niffix
2015-07-21, 21:39
Hi
There are some persistent 'low-level' threats that Spybot finds but does not remove. How can I remove these please? I am using Spybot 2.4.40.0 free version. The latest Spybot 'Results' are pasted below, and after that I have added the Threat 'Rule#' codes. Below that are pasted the FRST log, the Additional log and aswMBR log.
The Windows result, 1E4E2003, is also on another computer.
Thank you
------------------------------------------------------------------------------------------------------
SPYBOT SCAN RESULTS
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Office\12.0\Word\File MRU
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cache: [SBI $49804B54] Browser: Cache (5) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (4) (Browser: History, nothing done)
-------------------------------------------------------------------------------------------------------
Each of the above appears on Spybot's Results screen marked as the following 'Rule#' :
MS Office 12: E357B233
Windows: 1E4E2003
Windows: 1E4E2003
Windows Explorer: 7308A845
Windows Explorer: D20DA0AD
Cache: 49804B4
History: 49804B4
------------------------------------------------------------------------------------------------------
FRST RESULTS
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Username (administrator) on Computer on 21-07-2015 13:02:29
Running from C:\Users\Username\Desktop
Loaded Profiles: Username (Available Profiles: Username)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-
tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208
2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06]
(Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel
Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software
Technologies Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking
Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30]
(Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680
2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Run: [BingSvc] => C:\Users\Username\AppData\Local\Microsoft\BingSvc\BingSvc.exe
[144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion
\Application\WebCompanion.exe [1381648 2015-06-08] (Lavasoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast
\ashShA64.dll [2015-07-19] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2902823387-23996999-410341740-1001] => localhost:21320
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ixquick.com/
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://vaioportal.sony.eu
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
https://www.yahoo.co.uk/
SearchScopes: HKU\S-1-5-21-2902823387-23996999-410341740-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5BF70654-7BED-4BFD-8BDE-CCCE2D5530D4}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FD3DA010-9786-4015-8D34-B01C7DAECC94}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default
FF DefaultSearchEngine: Search By ZoneAlarm
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://ixquick.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-11-29] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components
\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-
05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-11]
(Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App
\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2902823387-23996999-410341740-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin
\npAppUp.dll [2013-02-19] (Intel)
FF Plugin HKU\S-1-5-21-2902823387-23996999-410341740-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin
\npAppUp_x64.dll [2013-02-19] (Intel)
FF user.js: detected! => C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default\user.js [2014-12-14]
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default\searchplugins\ixquick-https.xml [2014
-05-12]
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default\searchplugins\zonealarm.xml [2014-12-
14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome
\aswWebRepChrome.crx [2015-03-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-19] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824
2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel
Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08]
(Lavasoft Limited)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony
Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony
Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816
2015-06-08] ()
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony
Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation)
[File not signed]
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [93712 2014-07-03] (Check Point Software
Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-19] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-12-12] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-19] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-12-30] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 13:02 - 2015-07-21 13:03 - 00017707 _____ C:\Users\Username\Desktop\FRST.txt
2015-07-21 12:29 - 2015-07-21 13:02 - 00000000 ____D C:\FRST
2015-07-21 12:26 - 2015-07-21 12:27 - 02135552 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2015-07-20 11:23 - 2015-07-20 11:23 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-VAIO-Windows-8.1-(64-bit).dat
2015-07-20 11:21 - 2015-07-20 11:21 - 00000000 ____D C:\RegBackup
2015-07-20 11:20 - 2015-07-20 11:20 - 00002247 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-20 11:16 - 2015-07-20 11:16 - 04720448 _____ C:\Users\Username\Downloads\tweaking.com_registry_backup_setup(1).exe
2015-07-20 11:15 - 2015-07-20 11:15 - 04720448 _____ C:\Users\Username\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-20 11:11 - 2015-07-20 16:53 - 00000154 _____ C:\WINDOWS\setupact.log
2015-07-20 11:11 - 2015-07-20 11:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-20 11:09 - 2015-07-20 11:09 - 00005400 _____ C:\Users\Username\Documents\cc_20150720_110932.reg
2015-07-19 23:02 - 2015-07-19 23:02 - 00001087 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-07-19 23:00 - 2015-07-19 23:00 - 04184064 _____ (BrightFort LLC ) C:\Users\Username\Downloads\spywareblastersetup52.exe
2015-07-19 21:30 - 2015-07-19 21:30 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-19 21:30 - 2015-07-19 21:30 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-19 21:24 - 2015-07-19 21:24 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Username\Downloads
\avast_free_antivirus_setup_online_cnet.exe
2015-07-15 18:54 - 2015-07-03 14:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-15 18:54 - 2015-07-03 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 18:54 - 2015-07-03 14:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-15 18:54 - 2015-07-03 14:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 18:54 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 18:54 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 18:54 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 18:54 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 18:54 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 18:54 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 18:54 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 18:54 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 18:54 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 18:54 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 18:54 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 18:54 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 18:54 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 18:54 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 18:54 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 18:54 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 18:54 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 18:54 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 18:54 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 18:54 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 18:54 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 18:54 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 18:54 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 18:54 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 18:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-15 18:53 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 18:53 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 18:53 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 18:53 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 18:53 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 18:52 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 18:52 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 18:52 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 18:52 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 18:52 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 18:52 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 18:52 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 18:52 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 18:52 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 18:52 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 18:52 