Inactive-A I have read your instructions for problem help and have pasted the results below

queenofgoddess

queenofgoddess

Posts: 17   +0
hello

My computer says its missing the file "navcancl". I have run the test and here are the results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Chella (administrator) on CHELLA-PC (31-08-2015 02:14:28)
Running from C:\Users\Chella\Desktop
Loaded Profiles: Chella (Available Profiles: Chella)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Auslogics) C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
() C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\PhotoStudio 6\PhotoStudio.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM-x32\...\Run: [Adobe Photo Downloader] => "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-20] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6370EEBA-E731-4ABE-829F-96243374E25A}: [DhcpNameServer] 77.234.40.79
Tcpip\..\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EC5FE83B-381C-4988-95A6-C518BAAF125E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2430470121-453182706-2864623997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-20] (AVAST Software)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-20] (AVAST Software)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]

Chrome:
=======
CHR Profile: C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (Fish Matching) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllpaelopnfgfampngdhgolbpfdkpdem [2015-04-09]
CHR Extension: (YouTube) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-10]
CHR Extension: (QuickBooks) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2014-08-10]
CHR Extension: (Google Search) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
CHR Extension: (PartyCloud DJ Mixer) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2014-08-10]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2014-08-22]
CHR Extension: (Smartsheet HR) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\efliaclebbnefnippkalknpcbobooiaf [2014-08-10]
CHR Extension: (History Eraser) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2015-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]
CHR Extension: (Pin It Button) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-10]
CHR Extension: (Backlink Search Tool) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaipepmdljmnbenbclhfahgfjfcpmhk [2014-08-23]
CHR Extension: (PDF 2 Word) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikmbbhamagbiehojojnnnjblkighjmpa [2014-08-10]
CHR Extension: (Jobber - Employee engagement) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\inamdknlmcahjfoabbadlhaaoopfienf [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Click&Clean App) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-08-21]
CHR Extension: (Gmail) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
CHR HKU\S-1-5-21-2430470121-453182706-2864623997-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-04-20] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2014-10-02] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2014-10-02] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-20] (AVAST Software)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [187904 2014-07-06] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2014-07-06] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-12-27] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2014-08-09] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-21] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation) [File not signed]
R3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-12-27] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
S2 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] () [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
R2 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-02] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1177088 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-12-27] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-12-27] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
 
Second half of the results:


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-20] (AVAST Software)
U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [454016 2015-08-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-20] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-12-13] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-20] (AVAST Software)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2377216 2011-02-16] (Atheros Communications, Inc.) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-12-27] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation) [File not signed]
S3 e1yexpress; C:\Windows\System32\DRIVERS\e1y60x64.sys [281088 2009-06-10] (Intel Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5363200 2014-01-29] (Intel Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-12-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-12-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-12-27] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-20] (Microsoft Corporation) [File not signed]
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-08-02] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [12032 2010-04-26] (Sony Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-12-27] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-12-27] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-12-27] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2014-11-10] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-12-27] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-12-27] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 02:14 - 2015-08-31 02:15 - 00053487 _____ C:\Users\Chella\Desktop\FRST.txt
2015-08-31 02:14 - 2015-08-31 02:14 - 02188288 _____ (Farbar) C:\Users\Chella\Desktop\FRST64.exe
2015-08-31 02:14 - 2015-08-31 02:14 - 00000000 ____D C:\FRST
2015-08-31 02:08 - 2015-08-31 02:08 - 00001110 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2015-08-31 02:08 - 2015-08-31 02:08 - 00001110 _____ C:\ProgramData\Desktop\FileASSASSIN.lnk
2015-08-31 02:08 - 2015-08-31 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2015-08-31 02:08 - 2015-08-31 02:08 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2015-08-31 02:04 - 2015-08-31 02:04 - 00000157 _____ C:\Users\Chella\Downloads\fileassoc.htm
2015-08-31 01:51 - 2015-08-31 01:51 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016868_1.tmp
2015-08-31 01:50 - 2015-08-31 01:51 - 00002713 _____ C:\Users\Chella\Downloads\navcancl
2015-08-31 01:49 - 2015-08-31 01:49 - 00002054 _____ C:\Users\Public\Desktop\PhotoStudio 6.lnk
2015-08-31 01:49 - 2015-08-31 01:49 - 00002054 _____ C:\ProgramData\Desktop\PhotoStudio 6.lnk
2015-08-31 01:49 - 2015-08-31 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 6
2015-08-31 01:48 - 2015-08-31 01:48 - 37086536 _____ (ArcSoft ) C:\Users\Chella\Desktop\photostudio6_retail_tbyb_all (1).exe
2015-08-31 01:47 - 2015-08-31 01:47 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015312_1.tmp
2015-08-31 01:46 - 2015-08-31 01:47 - 37086536 _____ (ArcSoft ) C:\Users\Chella\Desktop\photostudio6_retail_tbyb_all.exe
2015-08-31 01:23 - 2015-08-20 14:45 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1FE4.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw20D3.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-31 01:23 - 2015-08-20 14:44 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\asw20F3.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2133.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2004.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2045.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw20A3.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2024.tmp
2015-08-31 01:23 - 2015-08-20 14:44 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1FB4.tmp
2015-08-29 17:52 - 2015-08-29 17:52 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019016_1.tmp
2015-08-29 16:07 - 2015-08-29 16:07 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017176_1.tmp
2015-08-29 15:51 - 2015-08-29 15:51 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016848_1.tmp
2015-08-29 15:18 - 2015-08-29 15:18 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016608_1.tmp
2015-08-29 12:39 - 2015-08-29 12:39 - 00000027 _____ C:\Users\Chella\Desktop\7e3804e0f50a101e.html
2015-08-29 00:40 - 2015-08-29 00:40 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018260_1.tmp
2015-08-29 00:14 - 2015-08-29 00:14 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016420_1.tmp
2015-08-29 00:14 - 2015-08-29 00:14 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016396_1.tmp
2015-08-29 00:13 - 2015-08-29 00:13 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017800_1.tmp
2015-08-29 00:09 - 2015-08-29 00:09 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018864_1.tmp
2015-08-28 23:43 - 2015-08-28 23:43 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013092_1.tmp
2015-08-28 23:30 - 2015-08-28 23:30 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016436_1.tmp
2015-08-28 23:30 - 2015-08-28 23:30 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015440_1.tmp
2015-08-28 04:00 - 2015-08-28 04:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017044_1.tmp
2015-08-28 03:21 - 2015-08-28 03:21 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019012_1.tmp
2015-08-28 03:04 - 2015-08-28 03:04 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090111160_1.tmp
2015-08-26 23:06 - 2015-08-26 23:06 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015396_1.tmp
2015-08-26 02:45 - 2015-08-26 02:45 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017736_1.tmp
2015-08-26 02:45 - 2015-08-26 02:45 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809011216_1.tmp
2015-08-25 23:10 - 2015-08-25 23:10 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016668_1.tmp
2015-08-25 23:05 - 2015-08-25 23:05 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017408_1.tmp
2015-08-24 03:41 - 2015-08-24 03:41 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017428_1.tmp
2015-08-24 03:31 - 2015-08-24 03:31 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017280_1.tmp
2015-08-24 03:07 - 2015-08-24 03:07 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015576_1.tmp
2015-08-24 03:05 - 2015-08-24 03:05 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016456_1.tmp
2015-08-23 18:54 - 2015-08-23 18:54 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090115036_1.tmp
2015-08-23 18:34 - 2015-08-23 18:34 - 00000787 _____ C:\Users\Chella\Desktop\Start Tor Browser.lnk
2015-08-23 18:33 - 2015-08-23 18:33 - 00000000 ____D C:\Users\Chella\Desktop\Tor Browser
2015-08-23 17:20 - 2015-08-23 17:20 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090115984_1.tmp
2015-08-23 03:53 - 2015-08-23 03:53 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090111044_2.tmp
2015-08-23 01:09 - 2015-08-23 01:09 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090114584_1.tmp
2015-08-22 14:03 - 2015-08-22 14:03 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090113260_1.tmp
2015-08-22 03:43 - 2015-08-22 03:43 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090116168_1.tmp
2015-08-22 03:36 - 2015-08-22 03:36 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090115876_1.tmp
2015-08-22 03:03 - 2015-08-22 03:03 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090111952_1.tmp
2015-08-21 11:54 - 2015-08-23 18:34 - 00000835 _____ C:\Users\Chella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-08-21 11:53 - 2015-08-21 11:54 - 43794512 _____ C:\Users\Chella\Desktop\torbrowser-install-5.0.1_en-US.exe
2015-08-20 19:32 - 2015-08-25 18:31 - 00000000 ___RD C:\Users\Chella\.oracle_jre_usage
2015-08-20 19:32 - 2015-08-20 19:32 - 00000000 ____D C:\Users\Chella\AppData\Roaming\Sun
2015-08-20 19:18 - 2015-08-20 19:37 - 00000000 ____D C:\Users\Chella\AppData\Roaming\Skype
2015-08-20 19:18 - 2015-08-20 19:18 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-20 19:18 - 2015-08-20 19:18 - 00002697 _____ C:\ProgramData\Desktop\Skype.lnk
2015-08-20 14:44 - 2015-08-20 14:44 - 00454016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-08-20 14:44 - 2015-08-20 14:44 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-19 18:52 - 2015-08-19 18:52 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090110796_1.tmp
2015-08-19 18:09 - 2015-08-19 18:09 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809011644_1.tmp
2015-08-19 17:48 - 2015-08-19 17:48 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019228_1.tmp
2015-08-19 10:46 - 2015-08-19 10:46 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013828_1.tmp
2015-08-19 10:37 - 2015-08-19 10:37 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014476_1.tmp
2015-08-18 15:43 - 2015-08-18 15:43 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019656_1.tmp
2015-08-17 22:00 - 2015-08-17 22:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019172_1.tmp
2015-08-17 22:00 - 2015-08-17 22:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013364_1.tmp
2015-08-17 21:59 - 2015-08-17 21:59 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019188_1.tmp
2015-08-17 20:28 - 2015-08-17 20:28 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016880_1.tmp
2015-08-15 19:12 - 2015-08-15 19:12 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016168_1.tmp
2015-08-15 14:08 - 2015-08-15 14:08 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019524_1.tmp
2015-08-15 12:20 - 2015-08-15 12:20 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018196_1.tmp
2015-08-15 12:19 - 2015-08-15 12:19 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018288_1.tmp
2015-08-15 10:22 - 2015-08-15 10:22 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090110032_1.tmp
2015-08-15 09:18 - 2015-08-15 09:18 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018968_1.tmp
2015-08-14 21:54 - 2015-08-14 21:54 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016816_1.tmp
2015-08-14 21:34 - 2015-08-14 21:34 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018584_1.tmp
2015-08-14 20:30 - 2015-08-14 20:30 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016572_1.tmp
2015-08-14 20:20 - 2015-08-14 20:20 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017364_1.tmp
2015-08-14 15:19 - 2015-08-14 15:19 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015768_1.tmp
2015-08-14 15:00 - 2015-08-14 15:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017084_1.tmp
2015-08-14 14:54 - 2015-08-14 14:54 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016568_1.tmp
2015-08-14 14:41 - 2015-08-14 14:41 - 00000520 _____
 
