So my computer has a screen that keeps poping up that says "Your system has been blocked for security reasons" Suspicious activity found on your computer, due to pop-up advertisement windows and invasive links. The box has a fix now. When I click the fix now, it goes through a process and then gives me a screen to call a 1-800 number. I have to open task manager to close it. It will come back in about 5 minutes and goes through the whole process again.
Thank you for your assistance.
Rob
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Chels (administrator) on CHELS-VAIO (01-04-2016 19:54:16)
Running from C:\Users\Chels\Desktop
Loaded Profiles: Chels (Available Profiles: Chels)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Provo Craft & Novelty, Inc.) C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Provo Craft & Novelty, Inc.) C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutBridge.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Run: [Cricut Design Space] => C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe [380744 2015-07-15] (Provo Craft & Novelty, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A3486D8C-4BD0-4D65-B1AB-CCCE0E230AD1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{B70413A0-9BB4-4545-9C2C-5AD506099061}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20160331-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-30] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-06] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-30] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-06] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
IE Session Restore: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> is enabled.
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.safesear.ch/?type=20160331-135-ie-sm
FireFox:
========
FF ProfilePath: C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default
FF NewTab: hxxp://www.safesear.ch/?type=20160331-135-ff-nt
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-30] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-06] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems)
FF Plugin: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut64R.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-06] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF Plugin-x32: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut32R.dll [No File]
FF SearchPlugin: C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\searchplugins\safesearch.xml [2016-03-31]
FF Extension: Simple - C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\Extensions\[email protected] [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Fast Web Browser\fastwebbrowser.exe hxxp://www.safesear.ch/?type=20160331-135-ff-sm
Chrome:
=======
CHR Profile: C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tab) - C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-05-09]
CHR Extension: (Simple) - C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-06-22]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.safesear.ch/?type=20160331-135-ch-sm
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2016-03-31] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-01 19:54 - 2016-04-01 19:54 - 00019377 _____ C:\Users\Chels\Desktop\FRST.txt
2016-04-01 19:53 - 2016-04-01 19:53 - 02374144 _____ (Farbar) C:\Users\Chels\Desktop\FRST64.exe
2016-04-01 19:50 - 2016-04-01 19:50 - 02374144 _____ (Farbar) C:\Users\Chels\Downloads\FRST64(1).exe
2016-04-01 19:47 - 2016-04-01 19:48 - 00043419 _____ C:\Users\Chels\Downloads\Addition.txt
2016-04-01 19:45 - 2016-04-01 19:54 - 00000000 ____D C:\FRST
2016-04-01 19:45 - 2016-04-01 19:48 - 00030696 _____ C:\Users\Chels\Downloads\FRST.txt
2016-04-01 19:45 - 2016-04-01 19:45 - 02374144 _____ (Farbar) C:\Users\Chels\Downloads\FRST64.exe
2016-04-01 15:32 - 2016-04-01 15:32 - 00001684 _____ C:\Windows\system32\.crusader
2016-03-31 11:57 - 2016-03-31 11:57 - 00000258 __RSH C:\Users\Chels\ntuser.pol
2016-03-31 11:38 - 2016-03-31 11:38 - 00001542 _____ C:\Users\Chels\AppData\Local\PDLSetup.20160331.113804.txt
2016-03-31 11:35 - 2016-04-01 15:32 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-31 11:34 - 2016-03-31 11:34 - 00002237 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002207 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002205 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002203 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00000000 ____D C:\Users\Chels\AppData\Local\Component
2016-03-31 11:33 - 2016-03-31 11:36 - 00000000 ____D C:\Users\Chels\AppData\Local\Fast Browser
2016-03-31 11:32 - 2016-03-31 11:32 - 00233728 _____ C:\Users\Chels\Downloads\HitmanProSetup.exe
2016-03-31 11:18 - 2016-04-01 19:21 - 00763394 _____ C:\Windows\ntbtlog.txt
2016-03-31 11:02 - 2016-03-31 11:02 - 00001022 _____ C:\Users\Chels\Desktop\JRT.txt
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Windows\ERUNT
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2016-03-31 10:57 - 2016-03-31 11:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\Wow_com
