TechSpot

I have read your instructions for problem help and have pasted the results below

By queenofgoddess
Aug 31, 2015
  1. hello

    My computer says its missing the file "navcancl". I have run the test and here are the results:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
    Ran by Chella (administrator) on CHELLA-PC (31-08-2015 02:14:28)
    Running from C:\Users\Chella\Desktop
    Loaded Profiles: Chella (Available Profiles: Chella)
    Platform: Windows 7 Ultimate (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    (Auslogics) C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    () C:\Program Files\Sony\VAIO Care\listener.exe
    (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    () C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
    () C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUClient.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\PhotoStudio 6\PhotoStudio.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\HelpPane.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
    HKLM-x32\...\Run: [Adobe Photo Downloader] => "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-20] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{6370EEBA-E731-4ABE-829F-96243374E25A}: [DhcpNameServer] 77.234.40.79
    Tcpip\..\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{EC5FE83B-381C-4988-95A6-C518BAAF125E}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2430470121-453182706-2864623997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
    HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    SearchScopes: HKU\S-1-5-21-2430470121-453182706-2864623997-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-20] (AVAST Software)
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-20] (AVAST Software)
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]

    Chrome:
    =======
    CHR Profile: C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
    CHR Extension: (Fish Matching) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllpaelopnfgfampngdhgolbpfdkpdem [2015-04-09]
    CHR Extension: (YouTube) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-10]
    CHR Extension: (QuickBooks) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2014-08-10]
    CHR Extension: (Google Search) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
    CHR Extension: (PartyCloud DJ Mixer) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2014-08-10]
    CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2014-08-22]
    CHR Extension: (Smartsheet HR) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\efliaclebbnefnippkalknpcbobooiaf [2014-08-10]
    CHR Extension: (History Eraser) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2015-08-21]
    CHR Extension: (Avast Online Security) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]
    CHR Extension: (Pin It Button) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-10]
    CHR Extension: (Backlink Search Tool) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdaipepmdljmnbenbclhfahgfjfcpmhk [2014-08-23]
    CHR Extension: (PDF 2 Word) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikmbbhamagbiehojojnnnjblkighjmpa [2014-08-10]
    CHR Extension: (Jobber - Employee engagement) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\inamdknlmcahjfoabbadlhaaoopfienf [2015-04-09]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
    CHR Extension: (Click&Clean App) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-08-21]
    CHR Extension: (Gmail) - C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
    CHR HKU\S-1-5-21-2430470121-453182706-2864623997-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-04-20] (Adobe Systems Incorporated)
    R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed]
    R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2014-10-02] (Microsoft Corporation) [File not signed]
    R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2014-10-02] (Microsoft Corporation) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-20] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-20] (AVAST Software)
    S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
    S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [187904 2014-07-06] (Microsoft Corporation) [File not signed]
    R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2014-07-06] (Microsoft Corporation) [File not signed]
    R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-12-27] (Microsoft Corporation) [File not signed]
    S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
    S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
    R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2014-08-09] (Microsoft Corporation) [File not signed]
    R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-21] (Microsoft Corporation) [File not signed]
    R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation) [File not signed]
    R3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
    R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
    S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
    S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
    S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
    R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed]
    R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-12-27] (Microsoft Corporation) [File not signed]
    S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation) [File not signed]
    S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
    S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
    S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation) [File not signed]
    S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
    S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
    R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
    S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
    S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
    S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation) [File not signed]
    R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
    S2 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] () [File not signed]
    S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
    R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation) [File not signed]
    R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
    S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
    S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
    R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
    S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
    S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
    R2 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
    R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-02] (Microsoft Corporation) [File not signed]
    S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1177088 2014-10-02] (Microsoft Corporation) [File not signed]
    R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-12-27] (Microsoft Corporation) [File not signed]
    R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-12-27] (Microsoft Corporation) [File not signed]
    S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
    S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]
    S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
     
  2. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Second half of the results:


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
    R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] (Microsoft Corporation) [File not signed]
    S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-20] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-20] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-20] (AVAST Software)
    U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [454016 2015-08-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-20] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-20] (AVAST Software)
    S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-12-13] (The OpenVPN Project)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-20] (AVAST Software)
    S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2377216 2011-02-16] (Atheros Communications, Inc.) [File not signed]
    S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
    S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
    R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-12-27] (Microsoft Corporation) [File not signed]
    S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
    S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
    S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
    S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
    S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
    S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
    S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
    S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
    R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed]
    R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 e1yexpress; C:\Windows\System32\DRIVERS\e1y60x64.sys [281088 2009-06-10] (Intel Corporation) [File not signed]
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
    S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
    U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
    S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
    R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5363200 2014-01-29] (Intel Corporation) [File not signed]
    R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed]
    R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-12-27] (Microsoft Corporation) [File not signed]
    R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-12-27] (Microsoft Corporation) [File not signed]
    R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-12-27] (Microsoft Corporation) [File not signed]
    S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
    R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed]
    R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
    R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
    R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-08-02] ()
    S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [12032 2010-04-26] (Sony Corporation) [File not signed]
    S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-12-27] (Microsoft Corporation) [File not signed]
    R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-12-27] (Microsoft Corporation) [File not signed]
    R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-12-27] (Microsoft Corporation) [File not signed]
    R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
    S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation) [File not signed]
    R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2014-11-10] (Microsoft Corporation) [File not signed]
    S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-16] (Microsoft Corporation) [File not signed]
    S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
    S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
    R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
    S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
    R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
    R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
    R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] (Microsoft Corporation) [File not signed]
    S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
    R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-26] (Microsoft Corporation) [File not signed]
    R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-26] (Microsoft Corporation) [File not signed]
    S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-12-27] (Microsoft Corporation) [File not signed]
    S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] (Microsoft Corporation) [File not signed]
    S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-12-27] (Microsoft Corporation) [File not signed]
    R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
    S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-12] (Microsoft Corporation) [File not signed]
    S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
    R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
    R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies) [File not signed]
    R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
    R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
    S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
    S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-31 02:14 - 2015-08-31 02:15 - 00053487 _____ C:\Users\Chella\Desktop\FRST.txt
    2015-08-31 02:14 - 2015-08-31 02:14 - 02188288 _____ (Farbar) C:\Users\Chella\Desktop\FRST64.exe
    2015-08-31 02:14 - 2015-08-31 02:14 - 00000000 ____D C:\FRST
    2015-08-31 02:08 - 2015-08-31 02:08 - 00001110 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
    2015-08-31 02:08 - 2015-08-31 02:08 - 00001110 _____ C:\ProgramData\Desktop\FileASSASSIN.lnk
    2015-08-31 02:08 - 2015-08-31 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
    2015-08-31 02:08 - 2015-08-31 02:08 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
    2015-08-31 02:04 - 2015-08-31 02:04 - 00000157 _____ C:\Users\Chella\Downloads\fileassoc.htm
    2015-08-31 01:51 - 2015-08-31 01:51 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016868_1.tmp
    2015-08-31 01:50 - 2015-08-31 01:51 - 00002713 _____ C:\Users\Chella\Downloads\navcancl
    2015-08-31 01:49 - 2015-08-31 01:49 - 00002054 _____ C:\Users\Public\Desktop\PhotoStudio 6.lnk
    2015-08-31 01:49 - 2015-08-31 01:49 - 00002054 _____ C:\ProgramData\Desktop\PhotoStudio 6.lnk
    2015-08-31 01:49 - 2015-08-31 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 6
    2015-08-31 01:48 - 2015-08-31 01:48 - 37086536 _____ (ArcSoft ) C:\Users\Chella\Desktop\photostudio6_retail_tbyb_all (1).exe
    2015-08-31 01:47 - 2015-08-31 01:47 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015312_1.tmp
    2015-08-31 01:46 - 2015-08-31 01:47 - 37086536 _____ (ArcSoft ) C:\Users\Chella\Desktop\photostudio6_retail_tbyb_all.exe
    2015-08-31 01:23 - 2015-08-20 14:45 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1FE4.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw20D3.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-08-31 01:23 - 2015-08-20 14:44 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\asw20F3.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2133.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2004.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2045.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw20A3.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2024.tmp
    2015-08-31 01:23 - 2015-08-20 14:44 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1FB4.tmp
    2015-08-29 17:52 - 2015-08-29 17:52 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019016_1.tmp
    2015-08-29 16:07 - 2015-08-29 16:07 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017176_1.tmp
    2015-08-29 15:51 - 2015-08-29 15:51 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016848_1.tmp
    2015-08-29 15:18 - 2015-08-29 15:18 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016608_1.tmp
    2015-08-29 12:39 - 2015-08-29 12:39 - 00000027 _____ C:\Users\Chella\Desktop\7e3804e0f50a101e.html
    2015-08-29 00:40 - 2015-08-29 00:40 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018260_1.tmp
    2015-08-29 00:14 - 2015-08-29 00:14 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016420_1.tmp
    2015-08-29 00:14 - 2015-08-29 00:14 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016396_1.tmp
    2015-08-29 00:13 - 2015-08-29 00:13 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017800_1.tmp
    2015-08-29 00:09 - 2015-08-29 00:09 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018864_1.tmp
    2015-08-28 23:43 - 2015-08-28 23:43 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013092_1.tmp
    2015-08-28 23:30 - 2015-08-28 23:30 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016436_1.tmp
    2015-08-28 23:30 - 2015-08-28 23:30 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015440_1.tmp
    2015-08-28 04:00 - 2015-08-28 04:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017044_1.tmp
    2015-08-28 03:21 - 2015-08-28 03:21 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019012_1.tmp
    2015-08-28 03:04 - 2015-08-28 03:04 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090111160_1.tmp
    2015-08-26 23:06 - 2015-08-26 23:06 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015396_1.tmp
    2015-08-26 02:45 - 2015-08-26 02:45 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017736_1.tmp
    2015-08-26 02:45 - 2015-08-26 02:45 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809011216_1.tmp
    2015-08-25 23:10 - 2015-08-25 23:10 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016668_1.tmp
    2015-08-25 23:05 - 2015-08-25 23:05 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017408_1.tmp
    2015-08-24 03:41 - 2015-08-24 03:41 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017428_1.tmp
    2015-08-24 03:31 - 2015-08-24 03:31 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017280_1.tmp
    2015-08-24 03:07 - 2015-08-24 03:07 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015576_1.tmp
    2015-08-24 03:05 - 2015-08-24 03:05 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016456_1.tmp
    2015-08-23 18:54 - 2015-08-23 18:54 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090115036_1.tmp
    2015-08-23 18:34 - 2015-08-23 18:34 - 00000787 _____ C:\Users\Chella\Desktop\Start Tor Browser.lnk
    2015-08-23 18:33 - 2015-08-23 18:33 - 00000000 ____D C:\Users\Chella\Desktop\Tor Browser
    2015-08-23 17:20 - 2015-08-23 17:20 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090115984_1.tmp
    2015-08-23 03:53 - 2015-08-23 03:53 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090111044_2.tmp
    2015-08-23 01:09 - 2015-08-23 01:09 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090114584_1.tmp
    2015-08-22 14:03 - 2015-08-22 14:03 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090113260_1.tmp
    2015-08-22 03:43 - 2015-08-22 03:43 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090116168_1.tmp
    2015-08-22 03:36 - 2015-08-22 03:36 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090115876_1.tmp
    2015-08-22 03:03 - 2015-08-22 03:03 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090111952_1.tmp
    2015-08-21 11:54 - 2015-08-23 18:34 - 00000835 _____ C:\Users\Chella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
    2015-08-21 11:53 - 2015-08-21 11:54 - 43794512 _____ C:\Users\Chella\Desktop\torbrowser-install-5.0.1_en-US.exe
    2015-08-20 19:32 - 2015-08-25 18:31 - 00000000 ___RD C:\Users\Chella\.oracle_jre_usage
    2015-08-20 19:32 - 2015-08-20 19:32 - 00000000 ____D C:\Users\Chella\AppData\Roaming\Sun
    2015-08-20 19:18 - 2015-08-20 19:37 - 00000000 ____D C:\Users\Chella\AppData\Roaming\Skype
    2015-08-20 19:18 - 2015-08-20 19:18 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-08-20 19:18 - 2015-08-20 19:18 - 00002697 _____ C:\ProgramData\Desktop\Skype.lnk
    2015-08-20 14:44 - 2015-08-20 14:44 - 00454016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
    2015-08-20 14:44 - 2015-08-20 14:44 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-08-19 18:52 - 2015-08-19 18:52 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090110796_1.tmp
    2015-08-19 18:09 - 2015-08-19 18:09 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809011644_1.tmp
    2015-08-19 17:48 - 2015-08-19 17:48 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019228_1.tmp
    2015-08-19 10:46 - 2015-08-19 10:46 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013828_1.tmp
    2015-08-19 10:37 - 2015-08-19 10:37 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014476_1.tmp
    2015-08-18 15:43 - 2015-08-18 15:43 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019656_1.tmp
    2015-08-17 22:00 - 2015-08-17 22:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019172_1.tmp
    2015-08-17 22:00 - 2015-08-17 22:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013364_1.tmp
    2015-08-17 21:59 - 2015-08-17 21:59 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019188_1.tmp
    2015-08-17 20:28 - 2015-08-17 20:28 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016880_1.tmp
    2015-08-15 19:12 - 2015-08-15 19:12 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016168_1.tmp
    2015-08-15 14:08 - 2015-08-15 14:08 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019524_1.tmp
    2015-08-15 12:20 - 2015-08-15 12:20 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018196_1.tmp
    2015-08-15 12:19 - 2015-08-15 12:19 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018288_1.tmp
    2015-08-15 10:22 - 2015-08-15 10:22 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090110032_1.tmp
    2015-08-15 09:18 - 2015-08-15 09:18 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018968_1.tmp
    2015-08-14 21:54 - 2015-08-14 21:54 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016816_1.tmp
    2015-08-14 21:34 - 2015-08-14 21:34 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018584_1.tmp
    2015-08-14 20:30 - 2015-08-14 20:30 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016572_1.tmp
    2015-08-14 20:20 - 2015-08-14 20:20 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017364_1.tmp
    2015-08-14 15:19 - 2015-08-14 15:19 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015768_1.tmp
    2015-08-14 15:00 - 2015-08-14 15:00 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017084_1.tmp
    2015-08-14 14:54 - 2015-08-14 14:54 - 00000520 _____ C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016568_1.tmp
    2015-08-14 14:41 - 2015-08-14 14:41 - 00000520 _____
     
