Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Indexing


  • Please log in to reply

#31
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Amy Martin (2016-01-08 12:46:16)
Running from C:\Users\Amy Martin\Desktop
Windows 8.1 (X64) (2014-02-04 18:02:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3873701136-3596577701-2754614134-500 - Administrator - Disabled)
Amy Martin (S-1-5-21-3873701136-3596577701-2754614134-1001 - Administrator - Enabled) => C:\Users\Amy Martin
Guest (S-1-5-21-3873701136-3596577701-2754614134-501 - Limited - Disabled)
Kyle Martin (S-1-5-21-3873701136-3596577701-2754614134-1002 - Limited - Enabled) => C:\Users\Kyle Martin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Troubleshoot & Resolve Tool (HKLM-x32\...\ATT-SST) (Version:  - )
ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT)
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
att.net Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - att.net)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
Elf Bowling 7 The Last Insult (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113849380}) (Version:  - Oberon Media)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Objection Series 3.4 (HKLM-x32\...\{DBE07A91-5BEF-4CB9-B7D1-A57961E65CE7}) (Version: 3.4.0 - TransMedia)
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Reader for PC (HKLM-x32\...\{25340F94-F74E-4CCF-ABDF-ECBCF03911BE}) (Version: 2.0.00.07121 - Sony Corporation)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28146 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Sharepod 4.0.3.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.3.11280 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Hardware Diagnostics Plugin for VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation)
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.2.00.07040 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.2.00.07040 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VCCMMx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCMMx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (07/15/2013 10.0.0.260) (HKLM\...\FF9ECD00DD25FDB7D3208607214790302878ACBE) (Version: 07/15/2013 10.0.0.260 - Qualcomm Atheros Communications Inc.)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - att.net)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FEF7D2A-0129-4FB8-B2C1-D8F64D2BF93B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {1ACAB368-B7D9-4270-9EB2-E59D30E26138} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {1E1B7CFE-B198-4324-9CCE-BA72862C6A19} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3873701136-3596577701-2754614134-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {2C49786A-37A0-4C7E-BFD4-8813D5E3E245} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {2EAE0E57-8A9B-415D-81D0-A06CB6868ED3} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {48C0D2DD-031A-4910-A4CA-7AECA2687F4B} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {593EABAA-AF28-4262-9EFC-B60740828613} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-07] (Sony Corporation)
Task: {69527C9F-9E54-4F80-9E1F-067D2F55BA19} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {7080228C-0426-4FC0-8B2A-C049FFC1AEB6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {7D5AA6FB-0CC4-4173-BA09-1D67A2E283E1} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {86CF5725-3D7C-4D8E-B1BE-6DA8D73617D6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3873701136-3596577701-2754614134-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {93B447B7-7F37-4801-B340-A8B5A58D088B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {9ED294BD-07EB-42D1-91A1-CBEA04FE3B57} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-11-28] (Sony Corporation)
Task: {A0CF5243-7E55-48A5-9F8A-8BDF13A914A9} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {A787F4B6-8A17-44FB-BB2F-69C66C1247F7} - System32\Tasks\{BC808C2C-9C33-4ED2-905B-2D1AD4F66EFF} => pcalua.exe -a D:\AutoRun.exe -d D:\ -c autoLaunch
Task: {A79253CE-AB63-4568-B4D2-076B3A24B082} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {ABCF7660-726D-4C2D-ABA2-1FF629EAD158} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BF8ECFDE-D9E7-48D5-ABED-A39BA82F5A85} - System32\Tasks\{AAFEC2CF-CBF4-4B5A-948F-14527794AE28} => pcalua.exe -a D:\setup.exe -d D:\
Task: {CA55E6FE-0B64-49C9-AB4F-770093A8FBDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {D2B93E8C-6DF5-4845-BBC3-6B7765144F82} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {D8E07147-9B4B-4F0B-8CFA-05830E506F6F} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {E0D90E6A-D6EA-4375-B2FB-F96537A28232} - System32\Tasks\Sony Corporation\VAIO Care\UpdateConfig => C:\ProgramData\Sony Corporation\VCM Data\UpdateConfig.exe [2015-03-03] (Sony Corporation)
Task: {E171BA50-E36B-42BF-A2F5-6289006372F8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3873701136-3596577701-2754614134-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E4107877-4046-4D1B-A5D6-B354A77C130D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EC18943C-993B-4998-AA02-B658D15062BA} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {ED73927A-C1D9-40EB-81DD-6A1F78BD8D19} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)
Task: {EFA4E260-1E57-44BA-93C3-3233611EC698} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-01] (Adobe Systems Incorporated)
Task: {F097A5CB-21DD-428F-99F8-CE8D75D7DDE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F6369E8A-8A22-477D-9CCB-19257F67DE44} - \UpdaterEX -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\AMYMAR~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-28 11:07 - 2012-12-28 11:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 11:04 - 2012-12-28 11:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 11:09 - 2012-12-28 11:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-08-29 04:07 - 2015-08-29 04:07 - 00260608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe\Microsoft.CXE.Logging.dll
2015-03-13 05:03 - 2015-03-13 05:03 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\f1407bb1d381cf5dee299c4e5f0fdf9d\Windows.ApplicationModel.ni.dll
2015-04-18 05:32 - 2015-04-18 05:32 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll
2015-10-20 02:57 - 2015-10-20 02:57 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-10-20 02:57 - 2015-10-20 02:57 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\eea3e743a58cb4d556fe113d6336020b\Windows.Storage.ni.dll
2015-03-13 05:03 - 2015-03-13 05:03 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\f4031c5dbdde97cb4a0c7572cc0d1f29\Windows.Graphics.ni.dll
2015-03-13 05:03 - 2015-03-13 05:03 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\2333488328d673bea8d60a9f2e84759c\Windows.Security.ni.dll
2015-08-16 04:42 - 2015-08-16 04:42 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\5ab6059d1e922dc371685c5207f6f7a6\Windows.System.ni.dll
2015-08-16 04:45 - 2015-08-16 04:45 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\271d406467b9db0758ea399495d00731\Windows.Devices.ni.dll
2015-03-13 05:03 - 2015-03-13 05:03 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\84819467f44d3da49aa14236af8fcc9a\Windows.Networking.ni.dll
2015-08-16 04:45 - 2015-08-16 04:45 - 05185024 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\5b635adafd557846d0d2e3a87d132130\Windows.UI.Xaml.ni.dll
2015-08-29 04:07 - 2015-08-29 04:07 - 00924672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe\Microsoft.CXE.Transport.Background.dll
2015-10-19 02:32 - 2015-10-19 02:32 - 00751104 _____ () C:\Users\Amy Martin\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.C90bca870#\e8bda8142225560c37ea606ba4fab7af\Microsoft.CXE.UpdateEngine.ni.dll
2015-10-20 02:57 - 2015-10-20 02:57 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-11-26 07:33 - 2014-11-26 07:33 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-10 02:05 - 2010-01-10 02:05 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 19:37 - 2010-01-10 19:37 - 00058208 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-12-16 17:50 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 17:50 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2013-01-10 07:47 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:A518B662
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy Martin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\saint.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\Run: => "ATT-SST_McciTrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "HP Photosmart 7520 series (NET)"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "Amazon Music"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E4C144B4-9D8E-422C-A68B-D482598DE7CD}] => (Allow) LPort=4482
FirewallRules: [{FD752D6B-9C69-4E9E-A026-4DC907A67CA2}] => (Allow) LPort=4482
FirewallRules: [{D62373A9-8940-471C-AB82-CC8254F8612B}] => (Allow) LPort=4481
FirewallRules: [{2EC4DDC1-48E7-4FCC-9A10-7DA306955FDD}] => (Allow) LPort=4481
FirewallRules: [{23104C1D-BFE0-464B-9AEF-995DBF82380B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{9E4DD449-3AB6-4318-A16C-FE0B6D4771A2}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{490BB81F-DDAE-40ED-91A2-6FB802F97649}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{667ED34F-14BD-4921-8D39-C929C46A0A34}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{127BA26E-0B3D-4149-8ABD-EB84F99DA90A}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{92C42162-F0EF-4825-A3FE-7C4C2FDD3C7B}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{D6DCCE41-9292-436F-90CB-90E7BA6BE06E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8985E73D-7096-41FB-B9CE-A5B9DA233CB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9398973-01ED-4B02-90A0-5CDE93D0E509}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{956364F8-5BB5-4C3C-A950-65322225F711}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5373F3BF-4628-49A4-9E32-72FDC7C0AFDE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA3F3368-BF29-4E87-977F-B0DE08A06F6F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{D7919E6E-65BF-404A-95C7-6215CB2E81CD}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7B60E97B-29A0-4B37-BD9B-80E3879C3B9B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C05AAB70-F3BB-4A98-BDFB-9712DFA9939F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{217BA72F-0E43-4DA4-9DBF-168297A70A47}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BF8D2358-1522-4CE6-A1C6-CC889EDD37CD}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B272FAE9-4E56-4312-9A4A-9005880B6FC8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{0FB98EFF-0311-4E01-A1D2-56250808EF17}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EA6ED418-99BC-49DF-AF10-D6C090B823B0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D9D579AB-BFA8-48D9-BAA6-98D5B14F98AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{CA58340C-D31B-4E81-B979-4B28172453BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4FAEB51A-539F-486A-BD30-EED4AA762556}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19CC285D-62AA-4563-A835-CC012195FC14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2C5C622-0BBB-4D19-852E-4556C47BE839}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83D86F50-2581-44CA-9883-E09DCEC43120}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5E16A7FF-2E1D-41C6-9902-66C0522E8504}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{89FF2766-4B32-4BC5-8671-84C3A8D09C55}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
 