2016-03-31 10:57 - 2016-03-31 10:57 - 01706144 _____ (Thisisu) C:\Users\Chels\Downloads\Junkware Removal Tool Setup.exe
2016-03-31 10:56 - 2016-03-31 10:56 - 01044248 _____ ( ) C:\Users\Chels\Downloads\Junkware%20Removal%20Tool%20Setup.exe
2016-03-30 22:55 - 2016-03-30 22:57 - 00000000 ____D C:\AdwCleaner
2016-03-30 22:54 - 2016-03-30 22:55 - 03102720 _____ C:\Users\Chels\Downloads\adwcleaner_5.108.exe
2016-03-30 22:27 - 2016-03-30 22:27 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2016-03-30 22:26 - 2016-03-30 22:26 - 00801749 _____ C:\Users\Chels\AppData\Local\census.cache
2016-03-30 22:25 - 2016-03-30 22:25 - 00198125 _____ C:\Users\Chels\AppData\Local\ars.cache
2016-03-30 22:09 - 2016-03-30 22:23 - 00000000 ____D C:\Users\Chels\Desktop\Wedding
2016-03-30 21:47 - 2016-03-30 21:47 - 02527376 _____ (Trend Micro Inc.) C:\Users\Chels\Downloads\HousecallLauncher64.exe
2016-03-30 21:47 - 2016-03-30 21:47 - 00000036 _____ C:\Users\Chels\AppData\Local\housecall.guid.cache
2016-03-30 21:47 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup.exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (2).exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113800 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (1).exe
2016-03-30 19:54 - 2016-03-30 19:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-01 19:47 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-01 19:47 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-01 19:31 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 19:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-04-01 19:30 - 2016-02-01 19:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc.job
2016-04-01 19:30 - 2015-07-17 21:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-01 19:30 - 2013-10-16 19:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b.job
2016-04-01 19:30 - 2012-03-14 13:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18BF6B4F-3986-47FA-8216-B30BB8EB21D0}
2016-04-01 19:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 19:25 - 2009-07-14 00:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-01 19:00 - 2014-01-06 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-01 18:59 - 2012-04-02 23:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 17:09 - 2013-04-28 20:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\vlc
2016-04-01 15:17 - 2012-08-14 11:49 - 00000000 ____D C:\Users\Chels\AppData\Local\Adobe
2016-03-31 11:57 - 2012-03-14 13:36 - 00000000 ____D C:\Users\Chels
2016-03-31 11:34 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-31 11:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-31 11:33 - 2016-02-10 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-31 11:19 - 2009-07-13 23:45 - 00471696 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 11:06 - 2014-10-09 15:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-31 11:05 - 2012-03-14 13:37 - 00120592 _____ C:\Users\Chels\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-30 22:39 - 2015-06-05 21:08 - 00002323 _____ C:\Users\Chels\Desktop\Wikipedia.lnk
2016-03-30 22:39 - 2015-06-05 21:08 - 00002315 _____ C:\Users\Chels\Desktop\Hotmail.lnk
2016-03-30 22:36 - 2012-05-16 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-30 22:27 - 2015-08-02 19:01 - 00000000 ____D C:\Users\Chels\AppData\Local\{5CF0EAC3-BCB3-4069-9124-399DAD7CE647}
2016-03-30 21:57 - 2011-12-06 23:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-30 21:57 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-30 21:03 - 2012-05-23 13:03 - 00079682 _____ C:\test.xml
2016-03-30 21:00 - 2014-01-06 15:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-30 21:00 - 2014-01-06 15:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-30 21:00 - 2014-01-06 15:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:12 - 2015-06-21 15:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-30 20:10 - 2015-06-21 15:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-30 19:54 - 2012-04-02 23:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
==================== Files in the root of some directories =======
2014-10-29 21:13 - 2014-10-29 21:13 - 6000640 _____ () C:\Program Files (x86)\GUT1681.tmp
2016-03-30 22:25 - 2016-03-30 22:25 - 0198125 _____ () C:\Users\Chels\AppData\Local\ars.cache
2016-03-30 22:26 - 2016-03-30 22:26 - 0801749 _____ () C:\Users\Chels\AppData\Local\census.cache
2016-03-30 21:47 - 2016-03-30 21:47 - 0000036 _____ () C:\Users\Chels\AppData\Local\housecall.guid.cache
2012-04-20 12:45 - 2012-04-20 12:45 - 0001565 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20120420.124510.txt
2012-04-20 20:27 - 2012-04-20 20:27 - 0001566 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20120420.202703.txt
2013-05-12 17:03 - 2013-05-12 17:03 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20130512.170310.txt
2013-08-20 12:08 - 2013-08-20 12:08 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20130820.120808.txt
2013-12-06 00:24 - 2013-12-06 00:24 - 0001544 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20131205.232432.txt