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 18:52 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 18:52 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 18:52 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 18:52 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 18:52 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 18:52 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 18:52 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 18:52 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 18:52 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 18:52 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 18:52 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 18:52 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 18:52 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 18:52 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 18:52 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 18:52 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 18:52 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 18:52 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 18:52 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 18:52 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 18:52 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 18:52 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 18:52 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 18:52 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 18:52 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 18:52 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 18:51 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 18:51 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 18:51 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 18:51 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 18:51 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 18:51 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-15 18:51 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-15 11:52 - 2015-07-16 09:54 - 00000000 ____D C:\Users\Username\Desktop\Filename
2015-07-15 11:41 - 2015-07-15 11:48 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 11:05 - 2015-07-15 11:06 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 11:04 - 2015-07-15 11:05 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 11:04 - 2015-07-15 11:04 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 10:12 - 2015-07-21 12:41 - 01327720 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-15 10:11 - 2015-07-15 10:11 - 00000448 _____ C:\Users\Username\Documents\filename.reg
2015-07-15 10:07 - 2015-07-15 10:07 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-07-15 10:07 - 2015-07-15 10:07 - 00000000 ____D C:\Users\James\AppData\Local\Packages
2015-07-15 10:07 - 2015-07-15 10:07 - 00000000 ____D C:\Users\Username
2015-07-14 22:54 - 2015-07-14 22:55 - 00018392 _____ C:\Users\Username\Documents\cc_20150714_225440.reg
2015-07-14 20:00 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-07-14 20:00 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-07-14 20:00 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-07-14 20:00 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-07-14 20:00 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2015-07-14 20:00 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2015-07-14 20:00 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2015-07-14 20:00 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2015-07-14 17:57 - 2015-07-14 18:38 - 00002912 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-14 17:57 - 2015-07-14 18:38 - 00002912 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-07-14 17:57 - 2015-07-14 17:57 - 00000000 ____D C:\Users\Username\AppData\Local\Lavasoft
2015-07-14 17:56 - 2015-07-20 11:07 - 00000000 ____D C:\Users\Username\AppData\Roaming\Lavasoft
2015-07-14 17:56 - 2015-07-14 17:56 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-07-14 17:56 - 2015-06-08 14:13 - 00428880 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-07-14 17:56 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-07-14 17:55 - 2015-07-20 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-14 17:51 - 2015-07-20 11:07 - 00000000 ____D C:\ProgramData\Lavasoft
2015-07-14 17:48 - 2015-07-14 17:49 - 02009904 _____ C:\Users\Username\Downloads\Adaware_Installer.exe
2015-07-14 09:35 - 2015-07-12 21:56 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150714-093537.backup
2015-07-12 21:56 - 2015-06-26 23:20 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150712-215624.backup
2015-07-10 11:43 - 2015-07-10 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 21:41 - 2015-06-27 21:41 - 06565736 _____ (Piriform Ltd) C:\Users\Username\Downloads\ccsetup507.exe
2015-06-26 23:20 - 2015-06-23 21:35 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150626-232038.backup
2015-06-24 13:53 - 2015-06-24 13:54 - 40430208 _____ (Skype Technologies S.A.) C:\Users\Username\Downloads\SkypeSetupFull.exe
2015-06-23 21:35 - 2015-06-16 21:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150623-213551.backup
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 13:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-21 12:40 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-21 12:37 - 2014-05-01 09:37 - 00000298 _____ C:\WINDOWS\Tasks\Gameo Updater.job
2015-07-20 16:53 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-20 12:26 - 2014-04-09 17:53 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902823387
-23996999-410341740-1001
2015-07-20 10:58 - 2015-04-16 15:18 - 00000000 ____D C:\Users\Username\1604
2015-07-20 09:18 - 2014-04-10 09:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-19 23:04 - 2013-11-29 00:45 - 00000000 ____D C:\ProgramData\Temp
2015-07-19 23:03 - 2014-04-09 23:29 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-07-19 23:02 - 2014-04-09 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-07-19 22:59 - 2014-08-24 21:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-19 21:51 - 2015-04-05 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-07-19 21:51 - 2014-04-11 17:18 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-07-19 21:33 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-19 21:30 - 2015-03-16 21:32 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00150160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-19 21:30 - 2015-03-16 21:31 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-17 22:43 - 2015-03-16 16:37 - 00000000 ____D C:\Users\Username\Filename
2015-07-16 23:19 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-07-16 12:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 09:23 - 2014-05-02 11:57 - 00503088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-16 00:07 - 2014-04-09 17:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 21:03 - 2014-12-29 10:45 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:12 - 2014-04-09 16:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 12:55 - 2014-04-11 18:44 - 00000000 ____D C:\Users\Username
2015-07-15 12:22 - 2014-03-18 11:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-15 11:01 - 2014-10-26 21:08 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 10:44 - 2014-07-10 10:33 - 00000000 ____D C:\Users\Username\Filename
2015-07-14 21:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-13 22:10 - 2015-05-15 17:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2015-05-15 17:46 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 12:52 - 2015-06-16 13:19 - 00000000 ____D C:\Users\Username\AppData\Roaming\Skype
2015-07-05 11:37 - 2015-06-16 13:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-05 11:37 - 2015-06-16 13:19 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 16:09 - 2014-04-09 23:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-03 08:43 - 2014-04-09 17:36 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-27 21:43 - 2014-04-10 16:35 - 00000000 ____D C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2014-05-05 17:46 - 2014-05-05 17:46 - 0004096 ____H () C:\Users\Username\AppData\Local\keyfile3.drm
2014-04-13 13:18 - 2014-04-13 13:23 - 0007625 _____ () C:\Users\Username\AppData\Local\resmon.resmoncfg
2014-04-14 21:36 - 2014-04-14 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-21 11:54
==================== End of log ============================
ADDITIONAL RESULTS
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Username at 2015-07-21 13:04:13
Running from C:\Users\Username\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2902823387-23996999-410341740-500 - Administrator - Disabled)
Guest (S-1-5-21-2902823387-23996999-410341740-501 - Limited - Disabled)
Username (S-1-5-21-2902823387-23996999-410341740-1007 - Limited - Enabled)
Username (S-1-5-21-2902823387-23996999-410341740-1001 - Administrator - Enabled) => C:\Users\Username
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6201.52 - CyberLink Corp.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Firefox Packages (HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Firefox Packages) (Version: - ) <==== ATTENTION
Gameo Updater (HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Gameo Updater) (Version: - Gameo Updater) <==== ATTENTION!
