8c IgfxTray - ok
23:01:32.0271 0x1b8c [ D04A0C154CBB5668E5CDE22673F0175A, 1B7697A3749810E924F8B1750986D9870136D279EFB4A06D82F77F89DC61EEE4 ] C:\Windows\system32\hkcmd.exe
23:01:32.0287 0x1b8c HotKeysCmds - ok
23:01:32.0318 0x1b8c [ 01CE5648AE5DECDC07966AE30FA434F3, 57430DF9C747AF50B141929967A9A420579E85C76F2AA4D91442202088ECF9EF ] C:\Windows\system32\igfxpers.exe
23:01:32.0318 0x1b8c Persistence - ok
23:01:32.0396 0x1b8c [ 02A27FC0972181EF743160BE9F62F2B4, 0E5B5684E892B1CE83C8A50A23F8478E8D01E2DD283337B5B263FDA4C2654E9F ] C:\Program Files\iTunes\iTunesHelper.exe
23:01:32.0396 0x1b8c iTunesHelper - ok
23:01:32.0474 0x1b8c [ EF4BF6AB09A06867104DAC48DF35E779, 8B459DB06DF1CAC2B35B041D3DD5C0C15B6A942CC38CE31FD2D0883EC2C0AA22 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
23:01:32.0474 0x1b8c IAStorIcon - ok
23:01:32.0552 0x1b8c [ 90D7972A9F2463E5AFBF6637A3EF61D0, B231471D563540DC8BFD0AF6D4E73E32969556511B9AC3ACDC733FA5AA0A9ED0 ] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
23:01:32.0568 0x1b8c ISBMgr.exe - ok
23:01:32.0677 0x1b8c [ 88C7319B0D171537A59520FE4DD8C357, EDE64778648E8DA5AA59B69F28C24F2B529D41859C38EE2FB6F5C4C857894E89 ] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
23:01:32.0724 0x1b8c PMBVolumeWatcher - ok
23:01:32.0739 0x1b8c [ 96A8933D2F6D731E6BA2AC4914513A2B, 5343B53525D17EFD7E7DD4F256F41D8A33B2543B73761C3EC9435463B5B955C3 ] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
23:01:32.0739 0x1b8c SHTtray.exe - ok
23:01:32.0802 0x1b8c [ 0080EB1CDD83F14C01534B1DC754234D, D0FC9B95A12D0C92730F8031B3DB287D1309008CF15EA0C02FC14B56FAE8C320 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:01:32.0802 0x1b8c APSDaemon - ok
23:01:32.0911 0x1b8c [ D42C1672E1D207D9BCA9A75615584774, B901DB1016BDC61960C176EF2B2A077A8832192C643D87DE9FCE8BE4BCD2322E ] C:\Program Files\PowerISO\PWRISOVM.EXE
23:01:32.0958 0x1b8c PWRISOVM.EXE - ok
23:01:33.0083 0x1b8c [ C2CE42005E3381A95460876020518440, 562EB30DA9A1DB58DB221423177C0680E69A4C38EEE2D5FD936633B2EB8A616E ] C:\Program Files (x86)\QuickTime\QTTask.exe
23:01:33.0098 0x1b8c QuickTime Task - ok
23:01:33.0223 0x1b8c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:01:33.0285 0x1b8c Sidebar - ok
23:01:33.0317 0x1b8c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:01:33.0317 0x1b8c mctadmin - ok
23:01:33.0379 0x1b8c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:01:33.0395 0x1b8c Sidebar - ok
23:01:33.0426 0x1b8c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:01:33.0426 0x1b8c mctadmin - ok
23:01:33.0785 0x1b8c [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files\CCleaner\CCleaner64.exe
23:01:34.0097 0x1b8c CCleaner Monitoring - ok
23:01:34.0112 0x1b8c Waiting for KSN requests completion. In queue: 117
23:01:35.0126 0x1b8c Waiting for KSN requests completion. In queue: 117
23:01:36.0140 0x1b8c Waiting for KSN requests completion. In queue: 117
23:01:37.0154 0x1b8c Waiting for KSN requests completion. In queue: 117
23:01:38.0184 0x1b8c AV detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe ( 22.5.0.0 ), 0x51000 ( enabled : updated )
23:01:38.0231 0x1b8c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.2.223.0 ), 0x61010 ( enabled : outofdate )
23:01:38.0231 0x1b8c FW detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe ( 22.5.0.0 ), 0x51010 ( enabled )
23:01:51.0896 0x1b8c ============================================================
23:01:51.0896 0x1b8c Scan finished
23:01:51.0896 0x1b8c ============================================================
23:01:51.0896 0x1b84 Detected object count: 0
23:01:51.0896 0x1b84 Actual detected object count: 0
Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Val (2015-08-11 22:53:49) Run:1
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Toolbar: HKLM - No Name - {BA3E8250-8530-434F-B82F-B15AE5168E0A} - No File
Winsock: Catalog5 01 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Extension: AllSaveer - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\[email protected] [2015-07-24]
2015-08-11 00:33 - 2015-08-11 16:20 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-24 03:21 - 2015-07-24 03:21 - 00000000 ____D C:\Program Files (x86)\AllSaveer
2015-07-24 03:01 - 2015-07-24 10:49 - 00000000 ____D C:\Program Files (x86)\UpgraderLite
2015-07-13 02:56 - 2015-07-24 03:22 - 00000000 ____D C:\ProgramData\3746226442181077489
2015-07-13 02:56 - 2015-07-17 22:27 - 00000000 ____D C:\Program Files (x86)\CutTheeePPricie
2015-07-13 02:54 - 2015-08-11 14:54 - 00000418 _____ C:\Windows\Tasks\YogaLite.job
2015-07-13 02:54 - 2015-07-13 02:54 - 00003326 _____ C:\Windows\System32\Tasks\YogaLite
2015-07-13 02:54 - 2015-07-13 02:54 - 00000000 ____D C:\ProgramData\{538c2888-fe67-11e2-538c-c2888fe6a223}
C:\$Recycle.Bin\S-1-5-21-986212026-379418426-1859886101-1000\$b59c2d2b86ada98909b69bf192f30e8c
C:\$Recycle.Bin\S-1-5-18\$b59c2d2b86ada98909b69bf192f30e8c
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
Task: {018567D4-21EE-42D0-BA7B-1628FB10060B} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {393BBB8D-441C-4C4F-8AF1-6C82E3AA690E} - \RocketTab -> No File <==== ATTENTION
Task: {48F56E4C-F2E2-4FD1-884C-89375100CBAF} - System32\Tasks\YogaLite => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
Task: {4E22B097-D3DA-4787-B4F0-58B23EE2D230} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {60A91ADB-F825-4877-AA9F-8247B79F339D} - System32\Tasks\Malware Cleaner => C:\Users\Val\AppData\Roaming\3C86.tmp.exe <==== ATTENTION
Task: {8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB} - System32\Tasks\Security Installer => C:\Users\Val\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {B3B302CA-6F56-41DE-93AF-795CA9E90D62} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {D0DC214B-07FF-48A0-B3A7-CB94AF555CF3} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-11] ()
Task: C:\Windows\Tasks\YogaLite.job => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\6cyPRKj9G:dgV72Q0w8TYtF2X6pc7J
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz
File: C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95}
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
"HKU\S-1-5-21-986212026-379418426-1859886101-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-986212026-379418426-1859886101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-986212026-379418426-1859886101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA3E8250-8530-434F-B82F-B15AE5168E0A} => value removed successfully
HKCR\CLSID\{BA3E8250-8530-434F-B82F-B15AE5168E0A} => key not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully(: %SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully(: %SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully(: %SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000006\\LibraryPath => restored successfully(: %SystemRoot%\System32\mswsock.dll)
C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\[email protected] not found.