Part Three of the results:

\TempPSTEMPFILEon0809012768_1.tmp
2015-08-03 00:29 - 2015-08-03 00:29 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809012796_1.tmp
2015-08-13 11:30 - 2015-08-13 11:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809012900_1.tmp
2015-08-28 23:43 - 2015-08-28 23:43 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013092_1.tmp
2015-08-17 22:00 - 2015-08-17 22:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013364_1.tmp
2015-07-21 19:27 - 2015-07-21 19:27 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013428_1.tmp
2015-07-11 13:18 - 2015-07-11 13:18 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090134968_1.tmp
2015-07-11 13:30 - 2015-07-11 13:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090135648_1.tmp
2015-08-03 00:19 - 2015-08-03 00:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013684_1.tmp
2015-08-19 10:46 - 2015-08-19 10:46 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013828_1.tmp
2015-05-23 07:32 - 2015-05-23 07:32 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013832_1.tmp
2015-05-07 19:45 - 2015-05-07 19:45 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013836_1.tmp
2015-08-12 18:04 - 2015-08-12 18:04 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013836_2.tmp
2015-07-11 14:37 - 2015-07-11 14:37 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090142000_1.tmp
2015-07-14 19:52 - 2015-07-14 19:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014368_1.tmp
2015-05-23 07:30 - 2015-05-23 07:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014376_1.tmp
2015-08-19 10:37 - 2015-08-19 10:37 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014476_1.tmp
2015-07-13 22:38 - 2015-07-13 22:38 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014548_1.tmp
2015-05-25 22:42 - 2015-05-25 22:42 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014672_1.tmp
2015-07-23 00:56 - 2015-07-23 00:56 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014684_1.tmp
2015-08-12 17:58 - 2015-08-12 17:58 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014692_1.tmp
2015-05-25 22:46 - 2015-05-25 22:46 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014824_1.tmp
2015-05-25 23:02 - 2015-05-25 23:02 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014960_1.tmp
2015-08-31 01:47 - 2015-08-31 01:47 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015312_1.tmp
2015-06-08 16:14 - 2015-06-08 16:14 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015360_1.tmp
2015-08-26 23:06 - 2015-08-26 23:06 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015396_1.tmp
2015-08-28 23:30 - 2015-08-28 23:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015440_1.tmp
2015-08-24 03:07 - 2015-08-24 03:07 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015576_1.tmp
2015-08-14 15:19 - 2015-08-14 15:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015768_1.tmp
2015-08-13 11:30 - 2015-08-13 11:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015836_1.tmp
2015-06-20 09:01 - 2015-06-20 09:01 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015920_1.tmp
2015-07-04 01:52 - 2015-07-04 01:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015992_1.tmp
2015-07-04 01:49 - 2015-07-04 01:49 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016008_1.tmp
2015-08-13 21:03 - 2015-08-13 21:03 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016064_1.tmp
2015-07-04 01:20 - 2015-07-04 01:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016112_1.tmp
2015-08-14 03:23 - 2015-08-14 03:23 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016132_1.tmp
2015-08-15 19:12 - 2015-08-15 19:12 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016168_1.tmp
2015-07-10 11:38 - 2015-07-10 11:38 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016172_1.tmp
2015-07-04 01:19 - 2015-07-04 01:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016288_1.tmp
2015-07-23 00:56 - 2015-07-23 00:56 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016320_1.tmp
2015-07-07 01:17 - 2015-07-07 01:17 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016328_1.tmp
2015-08-29 00:14 - 2015-08-29 00:14 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016396_1.tmp
2015-08-29 00:14 - 2015-08-29 00:14 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016420_1.tmp
2015-08-28 23:30 - 2015-08-28 23:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016436_1.tmp
2015-08-14 14:41 - 2015-08-14 14:41 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016440_1.tmp
2015-08-24 03:05 - 2015-08-24 03:05 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016456_1.tmp
2015-08-14 14:54 - 2015-08-14 14:54 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016568_1.tmp
2015-08-14 20:30 - 2015-08-14 20:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016572_1.tmp
2015-08-13 21:03 - 2015-08-13 21:03 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016576_1.tmp
2015-08-29 15:18 - 2015-08-29 15:18 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016608_1.tmp
2015-08-25 23:10 - 2015-08-25 23:10 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016668_1.tmp
2015-08-03 00:20 - 2015-08-03 00:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016672_1.tmp
2015-08-14 21:54 - 2015-08-14 21:54 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016816_1.tmp
2015-08-29 15:51 - 2015-08-29 15:51 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016848_1.tmp
2015-08-07 16:22 - 2015-08-07 16:22 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016864_1.tmp