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless NFC Software (HKLM\...\Intel(R) PROSet/Wireless NFC Software) (Version: 1.0.1.003 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.1.00.14260 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.1.01.15140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Web Companion (HKLM-x32\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2902823387-23996999-410341740-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2902823387-23996999-410341740-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
==================== Restore Points =========================
02-07-2015 10:36:12 Scheduled Checkpoint
09-07-2015 10:00:25 Windows Update
14-07-2015 17:51:27 AA11
19-07-2015 21:26:10 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2015-07-14 09:35 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01949962-054D-4CFF-9DBD-C4E2B385401A} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {066C3859-6419-407E-8762-9ED8B1A3DBB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-19] (AVAST Software)
Task: {0F311056-9CFE-4259-8BE1-3C40A75CBEC3} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {12BE1BEF-9F0A-4AE9-9A34-B3337F3F70D7} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {168BEE65-B077-42BD-826F-8DBBB9B7ADA6} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)
Task: {20F338F9-987C-467F-871C-9FF3DAC5E9FF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {283F229D-5A9A-446C-8DA5-2FDF40EE8935} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {2B94B9BB-8C56-481F-B8C0-DB28F7DD505D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {31FD091C-039B-4F0F-B872-A2DB94E8EFCF} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {4095FF73-5D55-45D8-9387-45026462787D} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {417C9A91-BAD2-416D-B3F9-ED1C9214062A} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {56973AC3-0BA1-4261-A2C8-7B5A7B65B2A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5946D0D0-17AD-4CD6-90DD-38958E0816D6} - System32\Tasks\{4ABC2722-64CF-4512-9293-6F2B3D75D45D} => pcalua.exe -a "C:\Users\Username\AppData\Roaming\1H1Q\Firefox Packages\uninstaller.exe" -c /Uninstall /NM="Firefox Packages" /AN="1H1Q" /MBN="Firefox Packages"
Task: {59715139-69F7-47E4-BC86-709FCFC7BD04} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {6391E6B0-B995-4D97-997E-ABF011AFD51B} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {6B97C90A-8846-488E-8FE4-19973816852C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {89117373-E0B9-42F6-800E-8303C24F95FE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {94E7B87E-F487-4C5F-9292-BD4F26E7264D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9CF2353B-87E9-4A66-9EC1-F283898528B6} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {A17F00B6-9BC1-4BD7-B4A1-7463950407AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A39B1DD1-F4CE-40E6-BA11-EDF2D944B572} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {A890C213-E1FE-492E-B44C-0F0ADE81605E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {AC02EAF4-65CB-4E43-AF2D-060902C8D84C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)
Task: {B4E87E36-8A0C-4558-AC9B-DDAE76A2BBC0} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C1B5973A-D68E-48C8-A461-D3A2D4ADE856} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {C59A9D9B-F250-49D9-ABD5-EFBB0A5ABDC6} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {C6CE8CE1-1CB4-4F21-9D7F-8DB60C654C04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {CC490DBD-2F94-44DF-B207-1A1F5B19BB4C} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E4011E3E-2161-4708-841E-8BFC327F9C82} - System32\Tasks\Gameo Updater => C:\Users\Username\AppData\Roaming\GameoUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {E8349005-17FA-45EA-B0AE-1742BB0533B7} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {ECE258AE-80D6-41E7-BF7B-851D7EB79AC0} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FEF1711F-2DE1-4B01-8680-7D08F0D8A5B7} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {FF661D2F-64EF-458F-B589-1DBACC0F570D} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Gameo Updater.job => C:\Users\Username\AppData\Roaming\GAMEOU~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2014-04-11 09:52 - 2014-04-11 09:52 - 00034304 _____ () C:\WINDOWS\System32\sst8clm.dll
2012-12-14 15:27 - 2012-12-14 15:27 - 00049520 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00019816 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-06-08 14:12 - 2015-06-08 14:12 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00034664 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-19 11:21 - 2013-11-19 11:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2015-07-19 21:30 - 2015-07-19 21:30 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-19 21:30 - 2015-07-19 21:30 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-20 11:59 - 2015-07-20 11:59 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15072000\algo.dll
2015-07-21 12:00 - 2015-07-21 12:00 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072100\algo.dll
2014-08-09 23:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-09 23:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-09 23:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-09 23:39 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-09 23:39 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-16 21:31 - 2015-03-16 21:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-29 00:09 - 2013-01-23 10:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 12685 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Fax => 3