==================== Restore Points =========================
 
30-12-2015 05:18:11 Windows Update
01-01-2016 14:31:37 Restore Operation
05-01-2016 05:27:55 Windows Update
08-01-2016 08:50:45 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR3012 Bluetooth® Adapter
Description: Qualcomm Atheros AR3012 Bluetooth® Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2016 11:12:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2008
 
Start Time: 01d14a370d8010ad
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe
 
Report Id: 01585283-b62b-11e5-bf7c-d250d63afe24
 
Faulting package full name: LogosBibleSoftware.Vyrso_1.2.0.3_x86__h0wrhs0ttj2c8
 
Faulting package-relative application ID: App
 
Error: (01/08/2016 10:07:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x54503d58
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x54503d84
Exception code: 0xc000027b
Fault offset: 0x001212e1
Faulting process id: 0x47c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (01/08/2016 09:12:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17e0
 
Start Time: 01d14a264b41167f
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe
 
Report Id: 3ed8cc41-b61a-11e5-bf7c-d250d63afe24
 
Faulting package full name: LogosBibleSoftware.Vyrso_1.2.0.3_x86__h0wrhs0ttj2c8
 
Faulting package-relative application ID: App
 
Error: (01/08/2016 08:53:54 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft Office Shared 64-bit MUI (English) 2010 -- Error 1704. An installation for Microsoft Office Office 64-bit Components 2010 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (01/08/2016 07:59:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f80
 
Start Time: 01d14a1c221f33e9
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 14ceb11e-b610-11e5-bf7c-d250d63afe24
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (01/08/2016 07:56:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARTIN)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!windowsphone.App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/08/2016 07:55:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MARTIN)
Description: App Microsoft.WindowsPhone_1.42.1701.1_x64__8wekyb3d8bbwe+windowsphone.App did not launch within its allotted time.
 
Error: (01/08/2016 07:39:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x545036ce
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0xb8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (01/08/2016 07:26:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 119c
 
Start Time: 01d14a170bb8690a
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 5acba192-b60b-11e5-bf7b-c72943972fd3
 
Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (01/08/2016 07:19:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARTIN)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!windowsphone.App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (01/08/2016 08:55:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Hewlett-Packard  - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.
 
Error: (01/08/2016 08:53:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Hewlett-Packard  - Imaging, Other hardware - Null Print - HP Photosmart 7520 series.
 
Error: (01/08/2016 07:55:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ATT MAHostService service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (01/08/2016 07:55:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ATT MAHostService service terminated with the following error: 
%%4294967295
 
Error: (01/08/2016 07:55:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ATT MAHostService service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/08/2016 07:55:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ATT MAHostService service terminated with the following error: 
%%4294967295
 
Error: (01/08/2016 07:54:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ATT MAHostService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/08/2016 07:54:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vcs service failed to start due to the following error: 
%%577
 
Error: (01/08/2016 07:54:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/08/2016 07:52:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2016-01-08 07:54:38.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-08 07:17:46.677
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 20:03:58.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 18:53:04.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 13:13:35.470
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 10:37:47.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-06 08:15:18.755
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-06 07:05:15.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 18:11:15.619
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-01 15:11:23.541
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3975.27 MB
Available physical RAM: 1502.47 MB
Total Virtual: 5767.27 MB
Available Virtual: 2621.6 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.74 GB) (Free:357.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 792C621F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Please submit the utc5mtm0.sys file to virustotal:
 
 
Easiest way to submit a file is to copy the path:
 
"C:\WINDOWS\SysWOW64\Drivers\utc5mtm0.sys"
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with spoolsv.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46 different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 58  or so then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 
 
I'm going to remove it and some adware and deadwood with FRST but it's a suspicious randomly named file so I wonder if it is evil.
 

In the search box or in a CMD prompt type:

 

eventvwr.msc 

 

This should open the Event Viewer.  Click on Windows Logs,  then right click on Applications and Clear Log. Clear.  Right click on System and Clear Log, Clear.

 

 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
The MCSTRM error will go away after this.  Apparently it wasn't completely uninstalled and left a driver without a file.
 
I see the two other services that are causing the  slow boot.  One is part of  ATT Management Agent and the other is part of Avnex Virtual Audio Device.  The ATT Management Agent can be uninstalled and a new version downloaded and installed (Tho I would go back into MSCONFIG and check anything from ATT and reboot before hand.)  I do not see Avnet in the uninstall list   I found this info on it:
 
If you don't use it then I can remove it with a frst fixlist.
 
 

Your Bluetooth seems to be disabled.  That can also cause slow boots.  Do you use it?  