2015-08-31 01:51 - 2015-08-31 01:51 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016868_1.tmp
2015-08-17 20:28 - 2015-08-17 20:28 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016880_1.tmp
2015-06-26 23:21 - 2015-06-26 23:21 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016944_1.tmp
2015-08-13 11:31 - 2015-08-13 11:31 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016992_1.tmp
2015-08-03 00:20 - 2015-08-03 00:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016996_1.tmp
2015-08-28 04:00 - 2015-08-28 04:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017044_1.tmp
2015-08-12 17:07 - 2015-08-12 17:07 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon080901704_1.tmp
2015-08-14 15:00 - 2015-08-14 15:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017084_1.tmp
2015-08-03 08:57 - 2015-08-03 08:57 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017144_1.tmp
2015-05-23 03:03 - 2015-05-23 03:03 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017156_1.tmp
2015-08-29 16:07 - 2015-08-29 16:07 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017176_1.tmp
2015-07-30 14:47 - 2015-07-30 14:47 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017216_1.tmp
2015-08-24 03:31 - 2015-08-24 03:31 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017280_1.tmp
2015-08-14 20:20 - 2015-08-14 20:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017364_1.tmp
2015-07-07 01:17 - 2015-07-07 01:17 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017372_1.tmp
2015-08-25 23:05 - 2015-08-25 23:05 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017408_1.tmp
2015-08-24 03:41 - 2015-08-24 03:41 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017428_1.tmp
2015-08-12 17:15 - 2015-08-12 17:15 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017484_1.tmp
2015-07-04 01:53 - 2015-07-04 01:53 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017596_1.tmp
2015-07-04 01:52 - 2015-07-04 01:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017660_1.tmp
2015-08-14 14:34 - 2015-08-14 14:34 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017660_2.tmp
2015-05-25 23:04 - 2015-05-25 23:04 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon080901768_1.tmp
2015-08-26 02:45 - 2015-08-26 02:45 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017736_1.tmp
2015-07-04 01:47 - 2015-07-04 01:47 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017784_1.tmp
2015-08-29 00:13 - 2015-08-29 00:13 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017800_1.tmp
2015-08-03 00:19 - 2015-08-03 00:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018092_1.tmp
2015-05-23 07:33 - 2015-05-23 07:33 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018104_1.tmp
2015-07-04 01:51 - 2015-07-04 01:51 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018108_1.tmp
2015-08-15 12:20 - 2015-08-15 12:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018196_1.tmp
2015-08-29 00:40 - 2015-08-29 00:40 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018260_1.tmp
2015-08-15 12:19 - 2015-08-15 12:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018288_1.tmp
2015-08-12 17:20 - 2015-08-12 17:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018324_1.tmp
2015-07-28 04:55 - 2015-07-28 04:55 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018328_1.tmp
2015-08-12 17:16 - 2015-08-12 17:16 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018464_1.tmp
2015-07-28 04:54 - 2015-07-28 04:54 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018528_1.tmp
2015-08-14 21:34 - 2015-08-14 21:34 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018584_1.tmp
2015-07-28 04:52 - 2015-07-28 04:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018820_1.tmp
2015-08-29 00:09 - 2015-08-29 00:09 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018864_1.tmp
2015-08-07 16:22 - 2015-08-07 16:22 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018912_1.tmp
2015-08-15 09:18 - 2015-08-15 09:18 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018968_1.tmp
2015-08-28 03:21 - 2015-08-28 03:21 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019012_1.tmp
2015-08-29 17:52 - 2015-08-29 17:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019016_1.tmp
2015-08-17 22:00 - 2015-08-17 22:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019172_1.tmp
2015-08-17 21:59 - 2015-08-17 21:59 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019188_1.tmp
2015-08-19 17:48 - 2015-08-19 17:48 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019228_1.tmp
2015-08-15 14:08 - 2015-08-15 14:08 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019524_1.tmp
2015-08-18 15:43 - 2015-08-18 15:43 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019656_1.tmp
2015-08-03 00:20 - 2015-08-03 00:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019708_1.tmp

Files to move or delete:
====================
C:\Users\Chella\IE11-Windows6.1.exe


Some files in TEMP:
====================
C:\Users\Chella\AppData\Local\Temp\GLF197E.EXE
C:\Users\Chella\AppData\Local\Temp\GLF2216.EXE
C:\Users\Chella\AppData\Local\Temp\GLF84EE.EXE
C:\Users\Chella\AppData\Local\Temp\GLF8A49.EXE
C:\Users\Chella\AppData\Local\Temp\InstallIMVU_520.0.exe
C:\Users\Chella\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Chella\AppData\Local\Temp\ose00000.exe
C:\Users\Chella\AppData\Local\Temp\{82593E29-BFEC-4060-B8FC-CB4CFB69F697}-43.0.2357.124_chrome_installer.exe
C:\Users\Chella\AppData\Local\Temp\{CBC63266-4876-4804-94A5-ECFBA463E2C0}-43.0.2357.81_chrome_installer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 04:36