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Bluetooth"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\StartupApproved\Run: => "Gameo"
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\StartupApproved\Run: => "Web Companion"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{037369DB-D700-4A8B-9965-1E31F296992D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{A473699D-E408-4E11-88EC-FD6BD7984B4A}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{FC810541-5C99-498E-B061-920DD5400654}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{76AE2AEE-8BDE-42B3-B627-678D53D68E90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{D3D3197C-4948-453C-B3EF-C4396C2C8401}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E5443676-50DE-4634-99BF-295E2D16E0F9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{70F7A119-B73B-4B47-8CDD-864E456C2C8D}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9B4D2649-A51D-4F1D-9409-9A8FA47E9D86}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A621DC9D-7D47-4A75-A7F1-6E60D4D4552E}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{8C909D20-0EDB-4C89-A8FF-C50E5062FB4D}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{065DA872-5F22-4D4D-B5F4-EBF6333A0B10}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{32F3ADE6-41A8-4D54-B128-2AA2D9226C7E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{1FC944CD-9CAF-4452-97DC-F17182401E13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8195BD6B-C31E-43CA-AF49-D2B2B43912BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{35A16244-09F2-4FE5-BD72-92D18984BEB5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E2AF2B2D-5E6D-4A85-9CE8-1CAF354782BD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2015 02:17:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffa8cdeafb1
Faulting process id: 0x1240
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3
Faulting package full name: VCAgent.exe4
Faulting package-relative application ID: VCAgent.exe5
Error: (07/20/2015 02:17:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()
Error: (07/20/2015 12:37:04 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description:
Error: (07/20/2015 12:31:09 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/20/2015 12:31:06 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description:
Error: (07/20/2015 12:28:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (07/20/2015 12:28:57 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/20/2015 12:28:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (07/20/2015 11:10:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffb1975afb1
Faulting process id: 0x1a30
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3
Faulting package full name: VCAgent.exe4
Faulting package-relative application ID: VCAgent.exe5
Error: (07/20/2015 11:10:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()
System errors:
=============
Error: (07/21/2015 12:34:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Microsoft Office:
=========================
Error: (06/19/2014 12:00:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11475 seconds with 3120 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 37%
Total physical RAM: 3974.8 MB
Available physical RAM: 2475.86 MB
Total Virtual: 4678.8 MB
Available Virtual: 2446.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:670.99 GB) (Free:621.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E6624159)
Partition: GPT Partition Type.
==================== End of log ============================
aswMBR. RESULTS
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-07-21 13:19:37
-----------------------------
13:19:37.571 OS Version: Windows x64 6.2.9200
13:19:37.572 Number of processors: 4 586 0x3A09
13:19:37.574 ComputerName: VAIO UserName: Username
13:19:42.160 Initialize success
13:19:42.174 VM: initialized successfully
13:19:42.177 VM: Intel CPU BiosDisabled
13:19:45.632 AVAST engine defs: 15072100
13:20:43.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
13:20:43.405 Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA5G0 Size: 715404MB BusType: 11
13:20:43.546 Disk 0 MBR read successfully
13:20:43.561 Disk 0 MBR scan
13:20:43.561 Disk 0 unknown MBR code
13:20:43.592 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
13:20:43.639 Disk 0 scanning C:\WINDOWS\system32\drivers
13:21:02.078 Service scanning
13:21:48.502 Modules scanning
13:21:48.518 Disk 0 trace - called modules:
13:21:48.596 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
13:21:48.611 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe002001fc060]
13:21:48.627 3 CLASSPNP.SYS[fffff8017952e170] -> nt!IofCallDriver -> [0xffffe001fed8e040]
13:21:48.643 5 ACPI.sys[fffff8017916dc21] -> nt!IofCallDriver -> \Device\0000002c[0xffffe001fed927f0]
13:21:50.487 AVAST engine scan C:\WINDOWS
13:21:54.268 AVAST engine scan C:\WINDOWS\system32
13:25:44.186 AVAST engine scan C:\WINDOWS\system32\drivers
13:26:09.890 AVAST engine scan C:\Users\Username
13:28:44.414 AVAST engine scan C:\ProgramData
13:42:20.754 Disk 0 statistics 3961128/0/0 @ 2.00 MB/s
13:42:20.785 Scan finished successfully
13:45:11.028 Disk 0 MBR has been saved successfully to "C:\Users\Username\Desktop\MBR.dat"
13:45:11.044 The log file has been saved successfully to "C:\Users\Us
There are some persistent 'low-level' threats that Spybot finds but does not remove. How can I remove these please? I am using Spybot 2.4.40.0 free version. The latest Spybot 'Results' are pasted below, and after that I have added the Threat 'Rule#' codes. Below that are pasted the FRST log, the Additional log and aswMBR log.