  • 0

#33
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Sorry but when I tried to Ctrl V or Paste the image it said "that You are not allowed to post this image type in forum".
Community
Statistics
Documentation
FAQ
About
Join our community
Sign in
English
VirusTotal
SHA256: 7ae9aae77884ac0baa2f8168b3ed4de0c0c9834a42d8e5a775f47a2c66cec237
File name: utmwotiz.sys
Detection ratio: 3 / 54
Analysis date: 2016-01-06 20:13:05 UTC ( 2 days ago )
47 49
Analysis
File detail
Relationships
Additional information
Comments 10+
Votes
Antivirus Result Update
Antiy-AVL Trojan/Win32.SGeneric 20160106
Bkav W32.LmirESys3.Rootkit 20160105
Rising PE:Trojan.Win32.KillAV.avn!1450976 [F] 20160105
ALYac 20160106
AVG 20160106
AVware 20160106
Ad-Aware 20160106
AegisLab 20160105
Agnitum 20160105
AhnLab-V3 20160105
Alibaba 20160106
Arcabit 20160106
Avast 20160106
Avira 20160106
Baidu-International 20160105
BitDefender 20160106
ByteHero 20160106
CAT-QuickHeal 20160105
CMC 20160104
ClamAV 20160105
Comodo 20160106
Cyren 20160106
DrWeb 20160106
ESET-NOD32 20160106
Emsisoft 20160106
F-Prot 20160106
F-Secure 20160106
Fortinet 20160106
GData 20160106
Ikarus 20160106
Jiangmin 20160105
K7AntiVirus 20160105
K7GW 20160106
Kaspersky 20160106
Malwarebytes 20160106
McAfee 20160106
McAfee-GW-Edition 20160106
MicroWorld-eScan 20160106
Microsoft 20160106
NANO-Antivirus 20160106
Panda 20160105
Qihoo-360 20160106
SUPERAntiSpyware 20160106
Sophos 20160106
Symantec 20160105
TheHacker 20160103
TrendMicro 20160106
TrendMicro-HouseCall 20160106
VBA32 20160105
VIPRE 20160106
ViRobot 20160106
Zillya 20160106
Zoner 20160106
nProtect 20160105
Blog | Twitter | [email protected] | Google groups | ToS | Privacy policy
  • 0

#34
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Here's the fix log.  It required me to reboot after it ran, so now I'm going to rerun with the additions.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Amy Martin (2016-01-08 15:10:00) Run:2
Running from C:\Users\Amy Martin\Desktop
Loaded Profiles: Amy Martin & Kyle Martin (Available Profiles: Amy Martin & Kyle Martin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicyUsers\S-1-5-21-3873701136-3596577701-2754614134-1002\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3873701136-3596577701-2754614134-1001\User: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.v9.com/web/?type=ds&ts=1412461879&from=cor&uid=WDCXWD5000BPVT-55HXZT4_WD-WXX1E82MHFC7MHFC7&i=psd&t=349e49429&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1412461879&from=cor&uid=WDCXWD5000BPVT-55HXZT4_WD-WXX1E82MHFC7MHFC7&i=psd&t=349e49429&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: [S-1-5-21-3873701136-3596577701-2754614134-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm036^YY^us&si=EL_UTUS_20&ptb=2BD6E75E-25CD-4CC6-95B8-3B066E477445&ind=2013032721&n=77fc7111&psa=&st=sb&searchfor={searchTerms}
CHR HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kbemlhjodpfopddibpbppifmogphpmil] - C:\Users\Amy Martin\AppData\Local\CRE\kbemlhjodpfopddibpbppifmogphpmil.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kbemlhjodpfopddibpbppifmogphpmil] - C:\Users\Amy Martin\AppData\Local\CRE\kbemlhjodpfopddibpbppifmogphpmil.crx <not found>
S2 MCSTRM; no ImagePath
S3 utc5mtm0; C:\WINDOWS\SysWOW64\Drivers\utc5mtm0.sys [7168 2015-04-28] () [File not signed]
Task: {A787F4B6-8A17-44FB-BB2F-69C66C1247F7} - System32\Tasks\{BC808C2C-9C33-4ED2-905B-2D1AD4F66EFF} => pcalua.exe -a D:\AutoRun.exe -d D:\ -c autoLaunch
Task: {BF8ECFDE-D9E7-48D5-ABED-A39BA82F5A85} - System32\Tasks\{AAFEC2CF-CBF4-4B5A-948F-14527794AE28} => pcalua.exe -a D:\setup.exe -d D:\
Task: {F6369E8A-8A22-477D-9CCB-19257F67DE44} - \UpdaterEX -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\AMYMAR~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp: 
 
 
 
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key not found. 
"C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3873701136-3596577701-2754614134-1002\User" => not found.
"C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3873701136-3596577701-2754614134-1001\User" => not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} => key not found. 
HKCR\Wow6432Node\CLSID\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} => key not found. 
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\SOFTWARE\Google\Chrome\Extensions\kbemlhjodpfopddibpbppifmogphpmil => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kbemlhjodpfopddibpbppifmogphpmil => key not found. 
MCSTRM => service not found.
utc5mtm0 => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A787F4B6-8A17-44FB-BB2F-69C66C1247F7} => key not found. 
C:\WINDOWS\System32\Tasks\{BC808C2C-9C33-4ED2-905B-2D1AD4F66EFF} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC808C2C-9C33-4ED2-905B-2D1AD4F66EFF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF8ECFDE-D9E7-48D5-ABED-A39BA82F5A85} => key not found. 
C:\WINDOWS\System32\Tasks\{AAFEC2CF-CBF4-4B5A-948F-14527794AE28} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AAFEC2CF-CBF4-4B5A-948F-14527794AE28} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6369E8A-8A22-477D-9CCB-19257F67DE44} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => key not found. 
C:\WINDOWS\Tasks\UpdaterEX.job => not found.
EmptyTemp: => 5.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:12:24 ====

  • 0

#35
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Amy Martin (administrator) on MARTIN (08-01-2016 15:42:20)
Running from C:\Users\Amy Martin\Desktop
Loaded Profiles: Amy Martin (Available Profiles: Amy Martin & Kyle Martin)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\plugin-nm-server.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-09] (Realtek Semiconductor)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2794496 2013-05-07] (Alcatel-Lucent)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-03-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [Amazon Music] => C:\Users\Amy Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-26]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{471B1E49-8781-454C-9B0C-7381E1842C4F}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-12-10] (Yahoo! Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2015-04-29] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-12-10] (Yahoo! Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1430102806425
 