==================== End of FRST.txt ============================
 
Addition Text 1/2:


Ran by Chella (2015-08-31 02:19:20)
Running from C:\Users\Chella\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2430470121-453182706-2864623997-500 - Administrator - Disabled)
Chella (S-1-5-21-2430470121-453182706-2864623997-1000 - Administrator - Enabled) => C:\Users\Chella
Guest (S-1-5-21-2430470121-453182706-2864623997-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2430470121-453182706-2864623997-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.0.74 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\{E1915B85-E4E4-44E4-B26B-3D16B04D04FC}) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.182 - ArcSoft)
Auslogics Anti-Malware (HKLM-x32\...\{A5A6F7C9-F91E-45C7-8DAA-289CBB0C817D}_is1) (Version: 1.1.0.0 - Auslogics Labs Pty Ltd)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.9.0.0 - Auslogics Labs Pty Ltd)
Auslogics Driver Updater (HKLM-x32\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.5.0.0 - Auslogics Labs Pty Ltd)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.51 - Conexant)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IMVU Avatar Chat Software (HKU\S-1-5-21-2430470121-453182706-2864623997-1000\...\IMVU Avatar chat client software BETA) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Keyboard Shortcuts (HKLM-x32\...\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}) (Version: 1.1.0.08290 - Sony Corporation)
KPStarOne Version 6.7.21 (HKLM-x32\...\{F4F50E78-2B3C-4616-8C27-057F7D8BB302}_is1) (Version: - StarOne SoftCraft Inc.)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PhotoImpact Pro (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Nova Development)
PhotoImpact Pro (x32 Version: 1.00.0000 - Nova Development) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery (HKLM-x32\...\{DD696AF7-8A89-41D5-976A-2053E41A69BE}) (Version: 2.0.2.12040 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.01.06110 - Sony Corporation)
VAIO Care (HKLM\...\{55A60C1D-BEBF-4249-BFB2-F4E5C2E77988}) (Version: 8.4.1.07021 - Sony Corporation)
VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation)
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.3 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
Windows Driver Package - Realtek (RTL8167) Net (01/26/2011 7.040.0126.2011) (HKLM\...\63812D0D7BEF8B8C3ED280E01D1A599B1D9595F3) (Version: 01/26/2011 7.040.0126.2011 - Realtek)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-08-2015 02:53:13 Scheduled Checkpoint
20-08-2015 14:43:15 avast! antivirus system restore point
20-08-2015 14:45:28 Device Driver Package Install: Avast Network Service
28-08-2015 15:32:36 Scheduled Checkpoint
31-08-2015 00:21:12 Installed Atheros WiFi Driver Installation
31-08-2015 00:27:54 Installed Atheros WiFi Driver Installation
31-08-2015 01:09:10 Removed Atheros WiFi Driver Installation
31-08-2015 01:13:54 Restore Operation
31-08-2015 01:19:44 avast! antivirus system restore point
31-08-2015 01:47:55 Removed PhotoStudio
31-08-2015 01:49:10 Installed PhotoStudio