The Windows result, 1E4E2003, is also on another computer.
Thank you
------------------------------------------------------------------------------------------------------
SPYBOT SCAN RESULTS
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Office\12.0\Word\File MRU
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cache: [SBI $49804B54] Browser: Cache (5) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (4) (Browser: History, nothing done)
-------------------------------------------------------------------------------------------------------
Each of the above appears on Spybot's Results screen marked as the following 'Rule#' :
MS Office 12: E357B233
Windows: 1E4E2003
Windows: 1E4E2003
Windows Explorer: 7308A845
Windows Explorer: D20DA0AD
Cache: 49804B4
History: 49804B4
------------------------------------------------------------------------------------------------------
FRST RESULTS
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Username (administrator) on Computer on 21-07-2015 13:02:29
Running from C:\Users\Username\Desktop
Loaded Profiles: Username (Available Profiles: Username)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-
tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208
2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06]
(Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel
Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software
Technologies Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking
Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30]
(Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680
2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Run: [BingSvc] => C:\Users\Username\AppData\Local\Microsoft\BingSvc\BingSvc.exe
[144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion
\Application\WebCompanion.exe [1381648 2015-06-08] (Lavasoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast
\ashShA64.dll [2015-07-19] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2902823387-23996999-410341740-1001] => localhost:21320
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ixquick.com/
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://vaioportal.sony.eu
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
https://www.yahoo.co.uk/
SearchScopes: HKU\S-1-5-21-2902823387-23996999-410341740-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [348488 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [428880 2015-07-14] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5BF70654-7BED-4BFD-8BDE-CCCE2D5530D4}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FD3DA010-9786-4015-8D34-B01C7DAECC94}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default
FF DefaultSearchEngine: Search By ZoneAlarm
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://ixquick.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-11-29] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components
\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-
05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-11]
(Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App
\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2902823387-23996999-410341740-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin
\npAppUp.dll [2013-02-19] (Intel)
FF Plugin HKU\S-1-5-21-2902823387-23996999-410341740-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin
\npAppUp_x64.dll [2013-02-19] (Intel)
FF user.js: detected! => C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default\user.js [2014-12-14]
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default\searchplugins\ixquick-https.xml [2014
-05-12]
FF SearchPlugin: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\bk2e5zi4.default\searchplugins\zonealarm.xml [2014-12-
14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome
\aswWebRepChrome.crx [2015-03-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-19] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824
2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel
Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08]
(Lavasoft Limited)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony
Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony
Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816
2015-06-08] ()
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony
Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation)
[File not signed]
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [93712 2014-07-03] (Check Point Software
Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-19] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-12-12] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-19] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-12-30] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 13:02 - 2015-07-21 13:03 - 00017707 _____ C:\Users\Username\Desktop\FRST.txt
2015-07-21 12:29 - 2015-07-21 13:02 - 00000000 ____D C:\FRST
2015-07-21 12:26 - 2015-07-21 12:27 - 02135552 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2015-07-20 11:23 - 2015-07-20 11:23 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-VAIO-Windows-8.1-(64-bit).dat
2015-07-20 11:21 - 2015-07-20 11:21 - 00000000 ____D C:\RegBackup
2015-07-20 11:20 - 2015-07-20 11:20 - 00002247 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-20 11:16 - 2015-07-20 11:16 - 04720448 _____ C:\Users\Username\Downloads\tweaking.com_registry_backup_setup(1).exe
2015-07-20 11:15 - 2015-07-20 11:15 - 04720448 _____ C:\Users\Username\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-20 11:11 - 2015-07-20 16:53 - 00000154 _____ C:\WINDOWS\setupact.log
2015-07-20 11:11 - 2015-07-20 11:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-20 11:09 - 2015-07-20 11:09 - 00005400 _____ C:\Users\Username\Documents\cc_20150720_110932.reg
2015-07-19 23:02 - 2015-07-19 23:02 - 00001087 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-07-19 23:00 - 2015-07-19 23:00 - 04184064 _____ (BrightFort LLC ) C:\Users\Username\Downloads\spywareblastersetup52.exe
2015-07-19 21:30 - 2015-07-19 21:30 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-19 21:30 - 2015-07-19 21:30 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-19 21:24 - 2015-07-19 21:24 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Username\Downloads
\avast_free_antivirus_setup_online_cnet.exe
2015-07-15 18:54 - 2015-07-03 14:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-15 18:54 - 2015-07-03 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 18:54 - 2015-07-03 14:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-15 18:54 - 2015-07-03 14:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 18:54 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 18:54 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 18:54 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 18:54 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 18:54 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 18:54 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 18:54 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 18:54 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 18:54 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 18:54 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 18:54 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 18:54 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 18:54 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 18:54 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 18:54 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 18:54 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 18:54 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 18:54 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 18:54 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 18:54 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 18:54 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 18:54 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 18:54 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 18:54 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 18:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-15 18:53 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 18:53 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 18:53 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 18:53 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 18:53 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 18:52 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 18:52 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 18:52 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 18:52 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 18:52 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 18:52 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 18:52 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 18:52 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 18:52 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 18:52 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 18:52 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 18:52 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 18:52 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 