FireFox:
========
FF ProfilePath: C:\Users\Amy Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rh0usd3d.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-01-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-05-07] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-26] (RealPlayer Cloud)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-07-12] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3873701136-3596577701-2754614134-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Amy Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-06-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-04-29]
CHR Extension: (Motive Extension) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-12-05]
CHR Extension: (Block site) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Do Not Disturb!) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-11-15]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342528 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-26] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-19] (Sony Corporation) [File not signed]
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-12-02] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [428008 2012-12-28] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2015-04-29] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2015-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2015-04-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2015-04-30] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-04-29] (Kaspersky Lab ZAO)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2015-12-13] () [File not signed]
R3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-08 15:42 - 2016-01-08 15:42 - 00030814 _____ C:\Users\Amy Martin\Desktop\FRST.txt
2016-01-08 15:30 - 2016-01-08 15:31 - 00000000 ____D C:\Users\Amy Martin\Desktop\Computer Repair
2016-01-08 15:08 - 2016-01-08 15:12 - 00005151 _____ C:\Users\Amy Martin\Desktop\Fixlog.txt
2016-01-08 12:43 - 2016-01-08 15:42 - 00000000 ____D C:\FRST
2016-01-08 10:34 - 2016-01-08 10:34 - 02370560 _____ (Farbar) C:\Users\Amy Martin\Desktop\FRST64.exe
2016-01-08 08:35 - 2016-01-08 08:35 - 00015113 _____ C:\VEW4.txt
2016-01-08 08:34 - 2016-01-08 08:34 - 00008924 _____ C:\VEW3.txt
2016-01-08 06:42 - 2016-01-08 06:42 - 00000000 ____D C:\Users\Amy Martin\Downloads\wsearch
2016-01-08 06:40 - 2016-01-08 06:40 - 00000925 _____ C:\Users\Amy Martin\Downloads\wsearch.zip
2016-01-07 20:42 - 2016-01-07 20:42 - 02660496 _____ (Sysinternals - www.sysinternals.com) C:\Users\Amy Martin\Desktop\procexp.exe
2016-01-07 20:30 - 2016-01-07 20:30 - 00061440 _____ ( ) C:\Users\Amy Martin\Downloads\VEW (1).exe
2016-01-07 20:27 - 2016-01-07 20:27 - 00000000 _____ C:\Users\Amy Martin\Documents\VEW1.txt
2016-01-07 14:13 - 2016-01-07 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-01-07 14:13 - 2016-01-07 14:13 - 00000000 ____D C:\Program Files\Speccy
2016-01-07 14:09 - 2016-01-07 14:09 - 00165788 _____ C:\Users\Amy Martin\Documents\MartinCompCert.pdf
2016-01-07 10:50 - 2016-01-08 08:35 - 00015113 _____ C:\VEW.txt
2016-01-07 10:43 - 2016-01-07 10:43 - 00061440 _____ ( ) C:\Users\Amy Martin\Downloads\VEW.exe
2016-01-07 07:33 - 2016-01-07 14:10 - 00386186 _____ C:\Users\Amy Martin\Documents\Presentation2.pptx
2016-01-02 11:27 - 2016-01-05 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-27 12:30 - 2015-12-27 12:30 - 00092393 _____ C:\Users\Amy Martin\Documents\movieticket3.pdf
2015-12-27 12:29 - 2015-12-27 12:29 - 00092396 _____ C:\Users\Amy Martin\Documents\movieticket2.pdf
2015-12-27 12:27 - 2015-12-27 12:27 - 00092396 _____ C:\Users\Amy Martin\Documents\movieticket1.pdf
2015-12-27 12:19 - 2015-12-27 12:20 - 00092396 _____ C:\Users\Amy Martin\Downloads\e2bac473d033443ba1acade4e2de7d1df89584dc.pdf
2015-12-27 09:05 - 2015-12-27 09:05 - 00092396 _____ C:\Users\Amy Martin\Downloads\c1508ff6f6064790435b0b6bc5cd0d5f52edf1a2.pdf
2015-12-27 08:57 - 2015-12-27 08:57 - 00092393 _____ C:\Users\Amy Martin\Downloads\6bcebaccd4004a9a6846a79d365ce0edb1272d31.pdf
2015-12-15 12:14 - 2015-12-15 12:31 - 00000000 ____D C:\Users\Amy Martin\Documents\Wondershare PDF Converter
2015-12-15 12:14 - 2015-12-15 12:14 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\Wondershare
2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\Users\Amy Martin\AppData\Roaming\Wondershare
2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\Program Files (x86)\Wondershare
2015-12-15 12:11 - 2015-12-15 12:12 - 12537456 _____ (Wondershare Software ) C:\Users\Amy Martin\Downloads\pdf-converter_full755.exe
2015-12-15 12:05 - 2015-12-15 12:05 - 00207422 _____ C:\Users\Amy Martin\Documents\002.pdf
2015-12-15 07:49 - 2015-12-15 07:49 - 00152037 _____ C:\Users\Amy Martin\Documents\Settlement Agreement - MartinSigned (2)Martin.pdf
2015-12-13 14:01 - 2015-12-13 14:01 - 00000000 ____D C:\Users\Amy Martin\Naturalsoft
2015-12-13 13:42 - 2016-01-05 17:47 - 00000000 ____D C:\Program Files (x86)\Naturalsoft
2015-12-13 13:40 - 2015-12-13 13:57 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\Downloaded Installations
2015-12-13 13:36 - 2015-12-13 13:39 - 32430256 _____ (Naturalsoft ) C:\Users\Amy Martin\Downloads\standardsetup.exe
2015-12-13 13:35 - 2015-12-13 13:42 - 00000000 ____D C:\Program Files (x86)\ AV Vcs 7.0
2015-12-13 13:35 - 2015-12-13 13:35 - 00000000 ____D C:\Users\Amy Martin\AppData\Roaming\Avnex
2015-12-13 13:35 - 2008-12-26 12:56 - 00021504 _____ (Avnex) C:\WINDOWS\system32\Drivers\vcsvad.sys
2015-12-13 13:28 - 2015-12-13 13:29 - 16953072 _____ C:\Users\Amy Martin\Downloads\vcs_aff.exe
2015-12-09 12:38 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 12:37 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 12:37 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 12:37 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-09 12:37 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-09 12:37 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 12:37 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-09 12:37 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 12:37 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-09 12:37 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 12:37 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 12:37 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-09 12:37 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 12:37 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-09 12:37 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-09 12:37 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-09 12:37 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-09 12:37 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-09 12:37 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-09 12:37 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-09 12:37 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-09 12:37 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-09 12:37 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 12:37 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 12:37 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 12:37 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 12:37 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-09 12:37 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-09 12:37 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-09 12:37 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-09 12:37 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-09 12:37 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-09 12:37 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-09 12:37 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-09 12:37 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 12:37 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-09 12:37 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-09 12:37 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-09 12:37 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-09 12:37 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-09 12:34 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-09 12:34 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 12:34 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-09 12:34 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-09 12:34 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-09 12:34 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-09 12:34 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 12:34 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-09 12:34 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-09 12:34 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 12:34 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 12:34 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 12:34 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 12:34 - 2015-10-22 10:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 12:34 - 2015-10-22 10:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-09 12:34 - 2015-10-22 09:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 12:34 - 2015-10-22 09:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-09 12:34 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 12:34 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 12:34 - 2015-10-10 11:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-09 12:33 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 12:33 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 12:33 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-09 12:33 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-09 12:33 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 12:33 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-09 12:33 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 12:33 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 12:33 - 2015-10-03 13:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-09 12:33 - 2015-10-03 13:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-09 12:32 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-09 12:32 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-09 12:32 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-09 12:32 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-09 12:32 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-09 12:32 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-09 12:32 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-09 12:32 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-09 12:32 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-09 12:32 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-09 12:32 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-09 12:32 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-09 12:32 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-09 12:32 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 12:32 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 12:32 - 2015-10-11 00:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 12:32 - 2015-10-11 00:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-09 12:32 - 2015-10-11 00:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-09 12:32 - 2015-10-11 00:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-09 12:32 - 2015-10-11 00:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-09 12:32 - 2015-10-10 12:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-09 12:32 - 2015-10-10 12:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-09 12:32 - 2015-10-10 12:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-12-09 12:32 - 2015-10-08 10:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-09 12:32 - 2015-10-08 09:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-09 12:32 - 2015-10-05 12:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-09 12:32 - 2015-10-05 12:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-08 15:42 - 2013-03-14 07:50 - 00000000 ____D C:\Users\Amy Martin\Documents\Outlook Files
2016-01-08 15:31 - 2014-02-04 12:06 - 00000000 ___DO C:\Users\Amy Martin\SkyDrive
2016-01-08 15:30 - 2013-01-10 08:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-08 15:27 - 2013-07-09 06:17 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-08 15:26 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-08 15:25 - 2013-08-22 07:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2016-01-08 15:19 - 2013-07-09 08:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-08 15:10 - 2013-07-30 12:01 - 00000000 ____D C:\Users\Amy Martin\AppData\LocalLow\Temp
2016-01-08 14:47 - 2013-07-09 06:17 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-08 13:24 - 2014-02-10 20:05 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{93B328E4-267A-466D-B965-502F6F018D4E}
2016-01-08 12:47 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2016-01-08 07:51 - 2014-02-04 11:38 - 00000000 ____D C:\Users\Amy Martin
2016-01-08 07:47 - 2014-02-04 11:38 - 00000000 ____D C:\Users\Kyle Martin
2016-01-08 02:33 - 2013-03-13 17:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3873701136-3596577701-2754614134-1001
2016-01-07 12:53 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 10:46 - 2013-03-13 17:32 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\VirtualStore
2016-01-05 18:10 - 2015-10-14 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 18:10 - 2013-08-22 08:44 - 00501768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-02 04:13 - 2015-04-05 10:59 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-01-02 04:13 - 2015-04-05 10:59 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-01-01 15:19 - 2013-07-09 08:41 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-01 14:59 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-01-01 14:59 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-01 14:59 - 2013-05-13 16:07 - 00000000 ____D C:\ProgramData\Atheros
2016-01-01 14:59 - 2013-03-22 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-01 14:55 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-01 14:41 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\registration
2016-01-01 14:38 - 2013-11-16 06:42 - 00000000 ____D C:\ProgramData\Real
2016-01-01 14:37 - 2013-03-14 07:09 - 00000000 __RHD C:\MSOCache
2016-01-01 14:29 - 2013-03-15 06:11 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\ElevatedDiagnostics
2015-12-27 06:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-26 02:48 - 2015-11-12 06:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 02:48 - 2015-11-12 06:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 17:50 - 2013-07-09 06:20 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-12 20:11 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-12 13:18 - 2013-03-22 14:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-12 13:18 - 2013-03-22 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 08:14 - 2013-08-07 12:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 07:54 - 2013-03-14 12:42 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 13:03 - 2013-03-14 07:09 - 00000000 ____D C:\ProgramData\Microsoft Help
 