2015-06-17 19:22 - 2015-06-17 19:22 - 0001592 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150617.192203.txt
2015-07-15 21:59 - 2015-07-15 21:59 - 0001590 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150715.215909.txt
2015-08-27 22:24 - 2015-08-27 22:24 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150827.222408.txt
2016-03-31 11:38 - 2016-03-31 11:38 - 0001542 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20160331.113804.txt
2014-09-11 23:54 - 2014-09-11 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-12-06 22:41 - 2011-12-06 22:41 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some files in TEMP:
====================
C:\Users\Chels\AppData\Local\Temp\203c30be-a1b3-465e-85b3-a64b88ad19fa.exe
C:\Users\Chels\AppData\Local\Temp\7za.exe
C:\Users\Chels\AppData\Local\Temp\b010fee3-aeaf-4e68-8635-41b5e70fced7.exe
C:\Users\Chels\AppData\Local\Temp\BestVideoDownloader-S-Setup_Suite1_20120416.exe
C:\Users\Chels\AppData\Local\Temp\CricutUtilCL.exe
C:\Users\Chels\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chels\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Chels\AppData\Local\Temp\libeay32.dll
C:\Users\Chels\AppData\Local\Temp\lowproc.exe
C:\Users\Chels\AppData\Local\Temp\msvcr120.dll
C:\Users\Chels\AppData\Local\Temp\oixjbngf.dll
C:\Users\Chels\AppData\Local\Temp\RealPlayer_20120604.exe
C:\Users\Chels\AppData\Local\Temp\ronlspzb.dll
C:\Users\Chels\AppData\Local\Temp\sqlite3.dll
C:\Users\Chels\AppData\Local\Temp\sqlite3.exe
C:\Users\Chels\AppData\Local\Temp\stubhelper.dll
C:\Users\Chels\AppData\Local\Temp\tbVuze.dll
C:\Users\Chels\AppData\Local\Temp\winzip1632_2_wrapped.exe
C:\Users\Chels\AppData\Local\Temp\YontooIEClient.dll
C:\Users\Chels\AppData\Local\Temp\z1upd53969.exe
C:\Users\Chels\AppData\Local\Temp\z1upd57452.exe
C:\Users\Chels\AppData\Local\Temp\z1upd60347.exe
C:\Users\Chels\AppData\Local\Temp\zxupd63438.exe
C:\Users\Chels\AppData\Local\Temp\zxupd68222.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-31 12:23
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Chels (2016-04-01 19:54:31)
Running from C:\Users\Chels\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-14 18:36:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3644521110-2743841406-1338499732-500 - Administrator - Disabled)
Chels (S-1-5-21-3644521110-2743841406-1338499732-1000 - Administrator - Enabled) => C:\Users\Chels
Guest (S-1-5-21-3644521110-2743841406-1338499732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3644521110-2743841406-1338499732-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.444 - ArcSoft)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
Cricut Design Space Client (HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Cricut Design Space Client) (Version: 3.1507.1507.4015 - Provo Craft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Photosmart 6510 series Basic Device Software (HKLM\...\{1952AED6-2908-418F-B9D8-AC359651F92D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.5.02.12220 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VAIO - Media Gallery (x32 Version: 1.5.0.16020 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
VAIO - Remote Keyboard (x32 Version: 1.0.1.03020 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.0.15030 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.0.0.03050 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.3.0.11090 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.493.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 16.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09E3E14E-5927-4759-9B96-D52F94163FC6} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {0A9DCC41-CF50-41F5-99DA-DC1969D0EC35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0CCEC324-7709-4107-8817-205F5A3AC1D6} - System32\Tasks\{b892d89f-cade-4f10-a61e-5493d54be5ca} => C:\Users\Chels\AppData\Roaming\SenseIUpdater\SenseIUpdaterN8.exe [2015-06-05] ()
Task: {1A463480-AB16-467E-8044-15EADF6B42B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {1A71880A-F85B-4CB7-8FC5-9E75A36A4DF0} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {253FB42F-EDF6-460B-9D9E-55F352DD711B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {2BEEF6F4-76DB-49DB-9841-5E77B09D04A0} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {2BEF14E7-6CD6-43C0-B997-FCE39D8D8BBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {34EBEC58-CE8D-4D62-82EB-45ADE6D040F4} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {39025FE9-D181-44DB-B27D-8B3B611DDCB9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-30] (Microsoft Corporation)
Task: {399BE0EB-CB4E-4706-99DA-8272DE2F9744} - System32\Tasks\AdobeAAMUpdater-1.0-Chels-VAIO-Chels => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {462C3873-A281-4A97-9B76-CD9D4A58456A} - System32\Tasks\VAIO® Messenger (Chels) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {4CFE7133-A907-4B40-B049-6D2928E94F03} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {4E250F68-5CAE-464A-B7CA-5DC3D5F9787A} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {560A4FCE-1F9A-4E53-91A9-31A2A1C8BD83} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