C:\Windows\System32\Tasks\AutoKMS => moved successfully.
C:\Program Files (x86)\AllSaveer => moved successfully.
C:\Program Files (x86)\UpgraderLite => moved successfully.
C:\ProgramData\3746226442181077489 => moved successfully.
C:\Program Files (x86)\CutTheeePPricie => moved successfully.
C:\Windows\Tasks\YogaLite.job => moved successfully.
C:\Windows\System32\Tasks\YogaLite => moved successfully.
C:\ProgramData\{538c2888-fe67-11e2-538c-c2888fe6a223} => moved successfully.
C:\$Recycle.Bin\S-1-5-21-986212026-379418426-1859886101-1000\$b59c2d2b86ada98909b69bf192f30e8c => moved successfully.
C:\$Recycle.Bin\S-1-5-18\$b59c2d2b86ada98909b69bf192f30e8c => moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started:
"C:\Program Files\Windows Defender\en-US" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpAsDesc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpClient.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCmdRun.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCommu.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpEvMsg.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpOAV.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRTP.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSvc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MSASCui.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpCom.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpLics.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpRes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started:
"C:\Program Files\Microsoft Security Client\Backup" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Drivers" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\en-us" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpClient.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseces.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisLog.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Setup.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\shellext.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" =>Deleting reparse point and unlocking completed.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{018567D4-21EE-42D0-BA7B-1628FB10060B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{018567D4-21EE-42D0-BA7B-1628FB10060B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{393BBB8D-441C-4C4F-8AF1-6C82E3AA690E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{393BBB8D-441C-4C4F-8AF1-6C82E3AA690E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48F56E4C-F2E2-4FD1-884C-89375100CBAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48F56E4C-F2E2-4FD1-884C-89375100CBAF}" => key removed successfully
C:\Windows\System32\Tasks\YogaLite not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YogaLite" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E22B097-D3DA-4787-B4F0-58B23EE2D230}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E22B097-D3DA-4787-B4F0-58B23EE2D230}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A91ADB-F825-4877-AA9F-8247B79F339D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A91ADB-F825-4877-AA9F-8247B79F339D}" => key removed successfully
C:\Windows\System32\Tasks\Malware Cleaner => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB}" => key removed successfully
C:\Windows\System32\Tasks\Security Installer => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Installer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3B302CA-6F56-41DE-93AF-795CA9E90D62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3B302CA-6F56-41DE-93AF-795CA9E90D62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0DC214B-07FF-48A0-B3A7-CB94AF555CF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0DC214B-07FF-48A0-B3A7-CB94AF555CF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\Windows\Tasks\YogaLite.job not found.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
"C:\Users\Val\Cookies" => ":AWOvEjCeixwoghHetITiPPRP" ADS not found.
C:\Users\Val\AppData\Local\6cyPRKj9G => ":dgV72Q0w8TYtF2X6pc7J" ADS removed successfully.
"C:\Users\Val\AppData\Local\Temporary Internet Files" => ":MP8Uflmc0xnGiVYhhUU06AxEM0kz" ADS not found.
========================= File: C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95} ========================
MD5: D102F3B93E653003DAC39337027EF68C
Creation and modification date: 2015-07-24 10:39 - 2015-07-24 10:39
Size: 0003102
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= netsh advfirewall reset =========
An unrecoverable Windows Firewall error (0x3) occurred.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
The operation completed successfully.
========= End of Reg: =========
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
The operation completed successfully.
========= End of Reg: =========
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
The operation completed successfully.
========= End of Reg: =========
========= netsh advfirewall reset =========
An unrecoverable Windows Firewall error (0x3) occurred.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= ipconfig /release =========
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4101:e9ea:a66:9e40%11
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:7a96:514:246e:2157:3f57:fffb
Link-local IPv6 Address . . . . . : fe80::246e:2157:3f57:fffb%18
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{D6ED0AF8-2C6D-414F-967B-4E9576A68FDD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{42B4665E-1DB9-497C-90A7-B22F90104425}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{232D4272-5B34-4E28-B36E-734BDD0AFFFC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
========= End of CMD: =========
========= ipconfig /renew =========
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4101:e9ea:a66:9e40%11
IPv4 Address. . . . . . . . . . . : 192.168.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:7a96:514:246e:2157:3f57:fffb
Link-local IPv6 Address . . . . . : fe80::246e:2157:3f57:fffb%18
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{D6ED0AF8-2C6D-414F-967B-4E9576A68FDD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{42B4665E-1DB9-497C-90A7-B22F90104425}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{232D4272-5B34-4E28-B36E-734BDD0AFFFC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
========= End of CMD: =========
EmptyTemp: => 488.5 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 22:55:19 ====
#5
Posted 11 August 2015 - 11:10 AM
I see that you ran FRST before TDSSKiller. Please follow the instructions provided in the same order as they are placed. Otherwise you may cause some unwanted complications.
Please tell me if you still are receiving those alerts from Norton.
Also perform the instructions below.
Step #1
Junkware Removal Tool
- Download Junkware Removal Tool to your Desktop
- Close any open windows
- Disable your Antivirus program (click here if you don't know how to do this)
- Double click JRT.exe on your desktop to run it
- Click any button to start the scan
- Wait for Junkware Removal Tool to finish the scan
- When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
- Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Step #2
AdwCleaner
- Download AdwCleaner to your Desktop.
- Close any open windows
- Double click AdwCleaner.exe on your desktop to run it
- Click the button
- Wait for AdwCleaner to finish the scan
- When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click button.
- When the cleaning is finished, the program will ask you to reboot the system. Please do so.
- Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
- Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Step #3
Farbar Service Scanner
- Download FSS.exe to your desktop.
- Right click FSS.exe on your desktop and click Run as administrator.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Press "Scan".
- It will create a log (FSS.txt) on the Desktop.
- Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
Things that should appear in your next post:
- FSS.txt log content
- JRT.txt log content
- AdwCleaner[S0].txt log content
- Please tell me if you still are receiving those alerts from Norton.