==================== Files in the root of some directories =======
 
2014-02-10 20:03 - 2014-06-21 10:32 - 0000004 _____ () C:\Users\Amy Martin\AppData\Roaming\96DA4A
2014-02-10 20:03 - 2014-06-21 10:32 - 0870128 _____ () C:\Users\Amy Martin\AppData\Roaming\mcs.rma
2013-03-19 05:31 - 2013-03-27 14:33 - 0000154 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.Desktop.Exception.log
2013-03-19 05:30 - 2013-03-19 05:30 - 0001111 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-03-19 05:31 - 2013-03-27 14:33 - 0000154 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-10-07 06:28 - 2014-10-07 06:28 - 0000043 _____ () C:\Users\Amy Martin\AppData\Roaming\WB.CFG
2013-05-25 19:56 - 2013-05-25 19:56 - 0007599 _____ () C:\Users\Amy Martin\AppData\Local\Resmon.ResmonCfg
2015-04-12 06:32 - 2015-04-12 06:32 - 0000000 _____ () C:\Users\Amy Martin\AppData\Local\{9D6F7AC6-46F6-4C53-B19A-7F572BCC7F87}
2013-12-01 08:40 - 2013-12-01 08:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-15 06:13 - 2013-04-01 17:02 - 0002082 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-08 08:50
 
==================== End of FRST.txt ============================

  • 0

#36
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Amy Martin (2016-01-08 15:43:22)
Running from C:\Users\Amy Martin\Desktop
Windows 8.1 (X64) (2014-02-04 18:02:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3873701136-3596577701-2754614134-500 - Administrator - Disabled)
Amy Martin (S-1-5-21-3873701136-3596577701-2754614134-1001 - Administrator - Enabled) => C:\Users\Amy Martin
Guest (S-1-5-21-3873701136-3596577701-2754614134-501 - Limited - Disabled)
Kyle Martin (S-1-5-21-3873701136-3596577701-2754614134-1002 - Limited - Enabled) => C:\Users\Kyle Martin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Troubleshoot & Resolve Tool (HKLM-x32\...\ATT-SST) (Version:  - )
ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT)
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
att.net Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - att.net)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
Elf Bowling 7 The Last Insult (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113849380}) (Version:  - Oberon Media)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Objection Series 3.4 (HKLM-x32\...\{DBE07A91-5BEF-4CB9-B7D1-A57961E65CE7}) (Version: 3.4.0 - TransMedia)
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Reader for PC (HKLM-x32\...\{25340F94-F74E-4CCF-ABDF-ECBCF03911BE}) (Version: 2.0.00.07121 - Sony Corporation)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28146 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Sharepod 4.0.3.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.3.11280 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Hardware Diagnostics Plugin for VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation)
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.2.00.07040 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.2.00.07040 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VCCMMx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCMMx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (07/15/2013 10.0.0.260) (HKLM\...\FF9ECD00DD25FDB7D3208607214790302878ACBE) (Version: 07/15/2013 10.0.0.260 - Qualcomm Atheros Communications Inc.)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - att.net)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1E1B7CFE-B198-4324-9CCE-BA72862C6A19} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3873701136-3596577701-2754614134-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {2C49786A-37A0-4C7E-BFD4-8813D5E3E245} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {2EAE0E57-8A9B-415D-81D0-A06CB6868ED3} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {3CBA4B05-A759-49C8-A4D6-DB7A899A9F63} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {48C0D2DD-031A-4910-A4CA-7AECA2687F4B} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {593EABAA-AF28-4262-9EFC-B60740828613} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-07] (Sony Corporation)
Task: {69527C9F-9E54-4F80-9E1F-067D2F55BA19} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {7080228C-0426-4FC0-8B2A-C049FFC1AEB6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {7D5AA6FB-0CC4-4173-BA09-1D67A2E283E1} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {86CF5725-3D7C-4D8E-B1BE-6DA8D73617D6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3873701136-3596577701-2754614134-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {8A688394-4AB6-4AE9-B63B-1E077B8F87F6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {93B447B7-7F37-4801-B340-A8B5A58D088B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {9C23FE17-B912-4190-8F2E-213689844564} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {9ED294BD-07EB-42D1-91A1-CBEA04FE3B57} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-11-28] (Sony Corporation)
Task: {A0CF5243-7E55-48A5-9F8A-8BDF13A914A9} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {A79253CE-AB63-4568-B4D2-076B3A24B082} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {CA55E6FE-0B64-49C9-AB4F-770093A8FBDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {D2B93E8C-6DF5-4845-BBC3-6B7765144F82} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {D8E07147-9B4B-4F0B-8CFA-05830E506F6F} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {E0D90E6A-D6EA-4375-B2FB-F96537A28232} - System32\Tasks\Sony Corporation\VAIO Care\UpdateConfig => C:\ProgramData\Sony Corporation\VCM Data\UpdateConfig.exe [2015-03-03] (Sony Corporation)
Task: {E171BA50-E36B-42BF-A2F5-6289006372F8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3873701136-3596577701-2754614134-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E4107877-4046-4D1B-A5D6-B354A77C130D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EC18943C-993B-4998-AA02-B658D15062BA} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {ED73927A-C1D9-40EB-81DD-6A1F78BD8D19} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)
Task: {EFA4E260-1E57-44BA-93C3-3233611EC698} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-01] (Adobe Systems Incorporated)
Task: {F097A5CB-21DD-428F-99F8-CE8D75D7DDE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-28 11:07 - 2012-12-28 11:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 11:04 - 2012-12-28 11:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 11:09 - 2012-12-28 11:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-11-26 07:33 - 2014-11-26 07:33 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-10 02:05 - 2010-01-10 02:05 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 19:37 - 2010-01-10 19:37 - 00058208 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
2015-12-16 17:50 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 17:50 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2013-01-10 07:47 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:A518B662
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy Martin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\saint.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\Run: => "ATT-SST_McciTrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "HP Photosmart 7520 series (NET)"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\StartupApproved\Run: => "Amazon Music"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E4C144B4-9D8E-422C-A68B-D482598DE7CD}] => (Allow) LPort=4482
FirewallRules: [{FD752D6B-9C69-4E9E-A026-4DC907A67CA2}] => (Allow) LPort=4482
FirewallRules: [{D62373A9-8940-471C-AB82-CC8254F8612B}] => (Allow) LPort=4481
FirewallRules: [{2EC4DDC1-48E7-4FCC-9A10-7DA306955FDD}] => (Allow) LPort=4481
FirewallRules: [{23104C1D-BFE0-464B-9AEF-995DBF82380B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{9E4DD449-3AB6-4318-A16C-FE0B6D4771A2}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{490BB81F-DDAE-40ED-91A2-6FB802F97649}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{667ED34F-14BD-4921-8D39-C929C46A0A34}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{127BA26E-0B3D-4149-8ABD-EB84F99DA90A}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{92C42162-F0EF-4825-A3FE-7C4C2FDD3C7B}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{D6DCCE41-9292-436F-90CB-90E7BA6BE06E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8985E73D-7096-41FB-B9CE-A5B9DA233CB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C9398973-01ED-4B02-90A0-5CDE93D0E509}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{956364F8-5BB5-4C3C-A950-65322225F711}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5373F3BF-4628-49A4-9E32-72FDC7C0AFDE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA3F3368-BF29-4E87-977F-B0DE08A06F6F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{D7919E6E-65BF-404A-95C7-6215CB2E81CD}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7B60E97B-29A0-4B37-BD9B-80E3879C3B9B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C05AAB70-F3BB-4A98-BDFB-9712DFA9939F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{217BA72F-0E43-4DA4-9DBF-168297A70A47}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BF8D2358-1522-4CE6-A1C6-CC889EDD37CD}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B272FAE9-4E56-4312-9A4A-9005880B6FC8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{0FB98EFF-0311-4E01-A1D2-56250808EF17}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EA6ED418-99BC-49DF-AF10-D6C090B823B0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D9D579AB-BFA8-48D9-BAA6-98D5B14F98AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{CA58340C-D31B-4E81-B979-4B28172453BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4FAEB51A-539F-486A-BD30-EED4AA762556}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19CC285D-62AA-4563-A835-CC012195FC14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2C5C622-0BBB-4D19-852E-4556C47BE839}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83D86F50-2581-44CA-9883-E09DCEC43120}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0D8CEEFB-13F2-4B61-8523-EE5B00037CA1}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{0E468289-2666-43EB-A953-FB76B11D08F0}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
 
