Bob Habart
Posts: 12 +0
Tech Forum Support,
FRST.txt
Went to docs. google.com to get a manual and got this message
Call Microsoft to Unlock your computer
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Bill (administrator) on BILL-VAIO (23-04-2018 12:50:48)
Running from C:\Users\Bill\Music\Desktop
Loaded Profiles: Bill & UpdatusUser (Available Profiles: boinc_master & Bill & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\AstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272 2010-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-03] (Google Inc.)
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\Run: [Google Update] => C:\Users\Bill\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\MountPoints2: {04bb862f-d31d-11e7-8ef5-c0cb38fb0689} - D:\picasa36-setup.exe
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\MountPoints2: {3c84a984-5271-11e0-896b-c0cb38fb0689} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\MountPoints2: {83470220-395f-11e0-9cdc-544249f16790} - D:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-11-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4ADD4B33-0FF5-43E5-894E-1E2368E5DE0B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{78AF1F77-A106-43A9-B0B5-19895A0C28A8}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-28] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-03] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-28] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-02] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @citrixonline.com/appdetectorplugin -> C:\Users\Bill\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @talk.google.com/GoogleTalkPlugin -> C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @talk.google.com/O1DPlugin -> C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT"
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2018-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-18]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Ast Service; C:\Windows\SysWOW64\\AstSrv.exe [57344 2007-02-16] (Nalpeiron Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1656600 2016-03-31] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl69d946da; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F023BDDD-4F05-4FDA-BB47-C82408FC55CE}\MpKsl69d946da.sys [58120 2018-04-23] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 TVICHW32; C:\Windows\system32\DRIVERS\TVICHW32.SYS [21200 2013-10-11] (EnTech Taiwan)
S3 TVICHW32; C:\Windows\SysWOW64\DRIVERS\TVICHW32.SYS [29536 2013-10-11] (EnTech Taiwan)
U2 MSSQL$DDNI; no ImagePath
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
S3 semav6thermal64ro; \??\C:\Windows\system32\drivers\semav6thermal64ro.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-20 16:46 - 2018-04-20 16:46 - 003015529 _____ C:\Users\Bill\Documents\IT 8020 instructions.pdf
2018-04-17 19:50 - 2018-04-18 08:10 - 000009902 _____ C:\Users\Bill\Documents\Line Items for Transfer.xlsx
2018-04-14 17:54 - 2018-04-14 17:57 - 000005632 ___SH C:\Users\Bill\Documents\Thumbs.db
2018-04-14 17:30 - 2018-04-14 17:30 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-14 17:26 - 2018-04-14 17:26 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2018-04-14 17:26 - 2018-04-14 17:26 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-23 12:50 - 2017-04-03 15:30 - 000000000 ____D C:\FRST
2018-04-23 12:49 - 2016-09-21 15:35 - 000000528 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2799643452-2932677957-2045640459-1005.job
2018-04-23 11:43 - 2016-09-21 15:35 - 000000624 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2799643452-2932677957-2045640459-1005.job
2018-04-23 10:52 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\tracing
2018-04-23 10:38 - 2015-09-21 21:00 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-04-23 10:31 - 2011-02-13 19:01 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{44CF6C4A-FA1D-4D97-890F-2C68C35F6FC5}
2018-04-23 10:22 - 2009-07-13 21:45 - 000010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-23 10:22 - 2009-07-13 21:45 - 000010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-23 10:20 - 2009-07-13 22:13 - 000800292 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-23 10:20 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-04-23 10:13 - 2012-10-20 09:25 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-04-23 10:13 - 2010-09-19 09:27 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-23 10:13 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-21 09:37 - 2018-03-09 08:10 - 000000000 ____D C:\Users\Bill\AppData\Local\GoToMeeting
2018-04-21 09:37 - 2016-09-21 15:35 - 000003654 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2799643452-2932677957-2045640459-1005
2018-04-21 09:37 - 2016-09-21 15:35 - 000003558 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2799643452-2932677957-2045640459-1005
2018-04-21 09:37 - 2011-02-13 18:55 - 000000000 ____D C:\Users\Bill
2018-04-17 08:02 - 2011-02-15 17:12 - 000000000 ____D C:\Users\Bill\AppData\Local\Microsoft Help
2018-04-14 17:35 - 2013-10-11 14:24 - 000000000 ____D C:\Windows\system32\MRT
2018-04-14 17:30 - 2011-02-20 15:31 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-12 15:32 - 2018-03-13 14:32 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-12 15:32 - 2012-07-11 19:58 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-12 15:32 - 2012-07-11 19:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-12 15:32 - 2012-07-11 19:57 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-12 15:32 - 2012-02-13 11:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-12 15:32 - 2010-11-03 13:09 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-07 07:21 - 2017-03-30 14:10 - 000000000 ____D C:\Users\Bill\Documents\TurboTax