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {029404DB-3E99-4B3C-8B0D-8F3707A126D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {038FD647-B284-49BC-9B3A-3A3988FEFC9C} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Chella => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)
Task: {11237F01-5181-4C3E-9543-FD62E3D90D1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {15ADB072-9F29-485C-95AD-1AB0AE4C9D06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26CB1FF8-039B-4282-8C23-957E84EAA034} - System32\Tasks\{64835604-5305-4F1E-A2BB-FD93181AD6C7} => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe [2014-11-21] (Apple Inc.)
Task: {27416643-8E90-46FD-A8A6-711BD2F1368B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-20] (AVAST Software)
Task: {2D6898E4-29C3-431A-9E40-BE6C25744F3A} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {2DB7F097-B424-48C1-A2CA-31A2B2E55133} - System32\Tasks\{94EC4117-5154-4432-B89B-3D82807CC92E} => pcalua.exe -a "C:\Users\Chella\AppData\Local\Apple\Apple Software Update\QuickTimeInstallerAdmin.exe" -d "C:\Users\Chella\AppData\Local\Apple\Apple Software Update"
Task: {3708DB3D-CFCE-43C6-8F7F-44E8293D22A1} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {3CFAC0E0-9D25-47FF-8E20-54C8A6551EFC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {3DFE69A0-0D1E-45D0-91F4-72A422AC0A5B} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {41B87F6D-6502-4E72-A03A-120B4E188841} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-08-31] ()
Task: {4AC9B344-EA66-4F77-A3A2-F6231509DC6F} - System32\Tasks\{5C809A67-2BE6-45CC-B7DF-9CA142F6D6DA} => pcalua.exe -a "D:\Adobe Photoshop Elements\Setup.exe" -d "D:\Adobe Photoshop Elements"
Task: {500C574D-3279-46C7-828C-3FB57CFA93F0} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {5490A73A-DECF-4BC0-881E-1074E3A7AE3A} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-11-03] (Sony Corporation)
Task: {56696B82-137E-462D-B2A0-F0186267F99F} - System32\Tasks\Sony Corporation\VAIO Care\GetSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {5AB7F562-68D4-410F-88E4-FB789F7BCEE2} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {6170F487-8267-4A5C-BBA8-40E60E9133C6} - System32\Tasks\{09CAB9A3-79F1-452D-84E6-AE0F34AD3115} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
Task: {6664CCEB-B067-4658-9B9D-3098EE9677CC} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {75D08CCC-47E8-4FE2-AB64-248EFE17D464} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {7A7A7AFC-7EE4-4539-A9A3-1529D448BFF7} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {7DC21B2F-26CB-4046-8731-783997ABFC2C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
Task: {8281CCC9-048A-4EE5-A43E-280379035AB9} - System32\Tasks\Auslogics\Anti-Malware\Start Anti-Malware оn Chella logon => C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe [2015-04-07] (Auslogics)
Task: {82F1AABA-51D2-48D3-BDDB-006B15D6D336} - System32\Tasks\avastBCLRestartS-1-5-21-2430470121-453182706-2864623997-1000 => Chrome.exe
Task: {8AD3A019-2034-4699-ABC2-E5C3B6EDC84C} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {8C672A9A-EC37-4FDF-A94D-5514439F7876} - System32\Tasks\{6762F4B7-138F-46C6-BB2C-B0B3384A5EC2} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{66081CDD-C1FE-415F-BB3A-F2622BA27461}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {A5168ED8-0E23-4073-BB6C-A8790F53DCD9} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {A7847D8B-1863-4B86-9ECD-582A5BF6C775} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {AEB46FE2-DFF8-4593-9FA7-13F886B6E596} - System32\Tasks\{5C05EF6E-9FCC-4B79-A52D-9FF9FEF88553} => Chrome.exe http://ui.skype.com/ui/0/7.0.59.100/en/go/help.faq.installer?LastError=1618
Task: {BAB39713-3E4F-4085-BC90-1553CECCA265} - System32\Tasks\{5D16CE0D-EF33-40C5-9487-3E70073E1320} => C:\Program Files (x86)\ArcSoft\WebCam Companion 4\Utility.exe
Task: {D1479CDA-D5BA-46B8-8755-14E5ECCBA2E9} - System32\Tasks\{864505C4-0C42-4DE9-9DAB-0BAFA5F8B21A} => pcalua.exe -a "C:\Users\Chella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CLSAS2Z\SOAOTH-88972828-10C0.EXE" -d C:\Users\Chella\Desktop
Task: {D941E4FD-9483-48DA-924B-80D9034D3F40} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {DB257131-2B6B-4D84-AA19-93C6170F49AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E2DC1C3B-4CC8-4BF2-921E-D420389A3452} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {E6A41757-6C61-4B42-A87F-BAFF533B5550} - System32\Tasks\{AA587CC3-48F5-4907-ABA3-A8B612D19C08} => C:\Program Files\Sony\VAIO Care\VAIOCare.exe [2015-05-22] (Sony Corporation)
Task: {E8C4ABCB-823A-4FBF-B6F1-26AF243FB323} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {ED6AFA9D-977D-45EE-A52F-D9F2F58D5A81} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {EDBA7F1E-7134-4DEB-B0A6-6F272D7B01A4} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {EECA24B6-9B00-44FD-A6ED-78F96B4F28A7} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {F80D2664-EA26-4F7F-B440-7721640F440A} - System32\Tasks\{68C15558-D697-40C3-A3E5-2D6B8258E558} => pcalua.exe -a "C:\Users\Chella\Downloads\AVG boot\avg_arl_ffi_all_120_141126a8645\setup.exe" -d "C:\Users\Chella\Downloads\AVG boot\avg_arl_ffi_all_120_141126a8645"
Task: {F8DBC7BB-2C8C-4DE2-B94F-8103F3AFFB60} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {FB0F3258-EC94-4125-9324-0989EF60FB4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-16 17:42 - 2015-04-16 17:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-11-01 15:59 - 2013-11-01 15:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2015-08-13 13:47 - 2015-08-13 13:47 - 00217568 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
2015-08-13 13:47 - 2015-08-13 13:47 - 00221152 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUClient.exe
2015-08-20 14:44 - 2015-08-20 14:44 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-20 14:44 - 2015-08-20 14:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-28 10:39 - 2015-08-28 10:39 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082800\algo.dll
2015-08-31 01:25 - 2015-08-31 01:25 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15083002\algo.dll
2014-10-18 12:24 - 2011-03-05 16:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2015-03-24 18:55 - 2015-03-24 18:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-17 00:34 - 2014-10-17 00:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2014-08-12 11:12 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00098304 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32api.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00109568 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pywintypes27.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00110592 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32file.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00016896 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32event.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00087040 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_ctypes.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00166912 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32gui.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00046080 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_socket.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00028160 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_ssl.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00659456 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_imaging.pyd
2015-05-20 22:06 - 2015-05-20 22:06 - 00911872 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_cal3d.pyd
2015-05-20 21:29 - 2015-05-20 21:29 - 00216576 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\boost_python.dll
2015-05-20 21:29 - 2015-05-20 21:29 - 00031744 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\CallStack.dll
2015-05-20 21:30 - 2015-05-20 21:30 - 00360960 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\cal3d.dll
2015-08-06 13:48 - 2015-08-06 13:48 - 01892352 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_avatarwindow.pyd
2015-05-20 21:35 - 2015-05-20 21:35 - 00169984 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\zero.dll
2015-05-20 21:35 - 2015-05-20 21:35 - 00052736 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pixmap.dll
2015-08-06 13:46 - 2015-08-06 13:46 - 00920064 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\SceneWindow.dll
2015-05-20 21:34 - 2015-05-20 21:34 - 00072704 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\ParticleLib.dll
2015-05-20 21:37 - 2015-05-20 21:37 - 00014336 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\MemoryHook.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00126976 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pyexpat.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00357888 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pythoncom27.dll
2015-05-20 21:18 - 2015-05-20 21:18 - 00265216 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32com.shell.shell.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00016384 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32clipboard.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00034816 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32process.pyd
2015-05-20 22:08 - 2015-05-20 22:08 - 00059392 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_sqlite3.pyd
2015-05-20 21:52 - 2015-05-20 21:52 - 00506368 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\sqlite3.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00010240 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\select.pyd
2015-05-20 22:08 - 2015-05-20 22:08 - 00044032 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_pylzma.pyd
2015-08-06 13:49 - 2015-08-06 13:49 - 00131072 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_imvugecko.pyd
2015-08-06 13:47 - 2015-08-06 13:47 - 00190976 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\imvugecko.dll
2015-05-20 21:07 - 2015-05-20 21:07 - 00872448 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\js3250.dll
2015-05-20 22:08 - 2015-05-20 22:08 - 00135680 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_libzero.pyd
2015-08-06 13:49 - 2015-08-06 13:49 - 00083968 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_imvuflash.pyd
2015-08-06 13:47 - 2015-08-06 13:47 - 00111104 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\imvuflash.dll
2015-05-20 21:45 - 2015-05-20 21:45 - 00010752 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\nphwndproxy.dll
2015-05-20 21:24 - 2015-05-20 21:24 - 17024688 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\NPSWF32.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00686080 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\unicodedata.pyd
2015-08-21 09:13 - 2015-08-18 01:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 09:13 - 2015-08-18 01:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-21 09:13 - 2015-08-18 01:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59551415.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59551415.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
Second half of addition text:



(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2430470121-453182706-2864623997-1000\...\google.com -> hxxps://www.google.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chella\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Chella^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0FFBFC94-0AE3-4D77-AC79-ED36F6F195C7}C:\program files\sony\vaio care\vcsystemtray.exe] => (Block) C:\program files\sony\vaio care\vcsystemtray.exe
FirewallRules: [UDP Query User{D87AAD19-D954-4296-B84C-4B853B497BA3}C:\program files\sony\vaio care\vcsystemtray.exe] => (Block) C:\program files\sony\vaio care\vcsystemtray.exe
FirewallRules: [TCP Query User{021259DD-243E-4D0E-A156-19EFDC29DD44}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DEE6D984-27D5-415A-8AB6-C2FBE6AE1D6F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{CE3AB105-6970-42B8-99A8-70C1ECDD396C}C:\program files\sony\vaio care\vcadmin.exe] => (Block) C:\program files\sony\vaio care\vcadmin.exe
FirewallRules: [UDP Query User{48D809CC-2FB0-4C65-B8DB-E2A20258979A}C:\program files\sony\vaio care\vcadmin.exe] => (Block) C:\program files\sony\vaio care\vcadmin.exe
FirewallRules: [{9993BC1C-CDF9-4175-9D47-09680E9F1F1B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{0D0DA385-1B6F-40AB-A019-5D0328A2234F}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{903A92BF-CC30-42D8-BF9D-6164BCDF3346}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FC01E7CD-2C63-4E0B-B2B9-828136CA7215}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2015 01:49:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

System Error:
The system cannot find the file specified.
.

Error: (08/31/2015 01:47:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

System Error:
The system cannot find the file specified.
.

Error: (08/31/2015 01:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca28
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef
Exception code: 0xc0000005
Fault offset: 0x5f16cce9
Faulting process id: 0x1a88
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3

Error: (08/31/2015 01:21:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2015 01:20:32 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0xc0000022.

Error: (08/31/2015 01:19:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/31/2015 01:14:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.3.7130, time stamp: 0x559f78d9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x15dc
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3

Error: (08/31/2015 01:14:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (08/31/2015 01:14:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCSystemTray.App.Main()

Error: (08/31/2015 01:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x15d8
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3


System errors:
=============
Error: (08/31/2015 01:23:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2147023113

Error: (08/31/2015 01:19:09 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (08/31/2015 01:19:09 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (08/31/2015 01:19:09 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (08/31/2015 01:18:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%5

Error: (08/31/2015 01:14:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%5

Error: (08/31/2015 01:14:15 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 5TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/31/2015 12:34:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2147023113

Error: (08/31/2015 12:31:33 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (08/31/2015 12:31:33 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.


Microsoft Office:
=========================
Error: (08/31/2015 01:49:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

System Error:
The system cannot find the file specified.

Error: (08/31/2015 01:47:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

System Error:
The system cannot find the file specified.