18:52 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 18:52 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 18:52 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 18:52 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 18:52 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 18:52 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 18:52 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 18:52 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 18:52 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 18:52 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 18:52 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 18:52 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 18:52 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 18:52 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 18:52 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 18:52 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 18:52 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 18:52 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 18:52 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 18:52 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 18:52 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 18:52 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 18:52 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 18:52 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 18:51 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 18:51 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 18:51 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 18:51 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 18:51 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 18:51 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-15 18:51 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-15 11:52 - 2015-07-16 09:54 - 00000000 ____D C:\Users\Username\Desktop\Filename
2015-07-15 11:41 - 2015-07-15 11:48 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 11:05 - 2015-07-15 11:06 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 11:04 - 2015-07-15 11:05 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 11:04 - 2015-07-15 11:04 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 10:12 - 2015-07-21 12:41 - 01327720 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-15 10:11 - 2015-07-15 10:11 - 00000448 _____ C:\Users\Username\Documents\filename.reg
2015-07-15 10:07 - 2015-07-15 10:07 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-07-15 10:07 - 2015-07-15 10:07 - 00000000 ____D C:\Users\James\AppData\Local\Packages
2015-07-15 10:07 - 2015-07-15 10:07 - 00000000 ____D C:\Users\Username
2015-07-14 22:54 - 2015-07-14 22:55 - 00018392 _____ C:\Users\Username\Documents\cc_20150714_225440.reg
2015-07-14 20:00 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-07-14 20:00 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-07-14 20:00 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-07-14 20:00 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-07-14 20:00 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2015-07-14 20:00 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2015-07-14 20:00 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2015-07-14 20:00 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2015-07-14 17:57 - 2015-07-14 18:38 - 00002912 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-14 17:57 - 2015-07-14 18:38 - 00002912 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-07-14 17:57 - 2015-07-14 17:57 - 00000000 ____D C:\Users\Username\AppData\Local\Lavasoft
2015-07-14 17:56 - 2015-07-20 11:07 - 00000000 ____D C:\Users\Username\AppData\Roaming\Lavasoft
2015-07-14 17:56 - 2015-07-14 17:56 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-07-14 17:56 - 2015-06-08 14:13 - 00428880 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-07-14 17:56 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-07-14 17:55 - 2015-07-20 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-14 17:51 - 2015-07-20 11:07 - 00000000 ____D C:\ProgramData\Lavasoft
2015-07-14 17:48 - 2015-07-14 17:49 - 02009904 _____ C:\Users\Username\Downloads\Adaware_Installer.exe
2015-07-14 09:35 - 2015-07-12 21:56 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150714-093537.backup
2015-07-12 21:56 - 2015-06-26 23:20 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150712-215624.backup
2015-07-10 11:43 - 2015-07-10 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 21:41 - 2015-06-27 21:41 - 06565736 _____ (Piriform Ltd) C:\Users\Username\Downloads\ccsetup507.exe
2015-06-26 23:20 - 2015-06-23 21:35 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150626-232038.backup
2015-06-24 13:53 - 2015-06-24 13:54 - 40430208 _____ (Skype Technologies S.A.) C:\Users\Username\Downloads\SkypeSetupFull.exe
2015-06-23 21:35 - 2015-06-16 21:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150623-213551.backup
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 13:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-21 12:40 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-21 12:37 - 2014-05-01 09:37 - 00000298 _____ C:\WINDOWS\Tasks\Gameo Updater.job
2015-07-20 16:53 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-20 12:26 - 2014-04-09 17:53 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902823387
-23996999-410341740-1001
2015-07-20 10:58 - 2015-04-16 15:18 - 00000000 ____D C:\Users\Username\1604
2015-07-20 09:18 - 2014-04-10 09:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-19 23:04 - 2013-11-29 00:45 - 00000000 ____D C:\ProgramData\Temp
2015-07-19 23:03 - 2014-04-09 23:29 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-07-19 23:02 - 2014-04-09 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-07-19 22:59 - 2014-08-24 21:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-19 21:51 - 2015-04-05 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-07-19 21:51 - 2014-04-11 17:18 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-07-19 21:33 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-19 21:30 - 2015-03-16 21:32 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00150160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-19 21:30 - 2015-03-16 21:32 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-19 21:30 - 2015-03-16 21:31 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-17 22:43 - 2015-03-16 16:37 - 00000000 ____D C:\Users\Username\Filename
2015-07-16 23:19 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-07-16 12:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 09:23 - 2014-05-02 11:57 - 00503088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-16 00:07 - 2014-04-09 17:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 21:03 - 2014-12-29 10:45 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:12 - 2014-04-09 16:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 12:55 - 2014-04-11 18:44 - 00000000 ____D C:\Users\Username
2015-07-15 12:22 - 2014-03-18 11:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-15 11:01 - 2014-10-26 21:08 - 00000000 ____D C:\Users\Username\Filename
2015-07-15 10:44 - 2014-07-10 10:33 - 00000000 ____D C:\Users\Username\Filename
2015-07-14 21:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-13 22:10 - 2015-05-15 17:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2015-05-15 17:46 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 12:52 - 2015-06-16 13:19 - 00000000 ____D C:\Users\Username\AppData\Roaming\Skype
2015-07-05 11:37 - 2015-06-16 13:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-05 11:37 - 2015-06-16 13:19 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 16:09 - 2014-04-09 23:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-03 08:43 - 2014-04-09 17:36 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-27 21:43 - 2014-04-10 16:35 - 00000000 ____D C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2014-05-05 17:46 - 2014-05-05 17:46 - 0004096 ____H () C:\Users\Username\AppData\Local\keyfile3.drm
2014-04-13 13:18 - 2014-04-13 13:23 - 0007625 _____ () C:\Users\Username\AppData\Local\resmon.resmoncfg
2014-04-14 21:36 - 2014-04-14 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-21 11:54
==================== End of log ============================
ADDITIONAL RESULTS
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Username at 2015-07-21 13:04:13
Running from C:\Users\Username\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2902823387-23996999-410341740-500 - Administrator - Disabled)
Guest (S-1-5-21-2902823387-23996999-410341740-501 - Limited - Disabled)
Username (S-1-5-21-2902823387-23996999-410341740-1007 - Limited - Enabled)
Username (S-1-5-21-2902823387-23996999-410341740-1001 - Administrator - Enabled) => C:\Users\Username
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6201.52 - CyberLink Corp.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Firefox Packages (HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Firefox Packages) (Version: - ) <==== ATTENTION
Gameo Updater (HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\Gameo Updater) (Version: - Gameo Updater) <==== ATTENTION!