2018-04-07 06:45 - 2016-03-31 11:53 - 000000000 ____D C:\Users\UpdatusUser
==================== Files in the root of some directories =======
2017-04-11 16:39 - 2017-04-11 16:42 - 007639040 _____ () C:\Program Files (x86)\GUT9675.tmp
Some files in TEMP:
====================
2017-04-14 09:25 - 2017-04-14 09:25 - 000000000 _____ () C:\Users\Bill\AppData\Local\Temp\8c8ml97p.dll
2012-08-22 20:38 - 2012-08-22 20:38 - 000248008 _____ (Ask.com) C:\Users\Bill\AppData\Local\Temp\AskSLib.dll
2017-04-04 08:50 - 2017-04-03 11:18 - 001732032 _____ (Microsoft Corporation) C:\Users\Bill\AppData\Local\Temp\dllnt_dump.dll
2014-04-19 09:40 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF3C78.EXE
2014-04-19 09:40 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF44A4.EXE
2013-10-11 15:12 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF5249.EXE
2014-03-15 09:19 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF541D.EXE
2013-10-11 15:12 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF5871.EXE
2014-03-15 09:19 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF5B6E.EXE
2013-10-11 14:53 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF7F32.EXE
2013-10-11 15:05 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF7F9F.EXE
2013-10-11 14:53 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF8377.EXE
2013-10-11 15:05 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF8645.EXE
2014-05-17 09:17 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF8A1B.EXE
2014-05-17 09:17 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF90DF.EXE
2013-10-11 15:01 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFAD44.EXE
2013-10-11 15:01 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFB2F0.EXE
2013-10-11 15:39 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFC8DF.EXE
2013-10-11 15:39 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFCD24.EXE
2014-05-28 18:15 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFE13F.EXE
2013-10-11 16:12 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFE4B8.EXE
2013-10-11 16:12 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFE8DE.EXE
2014-05-28 18:15 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFEA54.EXE
2014-06-13 10:28 - 2014-06-13 10:28 - 000000000 _____ () C:\Users\Bill\AppData\Local\Temp\GURCA05.exe
2013-02-22 15:39 - 2013-03-04 14:06 - 000186368 _____ (Sony Corporation) C:\Users\Bill\AppData\Local\Temp\VCPerfService32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-17 07:53
==================== End of FRST.txt ============================
FRST.txt
Went to docs. google.com to get a manual and got this message
Call Microsoft to Unlock your computer
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Bill (administrator) on BILL-VAIO (23-04-2018 12:50:48)
Running from C:\Users\Bill\Music\Desktop
Loaded Profiles: Bill & UpdatusUser (Available Profiles: boinc_master & Bill & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\AstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272 2010-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-03] (Google Inc.)
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\Run: [Google Update] => C:\Users\Bill\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\MountPoints2: {04bb862f-d31d-11e7-8ef5-c0cb38fb0689} - D:\picasa36-setup.exe
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\MountPoints2: {3c84a984-5271-11e0-896b-c0cb38fb0689} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\...\MountPoints2: {83470220-395f-11e0-9cdc-544249f16790} - D:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-11-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4ADD4B33-0FF5-43E5-894E-1E2368E5DE0B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{78AF1F77-A106-43A9-B0B5-19895A0C28A8}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-2799643452-2932677957-2045640459-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-28] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-03] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-28] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2799643452-2932677957-2045640459-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-02] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @citrixonline.com/appdetectorplugin -> C:\Users\Bill\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @talk.google.com/GoogleTalkPlugin -> C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @talk.google.com/O1DPlugin -> C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2799643452-2932677957-2045640459-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Bill\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT"
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2018-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-18]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Ast Service; C:\Windows\SysWOW64\\AstSrv.exe [57344 2007-02-16] (Nalpeiron Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1656600 2016-03-31] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl69d946da; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F023BDDD-4F05-4FDA-BB47-C82408FC55CE}\MpKsl69d946da.sys [58120 2018-04-23] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 TVICHW32; C:\Windows\system32\DRIVERS\TVICHW32.SYS [21200 2013-10-11] (EnTech Taiwan)
S3 TVICHW32; C:\Windows\SysWOW64\DRIVERS\TVICHW32.SYS [29536 2013-10-11] (EnTech Taiwan)
U2 MSSQL$DDNI; no ImagePath
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