  3. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Part Three of the results:

    \TempPSTEMPFILEon0809012768_1.tmp
    2015-08-03 00:29 - 2015-08-03 00:29 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809012796_1.tmp
    2015-08-13 11:30 - 2015-08-13 11:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809012900_1.tmp
    2015-08-28 23:43 - 2015-08-28 23:43 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013092_1.tmp
    2015-08-17 22:00 - 2015-08-17 22:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013364_1.tmp
    2015-07-21 19:27 - 2015-07-21 19:27 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013428_1.tmp
    2015-07-11 13:18 - 2015-07-11 13:18 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090134968_1.tmp
    2015-07-11 13:30 - 2015-07-11 13:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090135648_1.tmp
    2015-08-03 00:19 - 2015-08-03 00:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013684_1.tmp
    2015-08-19 10:46 - 2015-08-19 10:46 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013828_1.tmp
    2015-05-23 07:32 - 2015-05-23 07:32 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013832_1.tmp
    2015-05-07 19:45 - 2015-05-07 19:45 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013836_1.tmp
    2015-08-12 18:04 - 2015-08-12 18:04 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809013836_2.tmp
    2015-07-11 14:37 - 2015-07-11 14:37 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon08090142000_1.tmp
    2015-07-14 19:52 - 2015-07-14 19:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014368_1.tmp
    2015-05-23 07:30 - 2015-05-23 07:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014376_1.tmp
    2015-08-19 10:37 - 2015-08-19 10:37 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014476_1.tmp
    2015-07-13 22:38 - 2015-07-13 22:38 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014548_1.tmp
    2015-05-25 22:42 - 2015-05-25 22:42 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014672_1.tmp
    2015-07-23 00:56 - 2015-07-23 00:56 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014684_1.tmp
    2015-08-12 17:58 - 2015-08-12 17:58 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014692_1.tmp
    2015-05-25 22:46 - 2015-05-25 22:46 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014824_1.tmp
    2015-05-25 23:02 - 2015-05-25 23:02 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809014960_1.tmp
    2015-08-31 01:47 - 2015-08-31 01:47 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015312_1.tmp
    2015-06-08 16:14 - 2015-06-08 16:14 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015360_1.tmp
    2015-08-26 23:06 - 2015-08-26 23:06 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015396_1.tmp
    2015-08-28 23:30 - 2015-08-28 23:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015440_1.tmp
    2015-08-24 03:07 - 2015-08-24 03:07 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015576_1.tmp
    2015-08-14 15:19 - 2015-08-14 15:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015768_1.tmp
    2015-08-13 11:30 - 2015-08-13 11:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015836_1.tmp
    2015-06-20 09:01 - 2015-06-20 09:01 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015920_1.tmp
    2015-07-04 01:52 - 2015-07-04 01:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809015992_1.tmp
    2015-07-04 01:49 - 2015-07-04 01:49 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016008_1.tmp
    2015-08-13 21:03 - 2015-08-13 21:03 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016064_1.tmp
    2015-07-04 01:20 - 2015-07-04 01:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016112_1.tmp
    2015-08-14 03:23 - 2015-08-14 03:23 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016132_1.tmp
    2015-08-15 19:12 - 2015-08-15 19:12 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016168_1.tmp
    2015-07-10 11:38 - 2015-07-10 11:38 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016172_1.tmp
    2015-07-04 01:19 - 2015-07-04 01:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016288_1.tmp
    2015-07-23 00:56 - 2015-07-23 00:56 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016320_1.tmp
    2015-07-07 01:17 - 2015-07-07 01:17 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016328_1.tmp
    2015-08-29 00:14 - 2015-08-29 00:14 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016396_1.tmp
    2015-08-29 00:14 - 2015-08-29 00:14 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016420_1.tmp
    2015-08-28 23:30 - 2015-08-28 23:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016436_1.tmp
    2015-08-14 14:41 - 2015-08-14 14:41 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016440_1.tmp
    2015-08-24 03:05 - 2015-08-24 03:05 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016456_1.tmp
    2015-08-14 14:54 - 2015-08-14 14:54 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016568_1.tmp
    2015-08-14 20:30 - 2015-08-14 20:30 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016572_1.tmp
    2015-08-13 21:03 - 2015-08-13 21:03 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016576_1.tmp
    2015-08-29 15:18 - 2015-08-29 15:18 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016608_1.tmp
    2015-08-25 23:10 - 2015-08-25 23:10 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016668_1.tmp
    2015-08-03 00:20 - 2015-08-03 00:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016672_1.tmp
    2015-08-14 21:54 - 2015-08-14 21:54 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016816_1.tmp
    2015-08-29 15:51 - 2015-08-29 15:51 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016848_1.tmp
    2015-08-07 16:22 - 2015-08-07 16:22 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016864_1.tmp
    2015-08-31 01:51 - 2015-08-31 01:51 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016868_1.tmp
    2015-08-17 20:28 - 2015-08-17 20:28 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016880_1.tmp
    2015-06-26 23:21 - 2015-06-26 23:21 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016944_1.tmp
    2015-08-13 11:31 - 2015-08-13 11:31 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016992_1.tmp
    2015-08-03 00:20 - 2015-08-03 00:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809016996_1.tmp
    2015-08-28 04:00 - 2015-08-28 04:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017044_1.tmp
    2015-08-12 17:07 - 2015-08-12 17:07 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon080901704_1.tmp
    2015-08-14 15:00 - 2015-08-14 15:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017084_1.tmp
    2015-08-03 08:57 - 2015-08-03 08:57 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017144_1.tmp
    2015-05-23 03:03 - 2015-05-23 03:03 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017156_1.tmp
    2015-08-29 16:07 - 2015-08-29 16:07 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017176_1.tmp
    2015-07-30 14:47 - 2015-07-30 14:47 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017216_1.tmp
    2015-08-24 03:31 - 2015-08-24 03:31 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017280_1.tmp
    2015-08-14 20:20 - 2015-08-14 20:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017364_1.tmp
    2015-07-07 01:17 - 2015-07-07 01:17 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017372_1.tmp
    2015-08-25 23:05 - 2015-08-25 23:05 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017408_1.tmp
    2015-08-24 03:41 - 2015-08-24 03:41 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017428_1.tmp
    2015-08-12 17:15 - 2015-08-12 17:15 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017484_1.tmp
    2015-07-04 01:53 - 2015-07-04 01:53 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017596_1.tmp
    2015-07-04 01:52 - 2015-07-04 01:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017660_1.tmp
    2015-08-14 14:34 - 2015-08-14 14:34 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017660_2.tmp
    2015-05-25 23:04 - 2015-05-25 23:04 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon080901768_1.tmp
    2015-08-26 02:45 - 2015-08-26 02:45 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017736_1.tmp
    2015-07-04 01:47 - 2015-07-04 01:47 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017784_1.tmp
    2015-08-29 00:13 - 2015-08-29 00:13 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809017800_1.tmp
    2015-08-03 00:19 - 2015-08-03 00:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018092_1.tmp
    2015-05-23 07:33 - 2015-05-23 07:33 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018104_1.tmp
    2015-07-04 01:51 - 2015-07-04 01:51 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018108_1.tmp
    2015-08-15 12:20 - 2015-08-15 12:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018196_1.tmp
    2015-08-29 00:40 - 2015-08-29 00:40 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018260_1.tmp
    2015-08-15 12:19 - 2015-08-15 12:19 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018288_1.tmp
    2015-08-12 17:20 - 2015-08-12 17:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018324_1.tmp
    2015-07-28 04:55 - 2015-07-28 04:55 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018328_1.tmp
    2015-08-12 17:16 - 2015-08-12 17:16 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018464_1.tmp
    2015-07-28 04:54 - 2015-07-28 04:54 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018528_1.tmp
    2015-08-14 21:34 - 2015-08-14 21:34 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018584_1.tmp
    2015-07-28 04:52 - 2015-07-28 04:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018820_1.tmp
    2015-08-29 00:09 - 2015-08-29 00:09 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018864_1.tmp
    2015-08-07 16:22 - 2015-08-07 16:22 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018912_1.tmp
    2015-08-15 09:18 - 2015-08-15 09:18 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809018968_1.tmp
    2015-08-28 03:21 - 2015-08-28 03:21 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019012_1.tmp
    2015-08-29 17:52 - 2015-08-29 17:52 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019016_1.tmp
    2015-08-17 22:00 - 2015-08-17 22:00 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019172_1.tmp
    2015-08-17 21:59 - 2015-08-17 21:59 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019188_1.tmp
    2015-08-19 17:48 - 2015-08-19 17:48 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019228_1.tmp
    2015-08-15 14:08 - 2015-08-15 14:08 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019524_1.tmp
    2015-08-18 15:43 - 2015-08-18 15:43 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019656_1.tmp
    2015-08-03 00:20 - 2015-08-03 00:20 - 0000520 _____ () C:\Users\Chella\AppData\Local\TempPSTEMPFILEon0809019708_1.tmp