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless NFC Software (HKLM\...\Intel(R) PROSet/Wireless NFC Software) (Version: 1.0.1.003 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.1.00.14260 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.1.01.15140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Web Companion (HKLM-x32\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2902823387-23996999-410341740-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2902823387-23996999-410341740-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
==================== Restore Points =========================
02-07-2015 10:36:12 Scheduled Checkpoint
09-07-2015 10:00:25 Windows Update
14-07-2015 17:51:27 AA11
19-07-2015 21:26:10 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2015-07-14 09:35 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01949962-054D-4CFF-9DBD-C4E2B385401A} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {066C3859-6419-407E-8762-9ED8B1A3DBB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-19] (AVAST Software)
Task: {0F311056-9CFE-4259-8BE1-3C40A75CBEC3} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {12BE1BEF-9F0A-4AE9-9A34-B3337F3F70D7} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {168BEE65-B077-42BD-826F-8DBBB9B7ADA6} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)
Task: {20F338F9-987C-467F-871C-9FF3DAC5E9FF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {283F229D-5A9A-446C-8DA5-2FDF40EE8935} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {2B94B9BB-8C56-481F-B8C0-DB28F7DD505D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {31FD091C-039B-4F0F-B872-A2DB94E8EFCF} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {4095FF73-5D55-45D8-9387-45026462787D} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {417C9A91-BAD2-416D-B3F9-ED1C9214062A} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {56973AC3-0BA1-4261-A2C8-7B5A7B65B2A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5946D0D0-17AD-4CD6-90DD-38958E0816D6} - System32\Tasks\{4ABC2722-64CF-4512-9293-6F2B3D75D45D} => pcalua.exe -a "C:\Users\Username\AppData\Roaming\1H1Q\Firefox Packages\uninstaller.exe" -c /Uninstall /NM="Firefox Packages" /AN="1H1Q" /MBN="Firefox Packages"
Task: {59715139-69F7-47E4-BC86-709FCFC7BD04} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {6391E6B0-B995-4D97-997E-ABF011AFD51B} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {6B97C90A-8846-488E-8FE4-19973816852C} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {89117373-E0B9-42F6-800E-8303C24F95FE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {94E7B87E-F487-4C5F-9292-BD4F26E7264D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9CF2353B-87E9-4A66-9EC1-F283898528B6} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {A17F00B6-9BC1-4BD7-B4A1-7463950407AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A39B1DD1-F4CE-40E6-BA11-EDF2D944B572} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {A890C213-E1FE-492E-B44C-0F0ADE81605E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {AC02EAF4-65CB-4E43-AF2D-060902C8D84C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)
Task: {B4E87E36-8A0C-4558-AC9B-DDAE76A2BBC0} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C1B5973A-D68E-48C8-A461-D3A2D4ADE856} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {C59A9D9B-F250-49D9-ABD5-EFBB0A5ABDC6} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {C6CE8CE1-1CB4-4F21-9D7F-8DB60C654C04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {CC490DBD-2F94-44DF-B207-1A1F5B19BB4C} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E4011E3E-2161-4708-841E-8BFC327F9C82} - System32\Tasks\Gameo Updater => C:\Users\Username\AppData\Roaming\GameoUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {E8349005-17FA-45EA-B0AE-1742BB0533B7} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {ECE258AE-80D6-41E7-BF7B-851D7EB79AC0} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FEF1711F-2DE1-4B01-8680-7D08F0D8A5B7} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {FF661D2F-64EF-458F-B589-1DBACC0F570D} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Gameo Updater.job => C:\Users\Username\AppData\Roaming\GAMEOU~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2014-04-11 09:52 - 2014-04-11 09:52 - 00034304 _____ () C:\WINDOWS\System32\sst8clm.dll
2012-12-14 15:27 - 2012-12-14 15:27 - 00049520 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00019816 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-06-08 14:12 - 2015-06-08 14:12 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00034664 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-19 11:21 - 2013-11-19 11:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2015-07-19 21:30 - 2015-07-19 21:30 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-19 21:30 - 2015-07-19 21:30 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-20 11:59 - 2015-07-20 11:59 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15072000\algo.dll
2015-07-21 12:00 - 2015-07-21 12:00 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072100\algo.dll
2014-08-09 23:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-09 23:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-09 23:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-09 23:39 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-09 23:39 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-16 21:31 - 2015-03-16 21:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-29 00:09 - 2013-01-23 10:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 12685 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2902823387-23996999-410341740-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Fax => 3