==================== Restore Points =========================
 
30-12-2015 05:18:11 Windows Update
01-01-2016 14:31:37 Restore Operation
05-01-2016 05:27:55 Windows Update
08-01-2016 08:50:45 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR3012 Bluetooth® Adapter
Description: Qualcomm Atheros AR3012 Bluetooth® Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2016 03:28:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARTIN)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!windowsphone.App failed with error: -2144927145 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/08/2016 03:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 3.3.14.2, time stamp: 0x568ea58d
Faulting module name: FRST64.exe, version: 3.3.14.2, time stamp: 0x568ea58d
Exception code: 0xc0000005
Fault offset: 0x0000000000026519
Faulting process id: 0x1578
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5
 
 
System errors:
=============
Error: (01/08/2016 03:28:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ATT MAHostService service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (01/08/2016 03:28:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ATT MAHostService service terminated with the following error: 
%%4294967295
 
Error: (01/08/2016 03:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ATT MAHostService service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/08/2016 03:28:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ATT MAHostService service terminated with the following error: 
%%4294967295
 
Error: (01/08/2016 03:27:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ATT MAHostService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/08/2016 03:27:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vcs service failed to start due to the following error: 
%%577
 
Error: (01/08/2016 03:26:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ATT MAHostService service terminated with the following error: 
%%4294967295
 
 
CodeIntegrity:
===================================
  Date: 2016-01-08 15:27:50.686
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-08 07:54:38.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-08 07:17:46.677
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 20:03:58.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 18:53:04.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 13:13:35.470
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-07 10:37:47.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-06 08:15:18.755
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-06 07:05:15.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 18:11:15.619
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3975.27 MB
Available physical RAM: 2083.84 MB
Total Virtual: 5767.27 MB
Available Virtual: 3561.1 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.74 GB) (Free:362.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 792C621F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#37
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have ATT internet service, but I have never used the management tools.  I log in directly to the website if I do anything.  As for that audio stuff, I have no clue what it is and don't use it.  I do not use the bluetooth either.  
 
 

  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Looks like three anti-virus companies think ithe file was bad so I don't feel bad about killing it off.

 

Uninstall

 

Qualcomm Atheros Bluetooth Suite 

 

ATT Management Agent 

 

I'm going to let FRST remove the AVNEX stuff along with any remnants of the Qualcomm & ATT stuff.

 

First clear the alarms again:

 

In the search box or in a CMD prompt type:

 

eventvwr.msc 

 

This should open the Event Viewer.  Click on Windows Logs,  then right click on Applications and Clear Log. Clear.  Right click on System and Clear Log, Clear.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that. 
 
I don't think FRST needs to reboot this time but do so anyway.
 
 Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 

Run VEW again for Applications (The system errors get picked up by FRST)

 

Is it any faster booting?

 

 


  • 0

#39
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Help!! That qual Bluetooth suite had my wireless access device in it. Tried to restore but it says all my restoral points are corrupt.
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Are you able to connect with an Ethernet cable?  This is supposed to be the driver for your network card

 

https://www.atheros....set=61&system=7


  • 0

Advertisements


#41
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

No, it tells me there are NO connections available.  When I look in the network/internet settings, it's all gone.


  • 0

#42
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

How can I download the drivers from a working computer to a flash drive and then install them on my computer?


  • 0

#43
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

nevermind...I was able to restore it.  THANK GOODNESS!!