    Files to move or delete:
    ====================
    C:\Users\Chella\IE11-Windows6.1.exe


    Some files in TEMP:
    ====================
    C:\Users\Chella\AppData\Local\Temp\GLF197E.EXE
    C:\Users\Chella\AppData\Local\Temp\GLF2216.EXE
    C:\Users\Chella\AppData\Local\Temp\GLF84EE.EXE
    C:\Users\Chella\AppData\Local\Temp\GLF8A49.EXE
    C:\Users\Chella\AppData\Local\Temp\InstallIMVU_520.0.exe
    C:\Users\Chella\AppData\Local\Temp\jre-8u51-windows-au.exe
    C:\Users\Chella\AppData\Local\Temp\ose00000.exe
    C:\Users\Chella\AppData\Local\Temp\{82593E29-BFEC-4060-B8FC-CB4CFB69F697}-43.0.2357.124_chrome_installer.exe
    C:\Users\Chella\AppData\Local\Temp\{CBC63266-4876-4804-94A5-ECFBA463E2C0}-43.0.2357.81_chrome_installer.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-08-22 04:36

    ==================== End of FRST.txt ============================
     
  4. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Addition Text 1/2:


    Ran by Chella (2015-08-31 02:19:20)
    Running from C:\Users\Chella\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2430470121-453182706-2864623997-500 - Administrator - Disabled)
    Chella (S-1-5-21-2430470121-453182706-2864623997-1000 - Administrator - Enabled) => C:\Users\Chella
    Guest (S-1-5-21-2430470121-453182706-2864623997-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2430470121-453182706-2864623997-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.0.74 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\{E1915B85-E4E4-44E4-B26B-3D16B04D04FC}) (Version: 12.0.0.43 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
    Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.182 - ArcSoft)
    Auslogics Anti-Malware (HKLM-x32\...\{A5A6F7C9-F91E-45C7-8DAA-289CBB0C817D}_is1) (Version: 1.1.0.0 - Auslogics Labs Pty Ltd)
    Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.9.0.0 - Auslogics Labs Pty Ltd)
    Auslogics Driver Updater (HKLM-x32\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.5.0.0 - Auslogics Labs Pty Ltd)
    Avast Premier (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
    AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.51 - Conexant)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)
    FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    IMVU Avatar Chat Software (HKU\S-1-5-21-2430470121-453182706-2864623997-1000\...\IMVU Avatar chat client software BETA) (Version: - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Keyboard Shortcuts (HKLM-x32\...\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}) (Version: 1.1.0.08290 - Sony Corporation)
    KPStarOne Version 6.7.21 (HKLM-x32\...\{F4F50E78-2B3C-4616-8C27-057F7D8BB302}_is1) (Version: - StarOne SoftCraft Inc.)
    LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
    Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
    Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
    PhotoImpact Pro (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Nova Development)
    PhotoImpact Pro (x32 Version: 1.00.0000 - Nova Development) Hidden
    PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
    PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
    PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
    PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
    PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
    Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
    Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
    SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VAIO - Media Gallery (HKLM-x32\...\{DD696AF7-8A89-41D5-976A-2053E41A69BE}) (Version: 2.0.2.12040 - Sony Corporation)
    VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation)
    VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.01.06110 - Sony Corporation)
    VAIO Care (HKLM\...\{55A60C1D-BEBF-4249-BFB2-F4E5C2E77988}) (Version: 8.4.1.07021 - Sony Corporation)
    VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
    VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
    VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation)
    VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
    VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
    VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation)
    VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)
    VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
    VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation)
    VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.3 - Sony Corporation)
    VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
    VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
    VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
    VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
    VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
    WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
    Windows Driver Package - Realtek (RTL8167) Net (01/26/2011 7.040.0126.2011) (HKLM\...\63812D0D7BEF8B8C3ED280E01D1A599B1D9595F3) (Version: 01/26/2011 7.040.0126.2011 - Realtek)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    17-08-2015 02:53:13 Scheduled Checkpoint
    20-08-2015 14:43:15 avast! antivirus system restore point
    20-08-2015 14:45:28 Device Driver Package Install: Avast Network Service
    28-08-2015 15:32:36 Scheduled Checkpoint
    31-08-2015 00:21:12 Installed Atheros WiFi Driver Installation
    31-08-2015 00:27:54 Installed Atheros WiFi Driver Installation
    31-08-2015 01:09:10 Removed Atheros WiFi Driver Installation
    31-08-2015 01:13:54 Restore Operation
    31-08-2015 01:19:44 avast! antivirus system restore point
    31-08-2015 01:47:55 Removed PhotoStudio
    31-08-2015 01:49:10 Installed PhotoStudio