Task: {6D435025-533A-4B0C-94BD-06C06AA2F605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {74AD1128-0E4F-490D-A681-F554512462E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-30] (Adobe Systems Incorporated)
Task: {85002AC7-CA9B-439F-BB36-A7DB37349CE6} - System32\Tasks\Winfix Helper => C:\Program Files (x86)\Winfix 10 Pro\\WinfixHelper.exe <==== ATTENTION
Task: {8EEB7506-C47D-4C16-AF1E-046B5B36AE85} - System32\Tasks\{87857FA6-55FC-4C89-B823-D38F4C47CEC8} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {9020AAAB-1CF8-4811-9D1D-BD2D6264CC95} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3644521110-2743841406-1338499732-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9677B03A-B740-4D29-8A73-456CD1CF94AF} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {9D6792B4-474A-4F0A-8D74-3E6B6FB7E893} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A92C3CCF-8960-4ADA-8A6B-987B70D47641} - System32\Tasks\HP Photosmart 6510 series.exe_{E67ED713-A0E8-4516-BDCE-604839D73A86} => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HP Photosmart 6510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AA58FE87-4851-40CD-AB81-C6629D9F59C2} - System32\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CF9F89FF-C8DE-4E5F-9EB5-D356C0F38C0C} - System32\Tasks\Winfix 10 Auto Start Logon => C:\Program Files (x86)\Winfix 10 Pro\Winfix 10.exe <==== ATTENTION
Task: {D739A6EE-8FE4-43CB-B9EB-28DBD24B3A00} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {DE7A6190-CF6B-43C4-9A26-45BD3FBF1F87} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3644521110-2743841406-1338499732-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E5A7C88A-ECE5-497D-A803-50E073AA6C70} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DDNi Startup.job => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe&VAIO Messenger VAIO Messenger.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-21 15:38 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-01 19:58 - 2016-02-01 19:58 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-03-29 20:46 - 2011-03-29 03:47 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-06-13 14:16 - 2015-06-13 14:16 - 31404192 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-12-07 00:06 - 2011-02-25 20:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-06 23:21 - 2011-03-05 19:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2012-05-15 11:30 - 2012-05-15 11:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\005e39dd4fc7c1bda871002fd7d32f4b\IsdiInterop.ni.dll
2011-12-06 22:48 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-06-09 22:36 - 2015-06-09 22:36 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Chels\Downloads\Quicken H B 2015 Downloader__3687_i1530896120_il1048147.exe:typelib [4042]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4A3E48BB-83BF-4B5A-8814-7CBFD9AD92DE}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{467059AA-80E7-418F-B3DE-16F858993192}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{1358C75C-FE4E-4FE5-9094-5796DDD154EE}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{CA5FFD61-9357-4C7C-874E-64AFCBEA5764}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{338EDD3F-CDF1-49B8-93D1-46F222217E3B}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{867FBEEC-F279-4535-9771-9DEB1CA24B7E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{7B0F1BBD-5690-40E4-B977-070BA2E9442D}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{6F5FFEE1-9946-4029-A5C0-0B31CA55E55B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7F9A06E1-C79B-4232-A311-A5645B7A048B}] => (Allow) LPort=2869
FirewallRules: [{58896B8F-24C9-4878-A632-8162938CCFFC}] => (Allow) LPort=1900
FirewallRules: [{20C7A238-E2D0-409D-9720-EE258B72F29E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B1195514-292C-46E3-A16D-5491F875DADB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1262F8B8-6113-4523-8F9F-58A8DBCB206F}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{B25CBE44-8CA4-4687-B742-70DEE29BFF5B}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{BB7B1569-8750-461F-B7E9-E4524F2B8A63}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{0A505F0C-816B-466B-9407-5F53992EE678}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{288760D9-1E40-4EC7-847B-0701BB51AF6C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{0BA15F0D-F61B-4BBA-844C-847CB5294233}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{8D96ECE0-3220-4786-A64C-FF4CF7258768}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C4B4638D-46B4-429E-95CB-9E4838755653}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{CC5F5958-8DB6-4928-A765-EAC7A8FC8AB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E5E10BC-E90E-4CC8-8B64-41786CB304CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46EEDD22-FFCF-40DF-9833-75B8C4DA762B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{54392297-63E2-44D4-B82E-3BC0EA2F7A48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8F049CF-2D02-4673-9A9C-9B2CBED14CE6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{D36EC83F-F10D-4D11-9257-DBCFE1F3CE0E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{7521F05A-B07A-4F56-A154-7F7262194C09}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{D5184270-D391-4F4D-9717-EFF10F965DA8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{4F7F3196-8791-4FA4-ADDE-31FD483BBD7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{D716E208-A562-4D2B-9776-FBCDAEDE85EA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{25354B93-13FB-4B40-93DF-7B1A804CD3A2}] => (Allow) C:\Users\Chels\Downloads\uTorrent(2).exe