Error: (08/31/2015 01:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28QuickTime.qts_unloaded0.0.0.055c3a9efc00000055f16cce91a8801d0e3ae7d182fd0C:\Windows\SysWOW64\regsvr32.exeQuickTime.qtsbe267896-4fa1-11e5-9e3c-f0bf9702ec89

Error: (08/31/2015 01:21:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2015 01:20:32 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0xc0000022

Error: (08/31/2015 01:19:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (08/31/2015 01:14:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.3.7130559f78d9KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d15dc01d0e3abb5543f5eC:\Program Files\Sony\VAIO Care\VCAgent.exeC:\Windows\system32\KERNELBASE.dll203c4f08-4f9f-11e5-9dea-f0bf9702ec89

Error: (08/31/2015 01:14:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (08/31/2015 01:14:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCSystemTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
Stack:
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
at VCSystemTray.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCSystemTray.App.Main()

Error: (08/31/2015 01:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d2415d801d0e3abb6177035C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exef685f1fb-4f9e-11e5-9dea-f0bf9702ec89


CodeIntegrity:
===================================
Date: 2015-08-31 00:31:26.002
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-31 00:31:25.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-31 00:25:12.348
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-31 00:25:12.161
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-31 00:22:36.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-31 00:22:36.035
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-31 00:22:32.962
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-31 00:22:32.884
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-24 15:29:17.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP51.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-23 20:24:50.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP51.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 6091.86 MB
Available physical RAM: 2864.18 MB
Total Virtual: 15226.04 MB
Available Virtual: 11647.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454.74 GB) (Free:381.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97CC3329)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Did you intend this to be posted to the Virus and Malware removal forum?
If so... No worries...
A) Did you follow all the steps and post all your results. (I did not check; just asking).
B) A moderator will be able to move your thread for you.
.
Note: As it appeared to be a request for help with Malware,
I took the initiative to move it.
Good Luck!
 
Last edited:
  • Like
Reactions: queenofgoddess
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

redtarget.gif
Are you getting any error messages about some "navcancl" missing?

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Last edited:
Hi Again,

Thank you for your assistance.
RogueKiller V10.10.3.0 [Aug 31 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : Chella [Administrator]
Started from : C:\Users\Chella\Desktop\RogueKiller (1).exe
Mode : Scan -- Date : 09/01/2015 17:43:45

¤¤¤ Processes : 1 ¤¤¤
[VT.UnclassifiedMalware] LavasoftTcpService.exe(1888) -- C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-55HXZT3 +++++
--- User ---
[MBR] e583299b340522f5d38fd0374c4e9c8a
[BSP] 6be45ab863d34c4481b3edf27b190064 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11182 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 22902784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 23107584 | Size: 465656 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

I am following the next steps
 
You didn't answer my question:

redtarget.gif
Are you getting any error messages about some "navcancl" missing?
 
Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akaips, 11,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.1.3,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.1.7,

(end)
 
The above is incorrect.
You need to post "scan" log from MBAM.

You still didn't answer my question.
 
Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akaips, 11,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.1.3,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.1.7,

Are you getting any error messages about some "navcancl" missing?

Answer- Yes I am when I am trying to use my photo editing software.
 
  • open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
 
# AdwCleaner v5.005 - Logfile created 02/09/2015 at 00:11:48
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Ultimate (x64)
# Username : Chella - CHELLA-PC
# Running from : C:\Users\Chella\Desktop\adwcleaner_5.005.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\DeviceVM
[-] Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
[-] Key Deleted : HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

[-] [C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3032 bytes] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akaips, 11,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.1.3,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.1.7,
Error, 9/1/2015 10:38 PM, SYSTEM, CHELLA-PC, Protection, IsLicensed, 13,
Protection, 9/1/2015 10:38 PM, SYSTEM, CHELLA-PC, Protection, Malware Protection, Stopping,
Protection, 9/1/2015 10:38 PM, SYSTEM, CHELLA-PC, Protection, Malware Protection, Stopped,

(end)
 
I reran the roguekiller tool and I saw something that piqued my curiosity.
Why at the bottom of the results does it mention "Acer Computer"

RogueKiller V10.10.3.0 [Aug 31 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chella [Administrator]
Started from : C:\Users\Chella\Desktop\RogueKiller (1).exe
Mode : Scan -- Date : 09/02/2015 15:59:14

¤¤¤ Processes : 1 ¤¤¤
[VT.UnclassifiedMalware] LavasoftTcpService.exe(2280) -- C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-55HXZT3 +++++
--- User ---
[MBR] e583299b340522f5d38fd0374c4e9c8a
[BSP] 6be45ab863d34c4481b3edf27b190064 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11182 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 22902784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 23107584 | Size: 465656 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\trademanager
Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\Chella\AppData\Roaming\imvuclient
Successfully deleted: [Folder] C:\Users\Chella\AppData\Roaming\lavasoft\web companion



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic

[C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gpdjojdkbbmdfjfahjcgigfpmkopogic

[C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gpdjojdkbbmdfjfahjcgigfpmkopogic
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/02/2015 at 21:57:23.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Why at the bottom of the results does it mention "Acer Computer"
Click to expand...
Not sure what you mean.

MBAM log is still incorrect.
You posted "Protection" log instead of "Scan" log.
 

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A
S
  • Locked
Inactive Am I infected?
Replies
8
Views
4K
Broni
Broni

Latest posts

Back