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {029404DB-3E99-4B3C-8B0D-8F3707A126D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {038FD647-B284-49BC-9B3A-3A3988FEFC9C} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Chella => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)
    Task: {11237F01-5181-4C3E-9543-FD62E3D90D1F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
    Task: {15ADB072-9F29-485C-95AD-1AB0AE4C9D06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {26CB1FF8-039B-4282-8C23-957E84EAA034} - System32\Tasks\{64835604-5305-4F1E-A2BB-FD93181AD6C7} => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe [2014-11-21] (Apple Inc.)
    Task: {27416643-8E90-46FD-A8A6-711BD2F1368B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-20] (AVAST Software)
    Task: {2D6898E4-29C3-431A-9E40-BE6C25744F3A} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
    Task: {2DB7F097-B424-48C1-A2CA-31A2B2E55133} - System32\Tasks\{94EC4117-5154-4432-B89B-3D82807CC92E} => pcalua.exe -a "C:\Users\Chella\AppData\Local\Apple\Apple Software Update\QuickTimeInstallerAdmin.exe" -d "C:\Users\Chella\AppData\Local\Apple\Apple Software Update"
    Task: {3708DB3D-CFCE-43C6-8F7F-44E8293D22A1} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {3CFAC0E0-9D25-47FF-8E20-54C8A6551EFC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
    Task: {3DFE69A0-0D1E-45D0-91F4-72A422AC0A5B} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {41B87F6D-6502-4E72-A03A-120B4E188841} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-08-31] ()
    Task: {4AC9B344-EA66-4F77-A3A2-F6231509DC6F} - System32\Tasks\{5C809A67-2BE6-45CC-B7DF-9CA142F6D6DA} => pcalua.exe -a "D:\Adobe Photoshop Elements\Setup.exe" -d "D:\Adobe Photoshop Elements"
    Task: {500C574D-3279-46C7-828C-3FB57CFA93F0} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
    Task: {5490A73A-DECF-4BC0-881E-1074E3A7AE3A} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-11-03] (Sony Corporation)
    Task: {56696B82-137E-462D-B2A0-F0186267F99F} - System32\Tasks\Sony Corporation\VAIO Care\GetSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {5AB7F562-68D4-410F-88E4-FB789F7BCEE2} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {6170F487-8267-4A5C-BBA8-40E60E9133C6} - System32\Tasks\{09CAB9A3-79F1-452D-84E6-AE0F34AD3115} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
    Task: {6664CCEB-B067-4658-9B9D-3098EE9677CC} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
    Task: {75D08CCC-47E8-4FE2-AB64-248EFE17D464} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {7A7A7AFC-7EE4-4539-A9A3-1529D448BFF7} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
    Task: {7DC21B2F-26CB-4046-8731-783997ABFC2C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
    Task: {8281CCC9-048A-4EE5-A43E-280379035AB9} - System32\Tasks\Auslogics\Anti-Malware\Start Anti-Malware оn Chella logon => C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe [2015-04-07] (Auslogics)
    Task: {82F1AABA-51D2-48D3-BDDB-006B15D6D336} - System32\Tasks\avastBCLRestartS-1-5-21-2430470121-453182706-2864623997-1000 => Chrome.exe
    Task: {8AD3A019-2034-4699-ABC2-E5C3B6EDC84C} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {8C672A9A-EC37-4FDF-A94D-5514439F7876} - System32\Tasks\{6762F4B7-138F-46C6-BB2C-B0B3384A5EC2} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{66081CDD-C1FE-415F-BB3A-F2622BA27461}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
    Task: {A5168ED8-0E23-4073-BB6C-A8790F53DCD9} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
    Task: {A7847D8B-1863-4B86-9ECD-582A5BF6C775} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
    Task: {AEB46FE2-DFF8-4593-9FA7-13F886B6E596} - System32\Tasks\{5C05EF6E-9FCC-4B79-A52D-9FF9FEF88553} => Chrome.exe http://ui.skype.com/ui/0/7.0.59.100/en/go/help.faq.installer?LastError=1618
    Task: {BAB39713-3E4F-4085-BC90-1553CECCA265} - System32\Tasks\{5D16CE0D-EF33-40C5-9487-3E70073E1320} => C:\Program Files (x86)\ArcSoft\WebCam Companion 4\Utility.exe
    Task: {D1479CDA-D5BA-46B8-8755-14E5ECCBA2E9} - System32\Tasks\{864505C4-0C42-4DE9-9DAB-0BAFA5F8B21A} => pcalua.exe -a "C:\Users\Chella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CLSAS2Z\SOAOTH-88972828-10C0.EXE" -d C:\Users\Chella\Desktop
    Task: {D941E4FD-9483-48DA-924B-80D9034D3F40} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {DB257131-2B6B-4D84-AA19-93C6170F49AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {E2DC1C3B-4CC8-4BF2-921E-D420389A3452} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {E6A41757-6C61-4B42-A87F-BAFF533B5550} - System32\Tasks\{AA587CC3-48F5-4907-ABA3-A8B612D19C08} => C:\Program Files\Sony\VAIO Care\VAIOCare.exe [2015-05-22] (Sony Corporation)
    Task: {E8C4ABCB-823A-4FBF-B6F1-26AF243FB323} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {ED6AFA9D-977D-45EE-A52F-D9F2F58D5A81} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {EDBA7F1E-7134-4DEB-B0A6-6F272D7B01A4} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
    Task: {EECA24B6-9B00-44FD-A6ED-78F96B4F28A7} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
    Task: {F80D2664-EA26-4F7F-B440-7721640F440A} - System32\Tasks\{68C15558-D697-40C3-A3E5-2D6B8258E558} => pcalua.exe -a "C:\Users\Chella\Downloads\AVG boot\avg_arl_ffi_all_120_141126a8645\setup.exe" -d "C:\Users\Chella\Downloads\AVG boot\avg_arl_ffi_all_120_141126a8645"
    Task: {F8DBC7BB-2C8C-4DE2-B94F-8103F3AFFB60} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
    Task: {FB0F3258-EC94-4125-9324-0989EF60FB4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-16 17:42 - 2015-04-16 17:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2013-11-01 15:59 - 2013-11-01 15:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