#6
Posted 11 August 2015 - 12:56 PM
FSS.txt log content
Farbar Service Scanner Version: 26-07-2015
Ran by Val (administrator) on 12-08-2015 at 04:41:38
Running from "C:\Users\Val\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
JRT.txt log content
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Val on Wed 12/08/2015 at 3:59:30.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update outobox
~~~ Files
Successfully deleted: [File] C:\Windows\SysWOW64\sho1B69.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho893C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoC5AA.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoD7B6.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoDD4A.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoE3AC.tmp
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\delta
Successfully deleted: [Folder] C:\Program Files (x86)\ilivid
Successfully deleted: [Folder] C:\Program Files (x86)\mobogenie
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Program Files (x86)\predm
Successfully deleted: [Folder] C:\Program Files\002
Successfully deleted: [Folder] C:\Program Files\003
Successfully deleted: [Folder] C:\ProgramData\premium
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\chromatic browser
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\com
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\genienext
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\globalupdate
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\ilivid player
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\mobogenie
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\packageaware
Successfully deleted: [Folder] C:\Users\Val\Appdata\Local\torch
Successfully deleted: [Folder] C:\Users\Val\Appdata\LocalLow\conduit
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\performersoft
Successfully deleted: [Folder] C:\ProgramData\33fd4519ce60e9f1
Successfully deleted: [Folder] C:\ProgramData\a7dd8f7400002476
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\StormFall944
~~~ FireFox
Failed to delete: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\mystartsearch.xml
Failed to delete: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\omiga-plus.xml
Successfully deleted: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\mystartsearch.xml
Successfully deleted: [File] C:\Program Files (x86)\Mozilla Firefox\searchplugins\omiga-plus.xml
Successfully deleted: [File] C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\searchplugins\safesearch.xml
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\searchqutoolbar
Successfully deleted the following from C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\prefs.js
user_pref(extensions.PHSPdf5jKtbd5Gyr.scode, (function(){try{if(window.location.href.indexOf(\rjkFqdk8pdrHrTU9pdY6rHk4rdw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.m5zFXcHb1x3IsiOS.scode, (function(){try{if(window.location.href.indexOf(\rjkFqdk8pdrHrTU9pdY6rHk4rdw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.pzEja0tVOvtcfS8B.scode, (function(){try{if(window.location.href.indexOf(\rjkFqdk8pdrHrTU9pdY6rHk4rdw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Users\Val\AppData\Roaming\mozilla\firefox\profiles\lay4lng0.default\minidumps [1 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Val\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/08/2015 at 4:06:03.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ADWCLEANER[S0].txt log content
# AdwCleaner v4.208 - Logfile created 12/08/2015 at 04:13:47
# Updated 09/07/2015 by Xplode
# Database : 2015-08-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Val - JOEL
# Running from : C:\Users\Val\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Val\AppData\Local\PCP_100_v3
Folder Deleted : C:\Users\Val\AppData\Roaming\InetStat
Folder Deleted : C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delta
Folder Deleted : C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp
File Deleted : C:\END
File Deleted : C:\Users\Val\daemonprocess.txt
File Deleted : C:\Users\Val\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
***** [ Scheduled tasks ] *****
Task Deleted : StormFall TW1
Task Deleted : StormFall TW2
Task Deleted : StormFall W1
Task Deleted : StormFall W2
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
Key Deleted : HKLM\SOFTWARE\821f5097-728f-c1dd-0530-46a5731500fb
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{774350ce}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A917E10-567D-4720-A3EF-FF6C79904954}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SecureWebChannel
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Mozilla Firefox v39.0 (x86 en-US)
[lay4lng0.default\prefs.js] - Line Deleted : user_pref("extensions.PHSPdf5jKtbd5Gyr.scode", "(function(){try{if(window.location.href.indexOf(\"rjkFqdk8pdrHrTU9pdY6rHk4rdw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[lay4lng0.default\prefs.js] - Line Deleted : user_pref("extensions.m5zFXcHb1x3IsiOS.scode", "(function(){try{if(window.location.href.indexOf(\"rjkFqdk8pdrHrTU9pdY6rHk4rdw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[lay4lng0.default\prefs.js] - Line Deleted : user_pref("extensions.pzEja0tVOvtcfS8B.scode", "(function(){try{if(window.location.href.indexOf(\"rjkFqdk8pdrHrTU9pdY6rHk4rdw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
-\\ Google Chrome v35.0.1916.153
-\\ Comodo Dragon v
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [8840 bytes] - [12/08/2015 04:09:04]
AdwCleaner[S0].txt - [8578 bytes] - [12/08/2015 04:13:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8637 bytes] ##########
No longer receiving any threat prompts from Norton Eraser. However my OS is laggy and computer programs are a bit unresponsive since running these system tests etc.
Could you in lamens terms explain to me what was wrong with/or is still wrong with the system when you conclude your analysis please?
Should I reinstall the operating system as suggested in one of the previous posts if a rootkit has been or is being used on my computer?
What should I do in future to avoid similar issues?
Any software you can recommend for protection?
I will await your reply
Thanks in advance for your time and effort.
Appreciate it
#7
Posted 12 August 2015 - 02:06 PM
Well, besides a little bit of adware your system was infected by ZeroAccess rootkit. You can have a read on that here. You'll find both simple and more advanced information about that threat thereCould you in lamens terms explain to me what was wrong with/or is still wrong with the system when you conclude your analysis please?
It's all up to you. After reading what I told you earlier and the article above you should be able to judge by yourself if the situation was dangerous enough to reinstall the operating system. We can remove everything visible but this still doesn't make us 100% sure that the infection is gone.Should I reinstall the operating system as suggested in one of the previous posts if a rootkit has been or is being used on my computer?
Honestly it all boils down to being careful when using the Internet. Staying away from P2P programs (uTorrent, etc.), unchecking unnecessary tickboxes when installing programs, avoiding untrusted websites, etc.. Even the best Antivirus program cannot protect you from some infections.What should I do in future to avoid similar issues?
When we're done with cleaning I'll mention a few tips to remain safe in the futureAny software you can recommend for protection?
For now, let's continue with the cleaning if you decide not to reinstall your operating system.
Step #1
Malwarebytes Anti-Malware
- Download Malwarebytes Anti-Malware to your Desktop
- Double click the file to open it. Install the program.
- Before you click Finish, make sure that:
- Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
- Launch Malwarebytes Anti-Malware is checked
- In Database version section, click Update Now
- Once the update is done, click Settings>Detection and Protection
- Make sure that all three boxes under Detection Options are checked
- Go back to Dashboard and click the big, green Scan Now button.
- Wait for Malwarebytes Anti-Malware to finish the scan
- If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
- Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
- Click Export, then click Copy to Clipboard.
- Paste (CTRL+V) the log into your next reply.
Step #2
ESET Online Scanner
- Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
- Disable your Antivirus program (click here if you don't know how to do this).
- Visit ESET site
- Click
- When using:
- Internet Explorer:
- Accept the Terms of Use and click Start
- Allow the running of add-on
- Other browsers:
- Download esetsmartinstaller_enu.exe that you'll be given link to
- Double click esetsmartinstaller_enu.exe
- Allow the Terms of Use and click Start
- Internet Explorer:
- Make sure that the options are set as the example below:
- Click Start
- The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
- When completed, the program will begin to scan. This may take several hours. Please, be patient.
- Do not do anything on your machine as it may interrupt the scan
- When the scan is done, click Finish
- A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
- Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Things that should appear in your next post:
- Malwarebytes Anti-Malware log content
- ESET Online Scanner log content
#8
Posted 14 August 2015 - 08:03 PM
Ive run your programs twice now. My computer feels as though it is becoming more sluggish as more is removed from it. Barely works now. Will try to send through scan information when computer stays on long enough for me to complete a scan without a complete crash. Please dont close the thread.
#9
Posted 15 August 2015 - 02:36 AM
Sorry for the delay, computer has been an unhappy camper.
Thanks.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 14/08/2015
Scan Time: 11:46 PM
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.08.14.03
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Val
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 444155
Time Elapsed: 46 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall FM, Quarantined, [85366c9cf19a65d1c90c9186c63d9967],
PUP.Optional.StormFall, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StormFall TM, Quarantined, [edce4bbd335835013e97fb1cc63da55b],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Thought the first ESET scanner failed, but didn't, also I didn't properly set options of first attempt, second attempt fine though. Hope all is well.
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=init
# utc_time=2015-08-14 02:54:01
# local_time=2015-08-15 12:54:01 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=init
# utc_time=2015-08-14 03:03:17
# local_time=2015-08-15 01:03:17 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25280
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=updated
# utc_time=2015-08-14 03:33:01
# local_time=2015-08-15 01:33:01 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# engine=25280
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-14 11:41:57
# local_time=2015-08-15 09:41:57 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 202188702 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 275494 80102633 0 0
# scanned=273972
# found=13
# cleaned=13
# scan_time=29335
sh=3FB7B58261DD8E7187AC6E49B915EACCEC60E9B5 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\content.js.vir"
sh=87BCCB930E822C48E2F45B131C85B0B1B22C6A97 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\Gn.js.vir"
sh=3E1F932939D832617487FE1553655B1FF7451CBC ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\lsdb.js.vir"
sh=62787B5CFC7CEC19C3B235551BFC3818ECF037A2 ft=1 fh=97702881defef2e1 vn="a variant of Win32/Systweak potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Val\AppData\Local\PCP_100_v3\PCPerformerSetup.exe.vir"
sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\AllSaveer\AllSaveer.exe"
sh=B682EFB39A109243C22764BC82486615980159B4 ft=1 fh=a025b83c67ce3dca vn="Win32/Patched.NFU trojan (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll"
sh=E0B37C57E99FE566CE70DE1FE6B0A8E222BC133A ft=1 fh=040dd3f1fe168480 vn="Win32/Somoto.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe"
sh=3FB7B58261DD8E7187AC6E49B915EACCEC60E9B5 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\content.js"
sh=87BCCB930E822C48E2F45B131C85B0B1B22C6A97 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\Gn.js"
sh=3E1F932939D832617487FE1553655B1FF7451CBC ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp\197\lsdb.js"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\cbsidlm-cbsi188-ePub_to_PDF_Converter-ORG-75532612.exe"
sh=A99F4FDD706A9501157F17474F3DEC1656E1180A ft=1 fh=9412232a9f4339ee vn="Win32/Toolbar.Conduit.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\PowerISO5-x64.exe"
sh=A108A4C77538493D4947678F0BBDCEE35BAF8764 ft=1 fh=f69c12bd02f703f1 vn="Win32/Toolbar.Widgi.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\YTDSetup.exe"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=init
# utc_time=2015-08-15 02:27:53
# local_time=2015-08-15 12:27:53 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25286
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# end=updated
# utc_time=2015-08-15 02:28:59
# local_time=2015-08-15 12:28:59 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=98982510033cc443afac8cb36f01d408
# engine=25286
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-15 06:55:05
# local_time=2015-08-15 04:55:05 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 202214690 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 305082 80128621 0 0
# scanned=274352
# found=4
# cleaned=0
# scan_time=15965
sh=A96820CD585E00B9F6C344BC1E7BFCE2C5A08A31 ft=1 fh=7bed3e477a04d6b3 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\A2D275BD-14FE-4D77-8EE9-A7DA99D356AF\nfapi.dll"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.dll"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\ccsetup500.exe"
#10
Posted 15 August 2015 - 06:12 AM
Don't worry. As long as you're here, so am I.Please dont close the thread.
About the ESET scan, please remember to check my instructions and follow them carefully. The tool has removed some files automatically and nothing important has been removed, but it could have been.
Don't worry about the computer's sluggishness. We'll try to do something about it once we're sure that there aren't any more traces of infections visible.
It'd like to have a fresh look at your system. Please perform the instructions below.
Step #1
FRST Scan
- Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
- Make sure that Addition.txt is checked and press the Scan button.
- It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
- Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
Step #2
Security Check
Download Security Check from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things that should appear in your next post:
- FRST.txt log content
- Addition.txt log content
- Checkup.txt log content
#11
Posted 15 August 2015 - 07:51 AM
As requested.
Awaiting your instructions good sir.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Val (administrator) on JOEL (15-08-2015 23:35:51)
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9650720 2010-02-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [316784 2010-01-16] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-22] (Sony Corporation)
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-02-25] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.news.net/index.php?referid=118
HKU\S-1-5-21-986212026-379418426-1859886101-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sony.com.au/productcategory/it-personal-computer?referer=http%3A%2F%2Fvaio-online.sony.com%2F
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{009F9C74-BF88-43B1-A4BC-AE5AD01F72BD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{42B4665E-1DB9-497C-90A7-B22F90104425}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FDF61F8A-62B0-421A-BF8F-42EA3217BC2E}: [DhcpNameServer] 192.168.0.1 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default
FF NewTab: hxxp://search.norton.com
FF Homepage: hxxp://search.norton.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-986212026-379418426-1859886101-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Val\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-23] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-14]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (AdBlock) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (AntiPorn Pro The best AntiPorn addon) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2015-07-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-25]
CHR Extension: (Google Wallet) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-08] (Electronic Arts)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-09] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-19] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-07-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150814.002\IDSvia64.sys [692984 2015-08-07] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150814.016\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150814.016\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-31] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-15 23:35 - 2015-08-15 23:36 - 00022021 _____ C:\Users\Val\Desktop\FRST.txt
2015-08-15 23:35 - 2015-08-15 23:35 - 00000000 ____D C:\Users\Val\Desktop\FRST-OlderVersion
2015-08-15 23:34 - 2015-08-15 23:34 - 00852684 _____ C:\Users\Val\Desktop\SecurityCheck.exe
2015-08-15 21:28 - 2015-08-15 23:35 - 00000000 ____D C:\Users\Val\Desktop\Fix tools
2015-08-15 00:53 - 2015-08-15 00:53 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-14 23:41 - 2015-08-15 18:34 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 23:41 - 2015-08-14 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 23:41 - 2015-08-14 23:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-14 23:41 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-14 23:41 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 23:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-14 23:30 - 2015-08-14 23:30 - 00003288 ____N C:\bootsqm.dat
2015-08-14 23:28 - 2015-08-14 23:28 - 00000000 __SHD C:\found.001
2015-08-13 01:53 - 2015-07-30 23:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 01:53 - 2015-07-30 23:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:54 - 2015-07-16 04:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 13:54 - 2015-07-16 04:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 13:54 - 2015-07-16 04:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 13:54 - 2015-07-16 04:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 13:54 - 2015-07-16 04:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 13:54 - 2015-07-16 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 13:54 - 2015-07-16 04:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 13:54 - 2015-07-16 04:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 13:54 - 2015-07-16 04:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 13:54 - 2015-07-16 04:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 13:54 - 2015-07-16 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 13:54 - 2015-07-16 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 13:54 - 2015-07-16 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 13:54 - 2015-07-16 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 04:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 13:54 - 2015-07-16 03:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 13:54 - 2015-07-16 03:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 13:54 - 2015-07-16 03:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 13:54 - 2015-07-16 03:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 13:54 - 2015-07-16 03:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 13:54 - 2015-07-16 03:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 13:54 - 2015-07-16 03:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 13:54 - 2015-07-16 03:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 13:54 - 2015-07-16 03:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 03:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 13:54 - 2015-07-16 02:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 13:54 - 2015-07-16 02:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 13:54 - 2015-07-16 02:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 13:54 - 2015-07-16 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 13:54 - 2015-07-16 02:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:54 - 2015-07-16 02:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:53 - 2015-07-29 06:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 13:53 - 2015-07-29 06:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 13:53 - 2015-07-29 06:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 13:53 - 2015-07-29 05:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 13:53 - 2015-07-15 13:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:51 - 2015-07-21 10:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 13:51 - 2015-07-21 10:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 13:51 - 2015-07-17 07:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-12 13:51 - 2015-07-17 06:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-12 13:51 - 2015-07-17 06:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 13:51 - 2015-07-17 06:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 13:51 - 2015-07-17 06:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:51 - 2015-07-17 06:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:51 - 2015-07-17 06:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 13:51 - 2015-07-17 06:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:51 - 2015-07-17 06:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 13:51 - 2015-07-17 06:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:51 - 2015-07-17 06:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:51 - 2015-07-17 06:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 13:51 - 2015-07-17 06:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:51 - 2015-07-17 06:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:51 - 2015-07-17 06:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 13:51 - 2015-07-17 06:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:51 - 2015-07-17 06:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 13:51 - 2015-07-17 06:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 13:51 - 2015-07-17 06:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 13:51 - 2015-07-17 06:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:51 - 2015-07-17 06:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-12 13:51 - 2015-07-17 06:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 13:51 - 2015-07-17 05:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 13:51 - 2015-07-17 05:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:51 - 2015-07-17 05:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 13:51 - 2015-07-17 05:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:51 - 2015-07-17 05:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 13:51 - 2015-07-17 05:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 13:51 - 2015-07-17 05:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 13:51 - 2015-07-17 05:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 13:51 - 2015-07-17 05:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 13:51 - 2015-07-17 05:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 13:51 - 2015-07-17 05:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 13:51 - 2015-07-17 05:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 13:51 - 2015-07-17 05:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 13:51 - 2015-07-17 05:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 13:51 - 2015-07-17 05:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 13:51 - 2015-07-17 05:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:51 - 2015-07-17 05:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 13:51 - 2015-07-17 05:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:51 - 2015-07-17 05:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 13:51 - 2015-07-17 05:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:51 - 2015-07-17 05:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 13:51 - 2015-07-17 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 13:51 - 2015-07-17 05:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 13:51 - 2015-07-17 05:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 13:51 - 2015-07-17 05:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 13:51 - 2015-07-17 05:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 13:51 - 2015-07-17 05:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:51 - 2015-07-17 05:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 13:51 - 2015-07-17 05:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 13:51 - 2015-07-17 05:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 13:51 - 2015-07-17 05:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 13:51 - 2015-07-17 05:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:51 - 2015-07-17 04:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 13:51 - 2015-07-17 04:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 13:51 - 2015-07-17 04:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 13:51 - 2015-07-17 04:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 13:50 - 2015-07-15 13:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:50 - 2015-07-15 13:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:50 - 2015-07-15 13:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 13:50 - 2015-07-15 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 13:50 - 2015-07-15 12:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 13:50 - 2015-07-15 12:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 13:50 - 2015-07-15 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 13:50 - 2015-07-15 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 13:50 - 2015-07-02 06:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:50 - 2015-07-02 06:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 13:50 - 2015-07-02 06:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 13:50 - 2015-07-02 06:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 13:45 - 2015-07-31 04:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 13:45 - 2015-07-31 03:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 13:45 - 2015-07-31 03:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 13:45 - 2015-07-31 02:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:45 - 2015-07-31 02:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:45 - 2015-07-31 02:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 13:45 - 2015-07-17 05:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 13:45 - 2015-07-17 05:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 13:45 - 2015-07-17 05:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 13:45 - 2015-07-17 05:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 13:45 - 2015-07-17 05:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 13:45 - 2015-07-17 05:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 13:45 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:45 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:45 - 2015-07-10 03:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 13:44 - 2015-07-21 04:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 13:44 - 2015-07-21 04:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 13:44 - 2015-07-21 04:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 13:44 - 2015-07-21 04:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 13:44 - 2015-07-21 03:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 13:44 - 2015-07-21 03:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 13:44 - 2015-07-11 03:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:44 - 2015-07-11 03:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 13:37 - 2015-05-10 04:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 04:00 - 2015-08-12 04:19 - 00000000 ____D C:\AdwCleaner
2015-08-11 16:25 - 2015-08-15 23:35 - 00000000 ____D C:\FRST
2015-08-11 15:41 - 2015-08-15 23:35 - 02173952 _____ (Farbar) C:\Users\Val\Desktop\FRST64.exe
2015-08-09 23:02 - 2015-08-09 23:02 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-08-09 22:54 - 2015-08-09 22:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-08-09 12:00 - 2015-08-09 12:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-07 12:11 - 2015-08-07 12:11 - 00000000 __SHD C:\found.000
2015-08-06 16:54 - 2015-08-12 15:43 - 00004934 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel
2015-08-05 09:14 - 2015-08-05 09:14 - 00000000 ____D C:\Users\Val\AppData\OICE_15_974FA576_32C1D314_3F31
2015-07-31 19:59 - 2015-08-09 13:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-07-31 09:13 - 2015-07-31 09:13 - 00003118 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2015-07-31 09:13 - 2015-07-31 09:13 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2015-07-31 09:13 - 2015-07-31 09:13 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-07-30 22:13 - 2015-08-11 00:16 - 00000000 ____D C:\NPE
2015-07-30 22:07 - 2015-08-11 15:20 - 00000000 ____D C:\Users\Val\AppData\Local\NPE
2015-07-25 23:15 - 2015-07-25 23:15 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 20:05 - 2015-08-07 17:44 - 00000000 ____D C:\Users\Val\AppData\Local\CrashDumps
2015-07-24 10:39 - 2015-07-24 10:39 - 00003102 _____ C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95}
2015-07-24 10:21 - 2015-08-09 22:55 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-24 10:21 - 2015-08-09 12:22 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-24 10:21 - 2015-08-09 12:22 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-24 10:21 - 2015-08-09 12:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-24 10:20 - 2015-08-09 22:54 - 00002185 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-24 10:19 - 2015-08-09 22:55 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-24 10:19 - 2015-07-24 10:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2015-07-23 11:54 - 2015-08-15 11:57 - 00046692 _____ C:\Windows\PFRO.log
2015-07-23 11:51 - 2015-07-23 11:51 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-23 11:51 - 2015-07-23 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-23 11:50 - 2015-07-23 11:51 - 00000000 ____D C:\Program Files\iTunes
2015-07-23 11:50 - 2015-07-23 11:50 - 00000000 ____D C:\Program Files\iPod
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files\Bonjour
2015-07-23 11:49 - 2015-07-23 11:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-23 11:44 - 2015-07-23 11:44 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-23 11:44 - 2015-07-23 11:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-22 21:37 - 2015-08-15 11:58 - 00004256 _____ C:\Windows\setupact.log
2015-07-22 21:37 - 2015-07-22 21:37 - 00000000 _____ C:\Windows\setuperr.log