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Bluetooth"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\StartupApproved\Run: => "Gameo"
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2902823387-23996999-410341740-1001\...\StartupApproved\Run: => "Web Companion"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{037369DB-D700-4A8B-9965-1E31F296992D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{A473699D-E408-4E11-88EC-FD6BD7984B4A}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{FC810541-5C99-498E-B061-920DD5400654}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{76AE2AEE-8BDE-42B3-B627-678D53D68E90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{D3D3197C-4948-453C-B3EF-C4396C2C8401}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E5443676-50DE-4634-99BF-295E2D16E0F9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{70F7A119-B73B-4B47-8CDD-864E456C2C8D}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9B4D2649-A51D-4F1D-9409-9A8FA47E9D86}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A621DC9D-7D47-4A75-A7F1-6E60D4D4552E}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{8C909D20-0EDB-4C89-A8FF-C50E5062FB4D}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{065DA872-5F22-4D4D-B5F4-EBF6333A0B10}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{32F3ADE6-41A8-4D54-B128-2AA2D9226C7E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{1FC944CD-9CAF-4452-97DC-F17182401E13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8195BD6B-C31E-43CA-AF49-D2B2B43912BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{35A16244-09F2-4FE5-BD72-92D18984BEB5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E2AF2B2D-5E6D-4A85-9CE8-1CAF354782BD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2015 02:17:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffa8cdeafb1
Faulting process id: 0x1240
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3
Faulting package full name: VCAgent.exe4
Faulting package-relative application ID: VCAgent.exe5
Error: (07/20/2015 02:17:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()
Error: (07/20/2015 12:37:04 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description:
Error: (07/20/2015 12:31:09 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/20/2015 12:31:06 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description:
Error: (07/20/2015 12:28:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (07/20/2015 12:28:57 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/20/2015 12:28:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (07/20/2015 11:10:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffb1975afb1
Faulting process id: 0x1a30
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3
Faulting package full name: VCAgent.exe4
Faulting package-relative application ID: VCAgent.exe5
Error: (07/20/2015 11:10:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()
System errors:
=============
Error: (07/21/2015 12:34:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:34:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Error: (07/21/2015 12:22:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058
Microsoft Office:
=========================
Error: (06/19/2014 12:00:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11475 seconds with 3120 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 37%
Total physical RAM: 3974.8 MB
Available physical RAM: 2475.86 MB
Total Virtual: 4678.8 MB
Available Virtual: 2446.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:670.99 GB) (Free:621.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E6624159)
Partition: GPT Partition Type.
==================== End of log ============================
aswMBR. RESULTS
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-07-21 13:19:37
-----------------------------
13:19:37.571 OS Version: Windows x64 6.2.9200
13:19:37.572 Number of processors: 4 586 0x3A09
13:19:37.574 ComputerName: VAIO UserName: Username
13:19:42.160 Initialize success
13:19:42.174 VM: initialized successfully
13:19:42.177 VM: Intel CPU BiosDisabled
13:19:45.632 AVAST engine defs: 15072100
13:20:43.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
13:20:43.405 Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA5G0 Size: 715404MB BusType: 11
13:20:43.546 Disk 0 MBR read successfully
13:20:43.561 Disk 0 MBR scan
13:20:43.561 Disk 0 unknown MBR code
13:20:43.592 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
13:20:43.639 Disk 0 scanning C:\WINDOWS\system32\drivers
13:21:02.078 Service scanning
13:21:48.502 Modules scanning
13:21:48.518 Disk 0 trace - called modules:
13:21:48.596 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
13:21:48.611 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe002001fc060]
13:21:48.627 3 CLASSPNP.SYS[fffff8017952e170] -> nt!IofCallDriver -> [0xffffe001fed8e040]
13:21:48.643 5 ACPI.sys[fffff8017916dc21] -> nt!IofCallDriver -> \Device\0000002c[0xffffe001fed927f0]
13:21:50.487 AVAST engine scan C:\WINDOWS
13:21:54.268 AVAST engine scan C:\WINDOWS\system32
13:25:44.186 AVAST engine scan C:\WINDOWS\system32\drivers
13:26:09.890 AVAST engine scan C:\Users\Username
13:28:44.414 AVAST engine scan C:\ProgramData
13:42:20.754 Disk 0 statistics 3961128/0/0 @ 2.00 MB/s
13:42:20.785 Scan finished successfully
13:45:11.028 Disk 0 MBR has been saved successfully to "C:\Users\Username\Desktop\MBR.dat"
13:45:11.044 The log file has been saved successfully to "C:\Users\Us