    2015-08-13 13:47 - 2015-08-13 13:47 - 00217568 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
    2015-08-13 13:47 - 2015-08-13 13:47 - 00221152 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\IMVUClient.exe
    2015-08-20 14:44 - 2015-08-20 14:44 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-08-20 14:44 - 2015-08-20 14:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-08-28 10:39 - 2015-08-28 10:39 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082800\algo.dll
    2015-08-31 01:25 - 2015-08-31 01:25 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15083002\algo.dll
    2014-10-18 12:24 - 2011-03-05 16:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
    2015-03-24 18:55 - 2015-03-24 18:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-10-17 00:34 - 2014-10-17 00:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
    2014-08-12 11:12 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-05-20 21:19 - 2015-05-20 21:19 - 00098304 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32api.pyd
    2015-05-20 21:19 - 2015-05-20 21:19 - 00109568 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pywintypes27.dll
    2015-05-20 21:19 - 2015-05-20 21:19 - 00110592 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32file.pyd
    2015-05-20 21:18 - 2015-05-20 21:18 - 00016896 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32event.pyd
    2015-05-20 21:19 - 2015-05-20 21:19 - 00087040 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_ctypes.pyd
    2015-05-20 21:18 - 2015-05-20 21:18 - 00166912 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32gui.pyd
    2015-05-20 21:19 - 2015-05-20 21:19 - 00046080 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_socket.pyd
    2015-05-20 21:19 - 2015-05-20 21:19 - 00028160 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_ssl.pyd
    2015-05-20 21:18 - 2015-05-20 21:18 - 00659456 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_imaging.pyd
    2015-05-20 22:06 - 2015-05-20 22:06 - 00911872 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_cal3d.pyd
    2015-05-20 21:29 - 2015-05-20 21:29 - 00216576 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\boost_python.dll
    2015-05-20 21:29 - 2015-05-20 21:29 - 00031744 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\CallStack.dll
    2015-05-20 21:30 - 2015-05-20 21:30 - 00360960 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\cal3d.dll
    2015-08-06 13:48 - 2015-08-06 13:48 - 01892352 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_avatarwindow.pyd
    2015-05-20 21:35 - 2015-05-20 21:35 - 00169984 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\zero.dll
    2015-05-20 21:35 - 2015-05-20 21:35 - 00052736 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pixmap.dll
    2015-08-06 13:46 - 2015-08-06 13:46 - 00920064 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\SceneWindow.dll
    2015-05-20 21:34 - 2015-05-20 21:34 - 00072704 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\ParticleLib.dll
    2015-05-20 21:37 - 2015-05-20 21:37 - 00014336 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\MemoryHook.dll
    2015-05-20 21:19 - 2015-05-20 21:19 - 00126976 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pyexpat.pyd
    2015-05-20 21:18 - 2015-05-20 21:18 - 00357888 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\pythoncom27.dll
    2015-05-20 21:18 - 2015-05-20 21:18 - 00265216 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32com.shell.shell.pyd
    2015-05-20 21:19 - 2015-05-20 21:19 - 00016384 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32clipboard.pyd
    2015-05-20 21:19 - 2015-05-20 21:19 - 00034816 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\win32process.pyd
    2015-05-20 22:08 - 2015-05-20 22:08 - 00059392 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_sqlite3.pyd
    2015-05-20 21:52 - 2015-05-20 21:52 - 00506368 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\sqlite3.dll
    2015-05-20 21:19 - 2015-05-20 21:19 - 00010240 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\select.pyd
    2015-05-20 22:08 - 2015-05-20 22:08 - 00044032 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_pylzma.pyd
    2015-08-06 13:49 - 2015-08-06 13:49 - 00131072 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_imvugecko.pyd
    2015-08-06 13:47 - 2015-08-06 13:47 - 00190976 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\imvugecko.dll
    2015-05-20 21:07 - 2015-05-20 21:07 - 00872448 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\js3250.dll
    2015-05-20 22:08 - 2015-05-20 22:08 - 00135680 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_libzero.pyd
    2015-08-06 13:49 - 2015-08-06 13:49 - 00083968 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\_imvuflash.pyd
    2015-08-06 13:47 - 2015-08-06 13:47 - 00111104 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\imvuflash.dll
    2015-05-20 21:45 - 2015-05-20 21:45 - 00010752 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\nphwndproxy.dll
    2015-05-20 21:24 - 2015-05-20 21:24 - 17024688 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\NPSWF32.dll
    2015-05-20 21:19 - 2015-05-20 21:19 - 00686080 _____ () C:\Users\Chella\AppData\Roaming\IMVUClient\unicodedata.pyd
    2015-08-21 09:13 - 2015-08-18 01:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
    2015-08-21 09:13 - 2015-08-18 01:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
    2015-08-21 09:13 - 2015-08-18 01:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59551415.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59551415.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
  5. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Second half of addition text:



    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2430470121-453182706-2864623997-1000\...\google.com -> hxxps://www.google.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chella\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Chella^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeBridge =>
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{0FFBFC94-0AE3-4D77-AC79-ED36F6F195C7}C:\program files\sony\vaio care\vcsystemtray.exe] => (Block) C:\program files\sony\vaio care\vcsystemtray.exe
    FirewallRules: [UDP Query User{D87AAD19-D954-4296-B84C-4B853B497BA3}C:\program files\sony\vaio care\vcsystemtray.exe] => (Block) C:\program files\sony\vaio care\vcsystemtray.exe
    FirewallRules: [TCP Query User{021259DD-243E-4D0E-A156-19EFDC29DD44}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{DEE6D984-27D5-415A-8AB6-C2FBE6AE1D6F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
    FirewallRules: [TCP Query User{CE3AB105-6970-42B8-99A8-70C1ECDD396C}C:\program files\sony\vaio care\vcadmin.exe] => (Block) C:\program files\sony\vaio care\vcadmin.exe
    FirewallRules: [UDP Query User{48D809CC-2FB0-4C65-B8DB-E2A20258979A}C:\program files\sony\vaio care\vcadmin.exe] => (Block) C:\program files\sony\vaio care\vcadmin.exe
    FirewallRules: [{9993BC1C-CDF9-4175-9D47-09680E9F1F1B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
    FirewallRules: [{0D0DA385-1B6F-40AB-A019-5D0328A2234F}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    FirewallRules: [{903A92BF-CC30-42D8-BF9D-6164BCDF3346}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{FC01E7CD-2C63-4E0B-B2B9-828136CA7215}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: avast! SecureLine TAP Adapter v3
    Description: avast! SecureLine TAP Adapter v3
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: aswTap
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/31/2015 01:49:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/31/2015 01:47:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/31/2015 01:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca28
    Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef
    Exception code: 0xc0000005
    Fault offset: 0x5f16cce9
    Faulting process id: 0x1a88
    Faulting application start time: 0xregsvr32.exe0
    Faulting application path: regsvr32.exe1
    Faulting module path: regsvr32.exe2
    Report Id: regsvr32.exe3

    Error: (08/31/2015 01:21:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/31/2015 01:20:32 AM) (Source: System Restore) (EventID: 8210) (User: )
    Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0xc0000022.

    Error: (08/31/2015 01:19:18 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (08/31/2015 01:14:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: VCAgent.exe, version: 8.4.3.7130, time stamp: 0x559f78d9
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
    Exception code: 0xe0434352
    Fault offset: 0x000000000000940d
    Faulting process id: 0x15dc
    Faulting application start time: 0xVCAgent.exe0
    Faulting application path: VCAgent.exe1
    Faulting module path: VCAgent.exe2
    Report Id: VCAgent.exe3

    Error: (08/31/2015 01:14:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: VCAgent.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
    Stack:
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
    at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
    at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
    at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
    at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
    at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Application.RunInternal(System.Windows.Window)
    at System.Windows.Application.Run()
    at VCAgent.App.Main()

    Error: (08/31/2015 01:14:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: VCSystemTray.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
    Stack:
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
    at VCSystemTray.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
    at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
    at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
    at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
    at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Application.RunInternal(System.Windows.Window)
    at System.Windows.Application.Run()
    at VCSystemTray.App.Main()

    Error: (08/31/2015 01:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
    Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
    Exception code: 0x40000015
    Fault offset: 0x00052d24
    Faulting process id: 0x15d8
    Faulting application start time: 0xjucheck.exe0
    Faulting application path: jucheck.exe1
    Faulting module path: jucheck.exe2
    Report Id: jucheck.exe3


    System errors:
    =============
    Error: (08/31/2015 01:23:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Defender service terminated with the following error:
    %%-2147023113

    Error: (08/31/2015 01:19:09 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

    Error: (08/31/2015 01:19:09 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

    Error: (08/31/2015 01:19:09 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

    Error: (08/31/2015 01:18:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Modules Installer service failed to start due to the following error:
    %%5

    Error: (08/31/2015 01:14:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Modules Installer service failed to start due to the following error:
    %%5

    Error: (08/31/2015 01:14:15 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 5TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

    Error: (08/31/2015 12:34:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Defender service terminated with the following error:
    %%-2147023113

    Error: (08/31/2015 12:31:33 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

    Error: (08/31/2015 12:31:33 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.


    Microsoft Office:
    =========================
    Error: (08/31/2015 01:49:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

    System Error:
    The system cannot find the file specified.

    Error: (08/31/2015 01:47:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

    System Error:
    The system cannot find the file specified.

    Error: (08/31/2015 01:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: regsvr32.exe6.1.7600.163854a5bca28QuickTime.qts_unloaded0.0.0.055c3a9efc00000055f16cce91a8801d0e3ae7d182fd0C:\Windows\SysWOW64\regsvr32.exeQuickTime.qtsbe267896-4fa1-11e5-9e3c-f0bf9702ec89

    Error: (08/31/2015 01:21:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/31/2015 01:20:32 AM) (Source: System Restore) (EventID: 8210) (User: )
    Description: Scheduled Checkpoint0xc0000022

    Error: (08/31/2015 01:19:18 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

    Error: (08/31/2015 01:14:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: VCAgent.exe8.4.3.7130559f78d9KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d15dc01d0e3abb5543f5eC:\Program Files\Sony\VAIO Care\VCAgent.exeC:\Windows\system32\KERNELBASE.dll203c4f08-4f9f-11e5-9dea-f0bf9702ec89

    Error: (08/31/2015 01:14:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: VCAgent.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
    Stack:
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
    at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
    at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
    at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
    at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
    at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Application.RunInternal(System.Windows.Window)
    at System.Windows.Application.Run()
    at VCAgent.App.Main()