2015-07-17 23:57 - 2015-07-17 23:57 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-17 23:57 - 2015-07-17 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-17 23:09 - 2015-08-15 23:19 - 01557319 _____ C:\Windows\WindowsUpdate.log
2015-07-17 07:15 - 2015-07-17 07:15 - 00000000 _____ C:\Users\Val\AppData\Roaming\ED1A.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-15 23:35 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-15 23:35 - 2009-07-14 14:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-15 23:31 - 2011-12-13 16:24 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-15 23:22 - 2012-09-07 13:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-15 11:58 - 2011-12-13 16:24 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 11:58 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-15 02:21 - 2013-10-06 00:15 - 00000000 ____D C:\Users\Val\AppData\Roaming\vlc
2015-08-15 02:17 - 2011-10-09 21:59 - 00000000 ____D C:\Users\Val\AppData\Local\Adobe
2015-08-15 01:00 - 2014-10-29 01:20 - 00000000 ____D C:\Users\Val\Desktop\Joel's
2015-08-14 19:00 - 2011-11-06 14:34 - 00000000 ____D C:\Users\Val\AppData\Roaming\Azureus
2015-08-14 10:59 - 2009-07-14 15:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 10:56 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-14 04:28 - 2011-11-06 14:33 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-08-14 03:03 - 2014-08-15 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 22:16 - 2011-10-05 16:18 - 00000000 ____D C:\Users\Val
2015-08-13 19:29 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 14:22 - 2012-09-07 13:51 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 14:22 - 2012-09-07 13:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-13 14:22 - 2011-11-11 16:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-13 13:02 - 2009-07-14 14:45 - 05083680 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 12:59 - 2015-07-01 15:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 12:59 - 2014-06-08 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 01:55 - 2014-11-11 21:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-13 01:53 - 2013-03-20 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 01:51 - 2013-03-20 14:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 01:51 - 2013-03-20 14:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 01:41 - 2009-07-14 12:34 - 00000510 _____ C:\Windows\win.ini
2015-08-12 05:10 - 2014-11-10 23:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-12 05:10 - 2013-03-20 14:47 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-12 05:10 - 2013-03-20 14:47 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-12 05:10 - 2013-03-20 14:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-09 12:22 - 2011-11-12 17:31 - 00000000 ____D C:\ProgramData\Norton
2015-08-03 17:50 - 2011-10-05 16:18 - 00120224 _____ C:\Users\Val\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-31 09:14 - 2011-11-14 10:47 - 00000000 ____D C:\Update
2015-07-31 09:13 - 2011-11-29 12:00 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2015-07-31 09:12 - 2011-10-06 10:21 - 00000000 ____D C:\Program Files\Sony
2015-07-31 09:10 - 2014-06-17 13:49 - 00013792 _____ C:\Windows\system32\Drivers\semav6thermal64ro.sys
2015-07-25 21:19 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 14:36 - 2014-07-04 17:53 - 00000000 ____D C:\Program Files (x86)\Child of Light
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-25 13:04 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-24 11:02 - 2012-09-06 22:26 - 00000000 ____D C:\Users\Val\AppData\Roaming\Skype
2015-07-23 18:39 - 2013-03-25 16:42 - 00001808 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-07-23 18:39 - 2011-11-06 14:33 - 00001808 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-23 11:50 - 2014-11-14 21:58 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-23 11:50 - 2012-04-02 13:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-23 11:50 - 2011-11-06 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 10:42 - 2015-07-04 08:17 - 00000000 ____D C:\Users\Val\AppData\Local\SKIDROW
2015-07-23 10:42 - 2014-07-09 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-23 10:42 - 2014-01-25 12:47 - 00000000 ____D C:\Users\Val\Documents\My Games
2015-07-23 10:39 - 2014-07-13 22:05 - 00000000 ____D C:\Users\Val\AppData\Roaming\Yacht Club Games
2015-07-23 10:39 - 2014-06-22 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-07-23 10:39 - 2014-06-22 06:43 - 00000000 ____D C:\GOG Games
2015-07-23 10:39 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-23 10:38 - 2015-07-08 01:28 - 00000000 ____D C:\Users\Val\AppData\Roaming\Arrowhead
2015-07-22 19:28 - 2014-05-03 03:07 - 00000000 ____D C:\Users\Val\Documents\Temps
2015-07-22 19:26 - 2014-03-19 19:06 - 00000000 ____D C:\Users\Val\Documents\Paperwork
2015-07-22 19:18 - 2012-02-01 21:27 - 00000000 ____D C:\Users\Val\Documents\Games
2015-07-17 23:57 - 2011-11-11 15:57 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-17 23:57 - 2011-11-11 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-17 23:08 - 2011-12-13 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-17 22:27 - 2015-07-13 02:57 - 00000000 ____D C:\Program Files (x86)\Klout
2015-07-17 22:27 - 2014-06-25 07:27 - 00000000 ____D C:\Program Files\PowerISO
2015-07-17 22:27 - 2010-04-16 05:30 - 00000000 ____D C:\Windows\Panther
2015-07-17 04:59 - 2015-07-03 04:56 - 00003262 _____ C:\Windows\System32\Tasks\Megasoft Security Viewer
2015-07-17 03:03 - 2015-07-01 15:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 03:46 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 03:10 - 2013-08-08 12:36 - 00000000 ____D C:\Windows\system32\MRT
==================== Files in the root of some directories =======
2015-07-03 04:55 - 2015-07-03 04:55 - 0000000 _____ () C:\Users\Val\AppData\Roaming\3C86.tmp
2015-07-17 07:15 - 2015-07-17 07:15 - 0000000 _____ () C:\Users\Val\AppData\Roaming\ED1A.tmp
2014-04-23 11:29 - 2014-04-23 11:29 - 0017408 ___SH () C:\Users\Val\AppData\Roaming\Thumbs.db
2012-03-10 01:55 - 2012-03-10 01:55 - 0012841 _____ () C:\Users\Val\AppData\Roaming\UserTile.png
2015-07-13 03:05 - 2015-07-13 03:05 - 0000000 _____ () C:\Users\Val\AppData\Local\Temp.dat
Some files in TEMP:
====================
C:\Users\Val\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-12 17:13
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Val (2015-08-15 23:37:15)
Running from C:\Users\Val\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-986212026-379418426-1859886101-500 - Administrator - Disabled)
Guest (S-1-5-21-986212026-379418426-1859886101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-986212026-379418426-1859886101-1002 - Limited - Enabled)
Val (S-1-5-21-986212026-379418426-1859886101-1000 - Administrator - Enabled) => C:\Users\Val
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
ePub to PDF Converter 2.0.4 (HKLM-x32\...\ePub to PDF Converter_is1) (Version: - DONGSOFT Company, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-tax 2012 (HKLM-x32\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.2.1525 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.2.0.15040 - Sony Corporation)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pillars of Eternity v.1.0.5.0567 (HKLM-x32\...\Pillars of Eternity_is1) (Version: - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.1.02.03310 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.07140 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.1.00.15080 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6013 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.14250 - Sony Corporation)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.1.0.14240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
The Sims 2 Ultimate Collection version 1.17.0.66 (HKLM-x32\...\The Sims 2 Ultimate Collection_is1) (Version: 1.17.0.66 - EA Games)
Unity Web Player (HKU\S-1-5-21-986212026-379418426-1859886101-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.07140 - Sony Corporation)
VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Content Monitoring Settings (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.5.0.13220 - Sony Corporation)
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.3.0.13150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.13210 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.7.0.16080 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.0.0.04160 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}) (Version: 4.1.0.13180 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.15040 - Sony Corporation)
VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.1.0.14080 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.1.00.14040 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.1.0.13120 - Sony Corporation)
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.13200 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.2.0.14010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.1.0.14090 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.3950 - Broadcom Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
11-08-2015 02:00:58 Norton_Power_Eraser_20150811020053526
11-08-2015 03:00:16 Windows Update
11-08-2015 04:39:33 Windows Update
11-08-2015 22:53:56 Restore Point Created by FRST
12-08-2015 03:00:16 Windows Update
12-08-2015 03:59:32 JRT Pre-Junkware Removal
12-08-2015 05:09:21 Windows Update
13-08-2015 01:25:12 Windows Update
14-08-2015 03:00:23 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2014-06-29 08:06 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D41DB0F-7F93-4993-A4D8-F2A70D4669B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A4E420-0D66-439A-A270-B9B6094E42B1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JOEL-Val Joel => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-06-26] (Microsoft Corporation)
Task: {13BE7939-B31D-4D0B-8B0D-E56C76D245DF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {1FE833B4-BD1E-40CB-BD91-0A84C32AD76A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {235CFED4-2ACA-415F-83CD-1ED604B23B79} - System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => pcalua.exe -a "C:\Program Files (x86)\V-9.1HD\Uninstall.exe" -c /fcp=1
Task: {2B1E979D-21A7-4787-BFCE-264A6106A5CD} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {31D0115F-C18F-4B4A-956A-A5DAAB28675F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {36C9E78A-4483-420D-A4E0-8F86F4FD5A8C} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {40789279-1C96-4C37-9D94-33B7CE113DBE} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {41CC72F1-B55A-4769-9D94-69AF8A03A436} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {428E7C88-0901-4650-9A80-77D1F6E27A5E} - System32\Tasks\SONY\Prepare Your VAIO\Prepare Your VAIO => C:\Program Files (x86)\Sony\Prepare Your VAIO\PYV.exe [2010-02-25] (Sony Corporation)
Task: {45E56A76-06DB-4921-8A19-EB472A27DBC5} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {4731AEF1-F633-4633-9E2A-D8BDE23F364F} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {491A119B-5FE8-4731-9C8E-434BA6759B9D} - System32\Tasks\AdobeAAMUpdater-1.0-Val-VAIO-Val => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {4A6C63B3-5EC4-4CF6-8FF0-C5D3FB1D813D} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {5274D606-0786-4992-9B46-8E504E985106} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56004971-BDC7-40AE-8F3E-7AF931168EFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5C0B34AD-45D8-41CA-8C62-990BB13B983E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {637B059C-9874-42C1-910A-730791BDF02C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {64334B5F-626A-4957-AA73-99104CDAA1AF} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-03-02] (Sony Corporation)
Task: {65C250D4-888B-4B96-B24F-E1A958CD2424} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-17] (Symantec Corporation)
Task: {66455886-0F06-4A60-A971-9669985B547A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DAFB589-7BF3-4796-A22F-4F27D65C2F9D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6DD85A0C-B4DF-42F9-BF51-37EB787D02F2} - System32\Tasks\Megasoft Security Viewer => C:\Program Files (x86)\Megasoft Security\jptask.exe
Task: {6E63CE98-39F5-4765-9736-99909BB2BDDE} - System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95} => pcalua.exe -a "C:\Program Files\Microsoft Security Client\Setup.exe" -c /x
Task: {75E0C3BD-AAE6-4DC6-AAF1-AE43B2CEA6F5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {792606F4-0A69-47CF-84C4-700A17ECB811} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {8109AE46-C26B-4FED-8063-8D5FD629AC6D} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {8F8F0474-F880-4A0E-89F0-9760B9AF48D1} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
Task: {905B07D2-6D78-4D57-BBEB-3B9F48757DA2} - System32\Tasks\{6ED7D482-686C-4A8C-A394-0FBCE695804E} => pcalua.exe -a C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED\setup_legend_of_grimrock_1.0.0.6.exe -d C:\Users\Val\Desktop\Legend.of.Grimrock-RELOADED
Task: {9CBB4F4F-3A66-45AB-9CF1-B493DE5EDFEC} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {A14BD500-46E1-47BE-9266-6E662074AA12} - System32\Tasks\{8F42C2F7-755C-491B-B067-0F304A7D13F5} => pcalua.exe -a C:\Users\Val\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\Val\Desktop
Task: {A1C1779F-D704-4DCE-A789-A100712AF941} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {AFC71B52-293D-4930-945B-84B0FDFB349E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {B39B622A-A986-4094-8E27-9B48B7576F81} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B5573480-3025-4CD8-ACC5-97F65DBDE0BE} - System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => pcalua.exe -a "C:\Program Files (x86)\Fraveen 1.4\Uninstall.exe" -c /fcp=1
Task: {B8684772-8ACD-4D61-B1B9-4BDB02A7D167} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {BDE114C7-E118-4D97-9A67-DCD2E3A10007} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {BE363EB0-7472-4830-8D86-39453475A990} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {BF6B4189-EA58-406D-8962-FE284BB18EB3} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C3F08A49-5EE6-4B2F-BDBF-938DDDCFB1A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C4867012-4448-4148-A5E1-343A99136352} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {D248F8B9-8060-4F5C-905C-53A93E9B6B36} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6B71070-5725-483E-8482-F0C671F834C7} - System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlayer\Uninstall.exe" -c /fcp=1
Task: {D95E82FE-8AE9-4FF0-BFAE-6B33348276DE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {EDCF36B0-19D2-44FE-85E9-7E256F5F3FCD} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {EFB74764-C091-4473-A75E-20BB449789A3} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {F12734FA-A9D4-42CC-835C-83C6C8AEB16A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2010-07-19 15:48 - 2010-07-19 15:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-08 18:35 - 2013-01-08 18:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2011-10-06 09:59 - 2010-03-03 09:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2011-10-06 09:57 - 2010-02-25 07:59 - 00379904 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll
2010-04-16 07:10 - 2009-11-21 08:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-05-13 18:31 - 2015-05-13 18:31 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-986212026-379418426-1859886101-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/15/2015 04:46:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 12:26:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 12:26:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 12:26:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 12:26:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 01:02:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 12:53:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/15/2015 12:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
System errors:
=============
Error: (08/15/2015 05:28:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (08/15/2015 04:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (08/15/2015 04:55:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (08/15/2015 04:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (08/15/2015 04:55:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (08/15/2015 04:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (08/15/2015 04:55:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (08/15/2015 04:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (08/15/2015 04:55:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Val\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (08/15/2015 04:55:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Microsoft Office:
=========================
Error: (08/15/2015 04:46:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/15/2015 12:26:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 12:26:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 12:26:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 12:26:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 01:02:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 01:02:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 12:53:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
Error: (08/15/2015 12:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Val\Documents\Vuze Downloads\Downloads\esetsmartinstaller_enu.exe
CodeIntegrity:
===================================
Date: 2013-07-15 18:04:53.807
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:53.675
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:51.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:51.386
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:49.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:49.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:46.839
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:46.714
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:44.530
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-15 18:04:44.406
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 71%
Total physical RAM: 3766.88 MB
Available physical RAM: 1079.84 MB
Total Virtual: 7531.97 MB
Available Virtual: 3886.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:284.99 GB) (Free:63.32 GB) NTFS
Drive g: (Transcend) (Removable) (Total:3.73 GB) (Free:2.12 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C4EA7D6B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of log ============================
Results of screen317's Security Check version 1.006
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 6 Update 17
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.232
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (39.0)
Google Chrome 35.0.1916.114 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
#12
Posted 15 August 2015 - 09:19 AM
Let's take care of the remnants and then we'll try to deal with the sluggishness of your system.
Warning!
I noticed that you have more than one antivirus program installed and active. It is very important not to have more than one antivirus program active at one time. They work in background, continuously scanning and protecting your system. That function is called Real-Time Protection. Having two or more of them at one time not only multiplies the amount of system resources that are used all the time, but more importantly, the programs are always fighting with each other for control of the system. That causes system slowness, false positives, system crashes, as well as lower detection rates. You will very likely end up with little or no protection.
Your Norton 360 program is a paid subscription. If the subscription was recently renewed I would suggest you keep it. If the subscription is about to expire you will need to decide if you want to renew the subscription and keep it or uninstall it and keep Microsoft Security Essentials program.
Please let me know which you would like to keep and I will remove the other one.
Step #1
Reinstalling Google Chrome
As your Google Chrome is now in development build, which leaves you vulnerable to further infections, we have to reinstall it. To do that:
- Make sure that you save your bookmarks by exporting them. Here's how to do it.
- Sign into your account at Google Sync, then scroll down until you see "Stop and Clear" button then click it. Click "OK" when the prompt appears.
- Now uninstall Google Chrome. Make sure that you delete all data and settings when asked about it.
- Restart the computer and download the latest version of Google Chrome from here.
- Import your bookmarks into Google Chrome and sign back to the browser so that your bookmarks sync with your account.
Step #2
Service fix
Please download the files below.
SharedAccess.reg 354.38KB 191 downloads
wscsvc.reg 5.13KB 179 downloads
wuauserv.reg 6.03KB 175 downloads
Launch the files by double-clicking them. Allow each file to be added to the registry.
After that, restart the system.
Step #3
Farbar Service Scanner
- Right click FSS.exe on your desktop and click Run as administrator.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Press "Scan".
- It will create a log (FSS.txt) on the Desktop.
- Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
Things that should appear in your next post:
- FSS.txt log content
- Please tell me which Antivirus you want to keep
- Please tell me if you have successfully reinstalled Google Chrome
#13
Posted 15 August 2015 - 07:21 PM
Lets remove Windows Security Essentials
Farbar Service Scanner Version: 26-07-2015
Ran by Val (administrator) on 16-08-2015 at 11:19:29
Running from "C:\Users\Val\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Thanks
#14
Posted 16 August 2015 - 03:53 AM
How about Google Chrome? Have you successfully reinstalled it?
Some final cleaning to do. Please tell me if your system gets any better after this.
Step #1
Uninstalling programs
Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove Microsoft Security Essentials.
Step #2
FRST Fix
- Download attached fixlist.txt file to your desktop.
fixlist.txt 1.41KB 240 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system - Right click FRST64.exe on your desktop and click Run as administrator.
- Press the Fix button just once and wait.
NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work. - If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Step #3
Updating programs
Your Java version is too old. Keeping Java updated is very important as well.
- WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
Read this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)
- Click the Start button
- Click Control Panel
- Double Click Java - Looks like a coffee cup. You may have to switch to Large icons view on the upper right of the Control Panel to see it.
- Click the Update tab
- Click Update Now
- Allow any updates to be downloaded and installed
- Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
Your Adobe Reader is outdated. Adobe products have to always be updated as well, because they also are being used to infect your computer.
Visit this site to update it.
- Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
Things that should appear in your next post:
- Fixlog.txt log content
- Please tell me if you have successfully reinstalled Google Chrome earlier
- Please tell me if you have successfully uninstalled Microsoft Security Essentials
- Please tell me if you have successfully updated (or removed) Java and Adobe Reader.
- How's your system doing now?
#15
Posted 16 August 2015 - 05:28 AM
Tired tonight! Completed your instructions slightly out of order, hope it doesn't matter! Ran the FIX after removing Microsoft Security Essentials, removing JAVA and after updating Adobe Reader..
Successfully installed Chrome from last post, sorry I didn't mention that.
And as above uninstalled successfully MSE and JAVA and updated AR.
Computer appears to be running relatively smoothly, its an old computer, i'd say it is running better then when you first started helping me..
Awaiting further instructions..
Thanks.
Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Val (2015-08-16 21:08:11) Run:2
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available Profiles: Val)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
2015-07-17 04:59 - 2015-07-03 04:56 - 00003262 _____ C:\Windows\System32\Tasks\Megasoft Security Viewer
Task: {235CFED4-2ACA-415F-83CD-1ED604B23B79} - System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => pcalua.exe -a "C:\Program Files (x86)\V-9.1HD\Uninstall.exe" -c /fcp=1
Task: {6DD85A0C-B4DF-42F9-BF51-37EB787D02F2} - System32\Tasks\Megasoft Security Viewer => C:\Program Files (x86)\Megasoft Security\jptask.exe
Task: {B5573480-3025-4CD8-ACC5-97F65DBDE0BE} - System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => pcalua.exe -a "C:\Program Files (x86)\Fraveen 1.4\Uninstall.exe" -c /fcp=1
Task: {D6B71070-5725-483E-8482-F0C671F834C7} - System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlayer\Uninstall.exe" -c /fcp=1
C:\Program Files (x86)\V-9.1HD
C:\Program Files (x86)\Megasoft Security
C:\Program Files (x86)\Fraveen 1.4
C:\Program Files (x86)\video MediaPlayer
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz
C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\ccsetup500.exe
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.dll
C:\Program Files (x86)\A2D275BD-14FE-4D77-8EE9-A7DA99D356AF
EmptyTemp:
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Windows\System32\Tasks\Megasoft Security Viewer => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{235CFED4-2ACA-415F-83CD-1ED604B23B79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{235CFED4-2ACA-415F-83CD-1ED604B23B79}" => key removed successfully
C:\Windows\System32\Tasks\{221A1B6C-C041-49E7-BEEE-AA1423068F74} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{221A1B6C-C041-49E7-BEEE-AA1423068F74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DD85A0C-B4DF-42F9-BF51-37EB787D02F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DD85A0C-B4DF-42F9-BF51-37EB787D02F2}" => key removed successfully
C:\Windows\System32\Tasks\Megasoft Security Viewer not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Megasoft Security Viewer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5573480-3025-4CD8-ACC5-97F65DBDE0BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5573480-3025-4CD8-ACC5-97F65DBDE0BE}" => key removed successfully
C:\Windows\System32\Tasks\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AAC86AC9-E43F-4B4B-B7EB-9E10D5B5AA28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6B71070-5725-483E-8482-F0C671F834C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6B71070-5725-483E-8482-F0C671F834C7}" => key removed successfully
C:\Windows\System32\Tasks\{3521E609-332A-476E-91DB-7DAC22AFCCE2} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3521E609-332A-476E-91DB-7DAC22AFCCE2}" => key removed successfully
"C:\Program Files (x86)\V-9.1HD" => File/Folder not found.
"C:\Program Files (x86)\Megasoft Security" => File/Folder not found.
"C:\Program Files (x86)\Fraveen 1.4" => File/Folder not found.
"C:\Program Files (x86)\video MediaPlayer" => File/Folder not found.
"C:\Users\Val\Cookies" => ":AWOvEjCeixwoghHetITiPPRP" ADS not found.
"C:\Users\Val\AppData\Local\Temporary Internet Files" => ":MP8Uflmc0xnGiVYhhUU06AxEM0kz" ADS not found.
C:\Users\Val\Documents\Vuze Downloads\Downloads\Games Programs and Other\ccsetup500.exe => moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll => moved successfully.
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_31_5p83tu.dll => moved successfully.
C:\Program Files (x86)\A2D275BD-14FE-4D77-8EE9-A7DA99D356AF => moved successfully.
EmptyTemp: => 451.2 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 21:10:12 ====
Similar Topics
Also tagged with one or more of these keywords: Outbound, Outbound Traffic, Security, Norton 360, Security Request, Suspicious Outbound Activity
Retired Forums →
Windows Vista and Windows 7 →
Can I Use Vista With Any Degree of Security? If so, How?Started by Waste of Space , 12 Nov 2020 firewall, vista, security, xp and 4 more... |
|
|
||
Security →
Can't Run Any Antivirus or Malware Removal Programs →
Virus and Threat Detection isn't working!Started by medusa9 , 15 Jul 2020 Security |
|
|
||
Discussion →
Off-Topic →
Have you Backed up your data ? Guys!Started by Emma Ryan , 31 Mar 2020 Security, Privacy, Data, Threat and 1 more... |
|
|
||
Hardware →
Networking →
Privacy when working from homeStarted by KimL , 22 Mar 2020 privacy, security |
|
|
||
Security →
Smartphone Virus / Mobile Malware →
Plugged my phone into work computer and "trusted" because IStarted by Juisui003 , 04 Jan 2020 trusted device, iphone, windows and 2 more... |
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users