FirewallRules: [{173CAC2A-D857-4FFE-AB33-A5AAA70CF56B}] => (Allow) C:\Users\Chels\Downloads\uTorrent(2).exe
FirewallRules: [{2DFE80E5-5EC7-4960-A94D-2BB7697C94A1}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{0C39EE6A-C106-4B65-A9CB-70E2F8C085D0}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{85A2AD99-2FC2-4AEE-8802-F4C9C2C3E446}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{371245EF-1F7D-42C3-B2F7-DF3A04E88FC7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{11E407A1-D94D-49A1-9E19-8F4D531254DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B37FE33D-1FBA-4C13-A180-C34C6B7694DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D683580-A014-484D-8D7E-A630F8454FDD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F2E9C7FC-DE08-4BFA-935B-FAD86D73BEF8}] => (Allow) C:\Users\Chels\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{C140FB73-1147-497C-94DD-AA093B687ED7}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Block) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{B5BBFCE3-3750-4EFF-99AA-4A83214D878E}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Block) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [{1F03F295-6974-4C7C-81C4-5B0233E3A9F4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FEB9A374-4FEF-47A4-BBDE-4A7655D8CDF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{867644CD-B049-42F8-BD68-D0A5371468CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BA45DDE7-D724-4CDD-A376-69EAD2CBA31C}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{3C26B097-61B9-4F6D-973B-F7B1741F154F}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
==================== Restore Points =========================
07-09-2015 12:07:20 Scheduled Checkpoint
15-09-2015 00:00:03 Scheduled Checkpoint
26-11-2015 20:14:06 VAIO Care Automatic Restore Point
26-11-2015 20:19:36 VAIO Care Automatic Restore Point
31-03-2016 12:30:50 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2016 07:27:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2016 07:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0xdec
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Error: (04/01/2016 07:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x390
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Error: (04/01/2016 07:22:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2016 07:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2016 06:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2016 06:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x1564
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Error: (04/01/2016 06:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x37c
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Error: (04/01/2016 06:41:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2016 06:03:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
System errors:
=============
Error: (04/01/2016 07:31:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:
%%1056
Error: (04/01/2016 07:28:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056
Error: (04/01/2016 07:27:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056
Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 2 time(s).
Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2015-09-17 00:32:22.434
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-17 00:32:22.432
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-17 00:32:22.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-17 00:32:22.409
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-17 00:32:22.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-17 00:32:22.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-15 00:31:19.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-15 00:31:19.094
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-15 00:31:19.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-09-15 00:31:19.071
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 6091.86 MB
Available physical RAM: 4006.77 MB
Total Virtual: 12181.91 MB
Available Virtual: 9898.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:585.23 GB) (Free:500.71 GB) NTFS
Drive d: () (Fixed) (Total:88.25 GB) (Free:88.1 GB) NTFS
Drive f: (Movies) (Fixed) (Total:98.06 GB) (Free:10 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F90A0DB7)
Partition 1: (Not Active) - (Size=10.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=88.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98.1 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================