    Error: (08/31/2015 01:14:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: VCSystemTray.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ComponentModel.Composition.ImportCardinalityMismatchException
    Stack:
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
    at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
    at VCSystemTray.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
    at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
    at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
    at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
    at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
    at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
    at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
    at System.Windows.Application.RunInternal(System.Windows.Window)
    at System.Windows.Application.Run()
    at VCSystemTray.App.Main()

    Error: (08/31/2015 01:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d2415d801d0e3abb6177035C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exef685f1fb-4f9e-11e5-9dea-f0bf9702ec89


    CodeIntegrity:
    ===================================
    Date: 2015-08-31 00:31:26.002
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-31 00:31:25.862
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-31 00:25:12.348
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-31 00:25:12.161
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-31 00:22:36.128
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-31 00:22:36.035
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-31 00:22:32.962
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-31 00:22:32.884
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-24 15:29:17.898
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP51.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-23 20:24:50.396
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP51.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 52%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 2864.18 MB
    Total Virtual: 15226.04 MB
    Available Virtual: 11647.71 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:454.74 GB) (Free:381.9 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97CC3329)
    Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=454.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  6. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

    Did you intend this to be posted to the Virus and Malware removal forum?
    If so... No worries...
    A) Did you follow all the steps and post all your results. (I did not check; just asking).
    B) A moderator will be able to move your thread for you.
    .
    Note: As it appeared to be a request for help with Malware,
    I took the initiative to move it.
    Good Luck!
     
    Last edited: Aug 31, 2015
    queenofgoddess likes this.
  7. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Are you getting any error messages about some "navcancl" missing?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
    Last edited: Sep 1, 2015
  8. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Hi Again,

    Thank you for your assistance.
    RogueKiller V10.10.3.0 [Aug 31 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600) 64 bits version
    Started in : Normal mode
    User : Chella [Administrator]
    Started from : C:\Users\Chella\Desktop\RogueKiller (1).exe
    Mode : Scan -- Date : 09/01/2015 17:43:45

    ¤¤¤ Processes : 1 ¤¤¤
    [VT.UnclassifiedMalware] LavasoftTcpService.exe(1888) -- C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 3 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BPVT-55HXZT3 +++++
    --- User ---
    [MBR] e583299b340522f5d38fd0374c4e9c8a
    [BSP] 6be45ab863d34c4481b3edf27b190064 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11182 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 22902784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 23107584 | Size: 465656 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    I am following the next steps
     
  9. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    You didn't answer my question:

    [​IMG] Are you getting any error messages about some "navcancl" missing?
     
  10. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akadomains, 11,
    Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akaips, 11,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.1.3,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.1.7,

    (end)
     
  11. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    The above is incorrect.
    You need to post "scan" log from MBAM.

    You still didn't answer my question.
     
  12. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Oh my apologies .Let me correct that and answer your question.
     
  13. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akadomains, 11,
    Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akaips, 11,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.1.3,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.1.7,

    Are you getting any error messages about some "navcancl" missing?

    Answer- Yes I am when I am trying to use my photo editing software.
     
  14. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    I have now restarted that computer and am going to run the junkware removal tool
     
  15. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    This not correct log.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    • open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
     
  17. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    # AdwCleaner v5.005 - Logfile created 02/09/2015 at 00:11:48
    # Updated 31/08/2015 by Xplode
    # Database : 2015-08-31.2 [Server]
    # Operating system : Windows 7 Ultimate (x64)
    # Username : Chella - CHELLA-PC
    # Running from : C:\Users\Chella\Desktop\adwcleaner_5.005.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    [-] Key Deleted : HKLM\SOFTWARE\DeviceVM
    [-] Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
    [-] Key Deleted : HKU\S-1-5-21-2430470121-453182706-2864623997-1000\Software\AppDataLow\Software\adawarebp

    ***** [ Web browsers ] *****

    [-] [C:\Users\Chella\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3032 bytes] ##########
     
  18. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    [​IMG] Please download Junkware Removal Tool to your desktop.

    This does not seem to be working ....Is there an alternative tool I may use?

    Thanking you in advance

    QG
     
  19. Broni

    Broni Malware Annihilator Posts: 52,905   +344

  20. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Yes sorry for the delay. I got blue screened
     
  21. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akadomains, 11,
    Error, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Update, Bad md5 or size: akaips, 11,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.1.3,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,
    Update, 9/1/2015 7:53 PM, SYSTEM, CHELLA-PC, Manual, Malware Database, 2015.6.3.3, 2015.9.1.7,
    Error, 9/1/2015 10:38 PM, SYSTEM, CHELLA-PC, Protection, IsLicensed, 13,
    Protection, 9/1/2015 10:38 PM, SYSTEM, CHELLA-PC, Protection, Malware Protection, Stopping,
    Protection, 9/1/2015 10:38 PM, SYSTEM, CHELLA-PC, Protection, Malware Protection, Stopped,

    (end)
     
  22. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    I reran the roguekiller tool and I saw something that piqued my curiosity.
    Why at the bottom of the results does it mention "Acer Computer"


    RogueKiller V10.10.3.0 [Aug 31 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Chella [Administrator]
    Started from : C:\Users\Chella\Desktop\RogueKiller (1).exe
    Mode : Scan -- Date : 09/02/2015 15:59:14

    ¤¤¤ Processes : 1 ¤¤¤
    [VT.UnclassifiedMalware] LavasoftTcpService.exe(2280) -- C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 3 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{99229688-6057-4072-A041-6B8DCAF4506C} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BPVT-55HXZT3 +++++
    --- User ---
    [MBR] e583299b340522f5d38fd0374c4e9c8a
    [BSP] 6be45ab863d34c4481b3edf27b190064 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11182 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 22902784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 23107584 | Size: 465656 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  23. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] C:\Program Files (x86)\trademanager
    Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
    Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
    Successfully deleted: [Folder] C:\Users\Chella\AppData\Roaming\imvuclient
    Successfully deleted: [Folder] C:\Users\Chella\AppData\Roaming\lavasoft\web companion



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic

    [C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
    gpdjojdkbbmdfjfahjcgigfpmkopogic

    [C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Chella\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    [
    gpdjojdkbbmdfjfahjcgigfpmkopogic
    ]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 09/02/2015 at 21:57:23.87
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  24. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Not sure what you mean.

    MBAM log is still incorrect.
    You posted "Protection" log instead of "Scan" log.
     
  25. queenofgoddess

    queenofgoddess TS Rookie Topic Starter Posts: 17

    Ok. Running it again
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...