S3 semav6thermal64ro; \??\C:\Windows\system32\drivers\semav6thermal64ro.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-20 16:46 - 2018-04-20 16:46 - 003015529 _____ C:\Users\Bill\Documents\IT 8020 instructions.pdf
2018-04-17 19:50 - 2018-04-18 08:10 - 000009902 _____ C:\Users\Bill\Documents\Line Items for Transfer.xlsx
2018-04-14 17:54 - 2018-04-14 17:57 - 000005632 ___SH C:\Users\Bill\Documents\Thumbs.db
2018-04-14 17:30 - 2018-04-14 17:30 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-14 17:26 - 2018-04-14 17:26 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2018-04-14 17:26 - 2018-04-14 17:26 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-23 12:50 - 2017-04-03 15:30 - 000000000 ____D C:\FRST
2018-04-23 12:49 - 2016-09-21 15:35 - 000000528 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2799643452-2932677957-2045640459-1005.job
2018-04-23 11:43 - 2016-09-21 15:35 - 000000624 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2799643452-2932677957-2045640459-1005.job
2018-04-23 10:52 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\tracing
2018-04-23 10:38 - 2015-09-21 21:00 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-04-23 10:31 - 2011-02-13 19:01 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{44CF6C4A-FA1D-4D97-890F-2C68C35F6FC5}
2018-04-23 10:22 - 2009-07-13 21:45 - 000010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-23 10:22 - 2009-07-13 21:45 - 000010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-23 10:20 - 2009-07-13 22:13 - 000800292 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-23 10:20 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-04-23 10:13 - 2012-10-20 09:25 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-04-23 10:13 - 2010-09-19 09:27 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-23 10:13 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-21 09:37 - 2018-03-09 08:10 - 000000000 ____D C:\Users\Bill\AppData\Local\GoToMeeting
2018-04-21 09:37 - 2016-09-21 15:35 - 000003654 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2799643452-2932677957-2045640459-1005
2018-04-21 09:37 - 2016-09-21 15:35 - 000003558 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2799643452-2932677957-2045640459-1005
2018-04-21 09:37 - 2011-02-13 18:55 - 000000000 ____D C:\Users\Bill
2018-04-17 08:02 - 2011-02-15 17:12 - 000000000 ____D C:\Users\Bill\AppData\Local\Microsoft Help
2018-04-14 17:35 - 2013-10-11 14:24 - 000000000 ____D C:\Windows\system32\MRT
2018-04-14 17:30 - 2011-02-20 15:31 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-12 15:32 - 2018-03-13 14:32 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-12 15:32 - 2012-07-11 19:58 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-12 15:32 - 2012-07-11 19:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-12 15:32 - 2012-07-11 19:57 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-12 15:32 - 2012-02-13 11:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-12 15:32 - 2010-11-03 13:09 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-07 07:21 - 2017-03-30 14:10 - 000000000 ____D C:\Users\Bill\Documents\TurboTax
2018-04-07 06:45 - 2016-03-31 11:53 - 000000000 ____D C:\Users\UpdatusUser
==================== Files in the root of some directories =======
2017-04-11 16:39 - 2017-04-11 16:42 - 007639040 _____ () C:\Program Files (x86)\GUT9675.tmp
Some files in TEMP:
====================
2017-04-14 09:25 - 2017-04-14 09:25 - 000000000 _____ () C:\Users\Bill\AppData\Local\Temp\8c8ml97p.dll
2012-08-22 20:38 - 2012-08-22 20:38 - 000248008 _____ (Ask.com) C:\Users\Bill\AppData\Local\Temp\AskSLib.dll
2017-04-04 08:50 - 2017-04-03 11:18 - 001732032 _____ (Microsoft Corporation) C:\Users\Bill\AppData\Local\Temp\dllnt_dump.dll
2014-04-19 09:40 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF3C78.EXE
2014-04-19 09:40 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF44A4.EXE
2013-10-11 15:12 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF5249.EXE
2014-03-15 09:19 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF541D.EXE
2013-10-11 15:12 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF5871.EXE
2014-03-15 09:19 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF5B6E.EXE
2013-10-11 14:53 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF7F32.EXE
2013-10-11 15:05 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF7F9F.EXE
2013-10-11 14:53 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF8377.EXE
2013-10-11 15:05 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF8645.EXE
2014-05-17 09:17 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLF8A1B.EXE
2014-05-17 09:17 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLF90DF.EXE
2013-10-11 15:01 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFAD44.EXE
2013-10-11 15:01 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFB2F0.EXE
2013-10-11 15:39 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFC8DF.EXE
2013-10-11 15:39 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFCD24.EXE
2014-05-28 18:15 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFE13F.EXE
2013-10-11 16:12 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Bill\AppData\Local\Temp\GLFE4B8.EXE
2013-10-11 16:12 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFE8DE.EXE
2014-05-28 18:15 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Bill\AppData\Local\Temp\GLFEA54.EXE
2014-06-13 10:28 - 2014-06-13 10:28 - 000000000 _____ () C:\Users\Bill\AppData\Local\Temp\GURCA05.exe
2013-02-22 15:39 - 2013-03-04 14:06 - 000186368 _____ (Sony Corporation) C:\Users\Bill\AppData\Local\Temp\VCPerfService32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-17 07:53
==================== End of FRST.txt ============================