  • 0

#44
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
This was the log before it restarted and wouldn't let me connect to the internet.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Amy Martin (2016-01-08 17:11:51) Run:3
Running from C:\Users\Amy Martin\Desktop
Loaded Profiles: Amy Martin (Available Profiles: Amy Martin & Kyle Martin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2794496 2013-05-07] (Alcatel-Lucent)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [File not signed]
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-12-02] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [428008 2012-12-28] (Qualcomm Atheros)
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2015-12-13] () [File not signed]
R3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
2015-12-13 13:35 - 2015-12-13 13:42 - 00000000 ____D C:\Program Files (x86)\ AV Vcs 7.0
2015-12-13 13:35 - 2015-12-13 13:35 - 00000000 ____D C:\Users\Amy Martin\AppData\Roaming\Avnex
2015-12-13 13:35 - 2008-12-26 12:56 - 00021504 _____ (Avnex) C:\WINDOWS\system32\Drivers\vcsvad.sys
2015-12-13 13:28 - 2015-12-13 13:29 - 16953072 _____ C:\Users\Amy Martin\Downloads\vcs_aff.exe
c:\Program Files (x86)\Common Files\Avnex
C:\Program Files (x86)\Bluetooth Suite
C:\Program Files (x86)\ AV Vcs 7.0
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ATT-SST_McciTrayApp => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\BtvStack => value not found.
AtherosSvc => service not found.
ATT MAHostService => service not found.
ZAtheros Bt and Wlan Coex Agent => service not found.
athr => Unable to stop service.
athr => service removed successfully
BTATH_LWFLT => service removed successfully
BTATH_VDP => service removed successfully
vcs => service removed successfully
VCSVADHWSer => Unable to stop service.
VCSVADHWSer => service removed successfully
C:\Program Files (x86)\ AV Vcs 7.0 => moved successfully
C:\Users\Amy Martin\AppData\Roaming\Avnex => moved successfully
C:\WINDOWS\system32\Drivers\vcsvad.sys => moved successfully
C:\Users\Amy Martin\Downloads\vcs_aff.exe => moved successfully
c:\Program Files (x86)\Common Files\Avnex => moved successfully
C:\Program Files (x86)\Bluetooth Suite => moved successfully
"C:\Program Files (x86)\ AV Vcs 7.0" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:12:02 ====

  • 0

#45
A1RotNBrat

A1RotNBrat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

These are the two I just ran.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Amy Martin (administrator) on MARTIN (08-01-2016 19:18:17)
Running from C:\Users\Amy Martin\Desktop
Loaded Profiles: Amy Martin (Available Profiles: Amy Martin & Kyle Martin)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\plugin-nm-server.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-09] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-03-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\...\Run: [Amazon Music] => C:\Users\Amy Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-26]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{471B1E49-8781-454C-9B0C-7381E1842C4F}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-3873701136-3596577701-2754614134-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-3873701136-3596577701-2754614134-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-12-10] (Yahoo! Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2015-04-29] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2015-04-29] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2014-12-10] (Yahoo! Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1430102806425
 
FireFox:
========
FF ProfilePath: C:\Users\Amy Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rh0usd3d.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-01-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-05-07] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-26] (RealPlayer Cloud)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-07-12] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3873701136-3596577701-2754614134-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Amy Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-06-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-04-29] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-04-29]
CHR Extension: (Motive Extension) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-12-05]
CHR Extension: (Block site) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Do Not Disturb!) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Amy Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-11-15]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342528 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-26] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-19] (Sony Corporation) [File not signed]
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2015-04-29] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2015-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2015-04-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2015-04-30] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-04-29] (Kaspersky Lab ZAO)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-08 19:18 - 2016-01-08 19:18 - 00029381 _____ C:\Users\Amy Martin\Desktop\FRST.txt
2016-01-08 19:17 - 2016-01-08 19:17 - 00001681 _____ C:\Users\Amy Martin\Downloads\fixlist (1).txt
2016-01-08 16:57 - 2016-01-08 16:57 - 00003212 _____ C:\WINDOWS\System32\Tasks\IHUninstallTrackingTASK
2016-01-08 16:54 - 2016-01-08 16:54 - 00001681 _____ C:\Users\Amy Martin\Desktop\fixlist.txt
2016-01-08 15:30 - 2016-01-08 19:17 - 00000000 ____D C:\Users\Amy Martin\Desktop\Computer Repair
2016-01-08 12:43 - 2016-01-08 19:18 - 00000000 ____D C:\FRST
2016-01-08 10:34 - 2016-01-08 10:34 - 02370560 _____ (Farbar) C:\Users\Amy Martin\Desktop\FRST64.exe
2016-01-08 08:35 - 2016-01-08 08:35 - 00015113 _____ C:\VEW4.txt
2016-01-08 08:34 - 2016-01-08 08:34 - 00008924 _____ C:\VEW3.txt
2016-01-08 06:42 - 2016-01-08 06:42 - 00000000 ____D C:\Users\Amy Martin\Downloads\wsearch
2016-01-08 06:40 - 2016-01-08 06:40 - 00000925 _____ C:\Users\Amy Martin\Downloads\wsearch.zip
2016-01-07 20:42 - 2016-01-07 20:42 - 02660496 _____ (Sysinternals - www.sysinternals.com) C:\Users\Amy Martin\Desktop\procexp.exe
2016-01-07 20:30 - 2016-01-07 20:30 - 00061440 _____ ( ) C:\Users\Amy Martin\Downloads\VEW (1).exe
2016-01-07 20:27 - 2016-01-07 20:27 - 00000000 _____ C:\Users\Amy Martin\Documents\VEW1.txt
2016-01-07 14:13 - 2016-01-07 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-01-07 14:13 - 2016-01-07 14:13 - 00000000 ____D C:\Program Files\Speccy
2016-01-07 14:09 - 2016-01-07 14:09 - 00165788 _____ C:\Users\Amy Martin\Documents\MartinCompCert.pdf
2016-01-07 10:50 - 2016-01-08 08:35 - 00015113 _____ C:\VEW.txt
2016-01-07 10:43 - 2016-01-07 10:43 - 00061440 _____ ( ) C:\Users\Amy Martin\Downloads\VEW.exe
2016-01-07 07:33 - 2016-01-07 14:10 - 00386186 _____ C:\Users\Amy Martin\Documents\Presentation2.pptx
2016-01-02 11:27 - 2016-01-05 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-27 12:30 - 2015-12-27 12:30 - 00092393 _____ C:\Users\Amy Martin\Documents\movieticket3.pdf
2015-12-27 12:29 - 2015-12-27 12:29 - 00092396 _____ C:\Users\Amy Martin\Documents\movieticket2.pdf
2015-12-27 12:27 - 2015-12-27 12:27 - 00092396 _____ C:\Users\Amy Martin\Documents\movieticket1.pdf
2015-12-27 12:19 - 2015-12-27 12:20 - 00092396 _____ C:\Users\Amy Martin\Downloads\e2bac473d033443ba1acade4e2de7d1df89584dc.pdf
2015-12-27 09:05 - 2015-12-27 09:05 - 00092396 _____ C:\Users\Amy Martin\Downloads\c1508ff6f6064790435b0b6bc5cd0d5f52edf1a2.pdf
2015-12-27 08:57 - 2015-12-27 08:57 - 00092393 _____ C:\Users\Amy Martin\Downloads\6bcebaccd4004a9a6846a79d365ce0edb1272d31.pdf
2015-12-15 12:14 - 2015-12-15 12:31 - 00000000 ____D C:\Users\Amy Martin\Documents\Wondershare PDF Converter
2015-12-15 12:14 - 2015-12-15 12:14 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\Wondershare
2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\Users\Amy Martin\AppData\Roaming\Wondershare
2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-12-15 12:13 - 2016-01-01 14:59 - 00000000 ____D C:\Program Files (x86)\Wondershare
2015-12-15 12:11 - 2015-12-15 12:12 - 12537456 _____ (Wondershare Software ) C:\Users\Amy Martin\Downloads\pdf-converter_full755.exe
2015-12-15 12:05 - 2015-12-15 12:05 - 00207422 _____ C:\Users\Amy Martin\Documents\002.pdf
2015-12-15 07:49 - 2015-12-15 07:49 - 00152037 _____ C:\Users\Amy Martin\Documents\Settlement Agreement - MartinSigned (2)Martin.pdf
2015-12-13 14:01 - 2015-12-13 14:01 - 00000000 ____D C:\Users\Amy Martin\Naturalsoft
2015-12-13 13:42 - 2016-01-05 17:47 - 00000000 ____D C:\Program Files (x86)\Naturalsoft
2015-12-13 13:40 - 2015-12-13 13:57 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\Downloaded Installations
2015-12-13 13:36 - 2015-12-13 13:39 - 32430256 _____ (Naturalsoft ) C:\Users\Amy Martin\Downloads\standardsetup.exe
2015-12-09 12:38 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 12:37 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 12:37 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 12:37 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-09 12:37 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-09 12:37 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 12:37 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-09 12:37 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 12:37 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-09 12:37 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 12:37 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 12:37 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-09 12:37 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 12:37 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-09 12:37 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-09 12:37 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-09 12:37 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-09 12:37 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-09 12:37 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-09 12:37 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-09 12:37 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-09 12:37 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-09 12:37 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 12:37 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 12:37 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 12:37 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 12:37 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-09 12:37 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-09 12:37 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-09 12:37 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-09 12:37 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-09 12:37 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-09 12:37 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-09 12:37 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-09 12:37 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 12:37 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-09 12:37 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-09 12:37 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-09 12:37 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-09 12:37 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-09 12:34 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-09 12:34 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 12:34 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-09 12:34 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-09 12:34 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-09 12:34 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-09 12:34 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 12:34 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-09 12:34 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-09 12:34 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 12:34 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 12:34 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 12:34 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 12:34 - 2015-10-22 11:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 12:34 - 2015-10-22 10:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 12:34 - 2015-10-22 10:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 12:34 - 2015-10-22 10:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-09 12:34 - 2015-10-22 09:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 12:34 - 2015-10-22 09:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-09 12:34 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 12:34 - 2015-10-22 08:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 12:34 - 2015-10-10 11:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-09 12:33 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 12:33 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 12:33 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-09 12:33 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-09 12:33 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 12:33 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-09 12:33 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 12:33 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 12:33 - 2015-10-03 13:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-09 12:33 - 2015-10-03 13:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-09 12:32 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-09 12:32 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-09 12:32 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-09 12:32 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-09 12:32 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-09 12:32 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-09 12:32 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-09 12:32 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-09 12:32 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-09 12:32 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-09 12:32 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-09 12:32 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-09 12:32 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-09 12:32 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 12:32 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 12:32 - 2015-10-11 00:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 12:32 - 2015-10-11 00:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-09 12:32 - 2015-10-11 00:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-09 12:32 - 2015-10-11 00:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-09 12:32 - 2015-10-11 00:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-09 12:32 - 2015-10-10 12:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-09 12:32 - 2015-10-10 12:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-09 12:32 - 2015-10-10 12:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-12-09 12:32 - 2015-10-08 10:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-09 12:32 - 2015-10-08 09:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-09 12:32 - 2015-10-05 12:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-09 12:32 - 2015-10-05 12:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-08 19:19 - 2013-07-09 08:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-08 19:17 - 2013-01-10 08:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-08 19:12 - 2013-03-14 07:50 - 00000000 ____D C:\Users\Amy Martin\Documents\Outlook Files
2016-01-08 19:01 - 2014-02-04 12:06 - 00000000 __RDO C:\Users\Amy Martin\SkyDrive
2016-01-08 19:00 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-08 18:48 - 2013-07-09 06:17 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-08 17:32 - 2013-07-09 06:17 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-08 17:31 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-08 17:30 - 2013-08-22 07:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2016-01-08 17:16 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-08 16:59 - 2013-11-15 18:55 - 00000000 ____D C:\Program Files (x86)\ATT
2016-01-08 15:43 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2016-01-08 15:10 - 2013-07-30 12:01 - 00000000 ____D C:\Users\Amy Martin\AppData\LocalLow\Temp
2016-01-08 13:24 - 2014-02-10 20:05 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{93B328E4-267A-466D-B965-502F6F018D4E}
2016-01-08 07:51 - 2014-02-04 11:38 - 00000000 ____D C:\Users\Amy Martin
2016-01-08 07:47 - 2014-02-04 11:38 - 00000000 ____D C:\Users\Kyle Martin
2016-01-08 02:33 - 2013-03-13 17:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3873701136-3596577701-2754614134-1001
2016-01-07 12:53 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 10:46 - 2013-03-13 17:32 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\VirtualStore
2016-01-05 18:10 - 2015-10-14 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 18:10 - 2013-08-22 08:44 - 00501768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-02 04:13 - 2015-04-05 10:59 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-01-02 04:13 - 2015-04-05 10:59 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-01-01 15:19 - 2013-07-09 08:41 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-01 14:59 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-01-01 14:59 - 2013-03-22 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-01 14:55 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-01 14:41 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\registration
2016-01-01 14:38 - 2013-11-16 06:42 - 00000000 ____D C:\ProgramData\Real
2016-01-01 14:37 - 2013-03-14 07:09 - 00000000 __RHD C:\MSOCache
2016-01-01 14:29 - 2013-03-15 06:11 - 00000000 ____D C:\Users\Amy Martin\AppData\Local\ElevatedDiagnostics
2015-12-26 02:48 - 2015-11-12 06:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 02:48 - 2015-11-12 06:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 17:50 - 2013-07-09 06:20 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-12 20:11 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-12 13:18 - 2013-03-22 14:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-12 13:18 - 2013-03-22 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 08:14 - 2013-08-07 12:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 07:54 - 2013-03-14 12:42 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 13:03 - 2013-03-14 07:09 - 00000000 ____D C:\ProgramData\Microsoft Help
 
==================== Files in the root of some directories =======
 
2014-02-10 20:03 - 2014-06-21 10:32 - 0000004 _____ () C:\Users\Amy Martin\AppData\Roaming\96DA4A
2014-02-10 20:03 - 2014-06-21 10:32 - 0870128 _____ () C:\Users\Amy Martin\AppData\Roaming\mcs.rma
2013-03-19 05:31 - 2013-03-27 14:33 - 0000154 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.Desktop.Exception.log
2013-03-19 05:30 - 2013-03-19 05:30 - 0001111 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-03-19 05:31 - 2013-03-27 14:33 - 0000154 _____ () C:\Users\Amy Martin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-10-07 06:28 - 2014-10-07 06:28 - 0000043 _____ () C:\Users\Amy Martin\AppData\Roaming\WB.CFG
2013-05-25 19:56 - 2013-05-25 19:56 - 0007599 _____ () C:\Users\Amy Martin\AppData\Local\Resmon.ResmonCfg
2015-04-12 06:32 - 2015-04-12 06:32 - 0000000 _____ () C:\Users\Amy Martin\AppData\Local\{9D6F7AC6-46F6-4C53-B19A-7F572BCC7F87}
2013-12-01 08:40 - 2013-12-01 08:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-15 06:13 - 2013-04-01 17:02 - 0002082 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Amy Martin\AppData\Local\Temp\IHU3D5E.tmp.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-08 08:50
 
==================== End of FRST.txt ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP