Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Virus Issue [Solved]

Started by Rob Handy , Apr 01 2016 07:06 PM

  • This topic is locked This topic is locked

#1
Rob Handy
Posted 01 April 2016 - 07:06 PM

Rob Handy

    New Member

  • Member
  • Pip
  • 6 posts

So my computer has a screen that keeps poping up that says "Your system has been blocked for security reasons"  Suspicious activity found on your computer, due to pop-up advertisement windows and invasive links.  The box has a fix now.  When I click the fix now, it goes through a process and then gives me a screen to call a 1-800 number.  I have to open task manager to close it.  It will come back in about 5 minutes and goes through the whole process again.

 

Thank you for your assistance.

 

Rob

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Chels (administrator) on CHELS-VAIO (01-04-2016 19:54:16)
Running from C:\Users\Chels\Desktop
Loaded Profiles: Chels (Available Profiles: Chels)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Provo Craft & Novelty, Inc.) C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Provo Craft & Novelty, Inc.) C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutBridge.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Run: [Cricut Design Space] => C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe [380744 2015-07-15] (Provo Craft & Novelty, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A3486D8C-4BD0-4D65-B1AB-CCCE0E230AD1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{B70413A0-9BB4-4545-9C2C-5AD506099061}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20160331-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-30] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-06] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-06] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
IE Session Restore: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> is enabled.
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.safesear.ch/?type=20160331-135-ie-sm

FireFox:
========
FF ProfilePath: C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default
FF NewTab: hxxp://www.safesear.ch/?type=20160331-135-ff-nt
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-30] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-06] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems)
FF Plugin: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut64R.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-06] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF Plugin-x32: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut32R.dll [No File]
FF SearchPlugin: C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\searchplugins\safesearch.xml [2016-03-31]
FF Extension: Simple - C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\Extensions\[email protected] [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Fast Web Browser\fastwebbrowser.exe hxxp://www.safesear.ch/?type=20160331-135-ff-sm

Chrome:
=======
CHR Profile: C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tab) - C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-05-09]
CHR Extension: (Simple) - C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-06-22]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.safesear.ch/?type=20160331-135-ch-sm

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2016-03-31] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 19:54 - 2016-04-01 19:54 - 00019377 _____ C:\Users\Chels\Desktop\FRST.txt
2016-04-01 19:53 - 2016-04-01 19:53 - 02374144 _____ (Farbar) C:\Users\Chels\Desktop\FRST64.exe
2016-04-01 19:50 - 2016-04-01 19:50 - 02374144 _____ (Farbar) C:\Users\Chels\Downloads\FRST64(1).exe
2016-04-01 19:47 - 2016-04-01 19:48 - 00043419 _____ C:\Users\Chels\Downloads\Addition.txt
2016-04-01 19:45 - 2016-04-01 19:54 - 00000000 ____D C:\FRST
2016-04-01 19:45 - 2016-04-01 19:48 - 00030696 _____ C:\Users\Chels\Downloads\FRST.txt
2016-04-01 19:45 - 2016-04-01 19:45 - 02374144 _____ (Farbar) C:\Users\Chels\Downloads\FRST64.exe
2016-04-01 15:32 - 2016-04-01 15:32 - 00001684 _____ C:\Windows\system32\.crusader
2016-03-31 11:57 - 2016-03-31 11:57 - 00000258 __RSH C:\Users\Chels\ntuser.pol
2016-03-31 11:38 - 2016-03-31 11:38 - 00001542 _____ C:\Users\Chels\AppData\Local\PDLSetup.20160331.113804.txt
2016-03-31 11:35 - 2016-04-01 15:32 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-31 11:34 - 2016-03-31 11:34 - 00002237 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002207 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002205 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002203 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00000000 ____D C:\Users\Chels\AppData\Local\Component
2016-03-31 11:33 - 2016-03-31 11:36 - 00000000 ____D C:\Users\Chels\AppData\Local\Fast Browser
2016-03-31 11:32 - 2016-03-31 11:32 - 00233728 _____ C:\Users\Chels\Downloads\HitmanProSetup.exe
2016-03-31 11:18 - 2016-04-01 19:21 - 00763394 _____ C:\Windows\ntbtlog.txt
2016-03-31 11:02 - 2016-03-31 11:02 - 00001022 _____ C:\Users\Chels\Desktop\JRT.txt
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Windows\ERUNT
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2016-03-31 10:57 - 2016-03-31 11:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\Wow_com
2016-03-31 10:57 - 2016-03-31 10:57 - 01706144 _____ (Thisisu) C:\Users\Chels\Downloads\Junkware Removal Tool Setup.exe
2016-03-31 10:56 - 2016-03-31 10:56 - 01044248 _____ ( ) C:\Users\Chels\Downloads\Junkware%20Removal%20Tool%20Setup.exe
2016-03-30 22:55 - 2016-03-30 22:57 - 00000000 ____D C:\AdwCleaner
2016-03-30 22:54 - 2016-03-30 22:55 - 03102720 _____ C:\Users\Chels\Downloads\adwcleaner_5.108.exe
2016-03-30 22:27 - 2016-03-30 22:27 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2016-03-30 22:26 - 2016-03-30 22:26 - 00801749 _____ C:\Users\Chels\AppData\Local\census.cache
2016-03-30 22:25 - 2016-03-30 22:25 - 00198125 _____ C:\Users\Chels\AppData\Local\ars.cache
2016-03-30 22:09 - 2016-03-30 22:23 - 00000000 ____D C:\Users\Chels\Desktop\Wedding
2016-03-30 21:47 - 2016-03-30 21:47 - 02527376 _____ (Trend Micro Inc.) C:\Users\Chels\Downloads\HousecallLauncher64.exe
2016-03-30 21:47 - 2016-03-30 21:47 - 00000036 _____ C:\Users\Chels\AppData\Local\housecall.guid.cache
2016-03-30 21:47 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup.exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (2).exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113800 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (1).exe
2016-03-30 19:54 - 2016-03-30 19:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-01 19:47 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-01 19:47 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-01 19:31 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 19:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-04-01 19:30 - 2016-02-01 19:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc.job
2016-04-01 19:30 - 2015-07-17 21:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-01 19:30 - 2013-10-16 19:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b.job
2016-04-01 19:30 - 2012-03-14 13:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18BF6B4F-3986-47FA-8216-B30BB8EB21D0}
2016-04-01 19:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 19:25 - 2009-07-14 00:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-01 19:00 - 2014-01-06 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-01 18:59 - 2012-04-02 23:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 17:09 - 2013-04-28 20:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\vlc
2016-04-01 15:17 - 2012-08-14 11:49 - 00000000 ____D C:\Users\Chels\AppData\Local\Adobe
2016-03-31 11:57 - 2012-03-14 13:36 - 00000000 ____D C:\Users\Chels
2016-03-31 11:34 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-31 11:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-31 11:33 - 2016-02-10 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-31 11:19 - 2009-07-13 23:45 - 00471696 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 11:06 - 2014-10-09 15:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-31 11:05 - 2012-03-14 13:37 - 00120592 _____ C:\Users\Chels\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-30 22:39 - 2015-06-05 21:08 - 00002323 _____ C:\Users\Chels\Desktop\Wikipedia.lnk
2016-03-30 22:39 - 2015-06-05 21:08 - 00002315 _____ C:\Users\Chels\Desktop\Hotmail.lnk
2016-03-30 22:36 - 2012-05-16 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-30 22:27 - 2015-08-02 19:01 - 00000000 ____D C:\Users\Chels\AppData\Local\{5CF0EAC3-BCB3-4069-9124-399DAD7CE647}
2016-03-30 21:57 - 2011-12-06 23:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-30 21:57 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-30 21:03 - 2012-05-23 13:03 - 00079682 _____ C:\test.xml
2016-03-30 21:00 - 2014-01-06 15:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-30 21:00 - 2014-01-06 15:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-30 21:00 - 2014-01-06 15:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:12 - 2015-06-21 15:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-30 20:10 - 2015-06-21 15:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-30 19:54 - 2012-04-02 23:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

==================== Files in the root of some directories =======

2014-10-29 21:13 - 2014-10-29 21:13 - 6000640 _____ () C:\Program Files (x86)\GUT1681.tmp
2016-03-30 22:25 - 2016-03-30 22:25 - 0198125 _____ () C:\Users\Chels\AppData\Local\ars.cache
2016-03-30 22:26 - 2016-03-30 22:26 - 0801749 _____ () C:\Users\Chels\AppData\Local\census.cache
2016-03-30 21:47 - 2016-03-30 21:47 - 0000036 _____ () C:\Users\Chels\AppData\Local\housecall.guid.cache
2012-04-20 12:45 - 2012-04-20 12:45 - 0001565 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20120420.124510.txt
2012-04-20 20:27 - 2012-04-20 20:27 - 0001566 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20120420.202703.txt
2013-05-12 17:03 - 2013-05-12 17:03 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20130512.170310.txt
2013-08-20 12:08 - 2013-08-20 12:08 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20130820.120808.txt
2013-12-06 00:24 - 2013-12-06 00:24 - 0001544 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20131205.232432.txt
2015-06-17 19:22 - 2015-06-17 19:22 - 0001592 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150617.192203.txt
2015-07-15 21:59 - 2015-07-15 21:59 - 0001590 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150715.215909.txt
2015-08-27 22:24 - 2015-08-27 22:24 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150827.222408.txt
2016-03-31 11:38 - 2016-03-31 11:38 - 0001542 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20160331.113804.txt
2014-09-11 23:54 - 2014-09-11 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-12-06 22:41 - 2011-12-06 22:41 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\Chels\AppData\Local\Temp\203c30be-a1b3-465e-85b3-a64b88ad19fa.exe
C:\Users\Chels\AppData\Local\Temp\7za.exe
C:\Users\Chels\AppData\Local\Temp\b010fee3-aeaf-4e68-8635-41b5e70fced7.exe
C:\Users\Chels\AppData\Local\Temp\BestVideoDownloader-S-Setup_Suite1_20120416.exe
C:\Users\Chels\AppData\Local\Temp\CricutUtilCL.exe
C:\Users\Chels\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chels\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Chels\AppData\Local\Temp\libeay32.dll
C:\Users\Chels\AppData\Local\Temp\lowproc.exe
C:\Users\Chels\AppData\Local\Temp\msvcr120.dll
C:\Users\Chels\AppData\Local\Temp\oixjbngf.dll
C:\Users\Chels\AppData\Local\Temp\RealPlayer_20120604.exe
C:\Users\Chels\AppData\Local\Temp\ronlspzb.dll
C:\Users\Chels\AppData\Local\Temp\sqlite3.dll
C:\Users\Chels\AppData\Local\Temp\sqlite3.exe
C:\Users\Chels\AppData\Local\Temp\stubhelper.dll
C:\Users\Chels\AppData\Local\Temp\tbVuze.dll
C:\Users\Chels\AppData\Local\Temp\winzip1632_2_wrapped.exe
C:\Users\Chels\AppData\Local\Temp\YontooIEClient.dll
C:\Users\Chels\AppData\Local\Temp\z1upd53969.exe
C:\Users\Chels\AppData\Local\Temp\z1upd57452.exe
C:\Users\Chels\AppData\Local\Temp\z1upd60347.exe
C:\Users\Chels\AppData\Local\Temp\zxupd63438.exe
C:\Users\Chels\AppData\Local\Temp\zxupd68222.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-31 12:23

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Chels (2016-04-01 19:54:31)
Running from C:\Users\Chels\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-14 18:36:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3644521110-2743841406-1338499732-500 - Administrator - Disabled)
Chels (S-1-5-21-3644521110-2743841406-1338499732-1000 - Administrator - Enabled) => C:\Users\Chels
Guest (S-1-5-21-3644521110-2743841406-1338499732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3644521110-2743841406-1338499732-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.444 - ArcSoft)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
Cricut Design Space Client (HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Cricut Design Space Client) (Version: 3.1507.1507.4015 - Provo Craft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Photosmart 6510 series Basic Device Software (HKLM\...\{1952AED6-2908-418F-B9D8-AC359651F92D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version:  - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.5.02.12220 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO - Media Gallery (x32 Version: 1.5.0.16020 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
VAIO - Remote Keyboard (x32 Version: 1.0.1.03020 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.0.15030 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.0.0.03050 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.3.0.11090 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.493.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 16.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09E3E14E-5927-4759-9B96-D52F94163FC6} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {0A9DCC41-CF50-41F5-99DA-DC1969D0EC35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0CCEC324-7709-4107-8817-205F5A3AC1D6} - System32\Tasks\{b892d89f-cade-4f10-a61e-5493d54be5ca} => C:\Users\Chels\AppData\Roaming\SenseIUpdater\SenseIUpdaterN8.exe [2015-06-05] ()
Task: {1A463480-AB16-467E-8044-15EADF6B42B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {1A71880A-F85B-4CB7-8FC5-9E75A36A4DF0} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {253FB42F-EDF6-460B-9D9E-55F352DD711B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {2BEEF6F4-76DB-49DB-9841-5E77B09D04A0} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {2BEF14E7-6CD6-43C0-B997-FCE39D8D8BBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {34EBEC58-CE8D-4D62-82EB-45ADE6D040F4} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {39025FE9-D181-44DB-B27D-8B3B611DDCB9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-30] (Microsoft Corporation)
Task: {399BE0EB-CB4E-4706-99DA-8272DE2F9744} - System32\Tasks\AdobeAAMUpdater-1.0-Chels-VAIO-Chels => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {462C3873-A281-4A97-9B76-CD9D4A58456A} - System32\Tasks\VAIO® Messenger (Chels) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {4CFE7133-A907-4B40-B049-6D2928E94F03} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {4E250F68-5CAE-464A-B7CA-5DC3D5F9787A} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {560A4FCE-1F9A-4E53-91A9-31A2A1C8BD83} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
Task: {6D435025-533A-4B0C-94BD-06C06AA2F605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {74AD1128-0E4F-490D-A681-F554512462E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-30] (Adobe Systems Incorporated)
Task: {85002AC7-CA9B-439F-BB36-A7DB37349CE6} - System32\Tasks\Winfix Helper => C:\Program Files (x86)\Winfix 10 Pro\\WinfixHelper.exe <==== ATTENTION
Task: {8EEB7506-C47D-4C16-AF1E-046B5B36AE85} - System32\Tasks\{87857FA6-55FC-4C89-B823-D38F4C47CEC8} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {9020AAAB-1CF8-4811-9D1D-BD2D6264CC95} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3644521110-2743841406-1338499732-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9677B03A-B740-4D29-8A73-456CD1CF94AF} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {9D6792B4-474A-4F0A-8D74-3E6B6FB7E893} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A92C3CCF-8960-4ADA-8A6B-987B70D47641} - System32\Tasks\HP Photosmart 6510 series.exe_{E67ED713-A0E8-4516-BDCE-604839D73A86} => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HP Photosmart 6510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AA58FE87-4851-40CD-AB81-C6629D9F59C2} - System32\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CF9F89FF-C8DE-4E5F-9EB5-D356C0F38C0C} - System32\Tasks\Winfix 10 Auto Start Logon => C:\Program Files (x86)\Winfix 10 Pro\Winfix 10.exe <==== ATTENTION
Task: {D739A6EE-8FE4-43CB-B9EB-28DBD24B3A00} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {DE7A6190-CF6B-43C4-9A26-45BD3FBF1F87} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3644521110-2743841406-1338499732-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E5A7C88A-ECE5-497D-A803-50E073AA6C70} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DDNi Startup.job => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe&VAIO Messenger VAIO Messenger.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-21 15:38 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-01 19:58 - 2016-02-01 19:58 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-03-29 20:46 - 2011-03-29 03:47 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-06-13 14:16 - 2015-06-13 14:16 - 31404192 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-12-07 00:06 - 2011-02-25 20:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-06 23:21 - 2011-03-05 19:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2012-05-15 11:30 - 2012-05-15 11:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\005e39dd4fc7c1bda871002fd7d32f4b\IsdiInterop.ni.dll
2011-12-06 22:48 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-06-09 22:36 - 2015-06-09 22:36 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chels\Downloads\Quicken H B 2015 Downloader__3687_i1530896120_il1048147.exe:typelib [4042]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4A3E48BB-83BF-4B5A-8814-7CBFD9AD92DE}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{467059AA-80E7-418F-B3DE-16F858993192}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{1358C75C-FE4E-4FE5-9094-5796DDD154EE}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{CA5FFD61-9357-4C7C-874E-64AFCBEA5764}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{338EDD3F-CDF1-49B8-93D1-46F222217E3B}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{867FBEEC-F279-4535-9771-9DEB1CA24B7E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{7B0F1BBD-5690-40E4-B977-070BA2E9442D}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{6F5FFEE1-9946-4029-A5C0-0B31CA55E55B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7F9A06E1-C79B-4232-A311-A5645B7A048B}] => (Allow) LPort=2869
FirewallRules: [{58896B8F-24C9-4878-A632-8162938CCFFC}] => (Allow) LPort=1900
FirewallRules: [{20C7A238-E2D0-409D-9720-EE258B72F29E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B1195514-292C-46E3-A16D-5491F875DADB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1262F8B8-6113-4523-8F9F-58A8DBCB206F}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{B25CBE44-8CA4-4687-B742-70DEE29BFF5B}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{BB7B1569-8750-461F-B7E9-E4524F2B8A63}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{0A505F0C-816B-466B-9407-5F53992EE678}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{288760D9-1E40-4EC7-847B-0701BB51AF6C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{0BA15F0D-F61B-4BBA-844C-847CB5294233}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{8D96ECE0-3220-4786-A64C-FF4CF7258768}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C4B4638D-46B4-429E-95CB-9E4838755653}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{CC5F5958-8DB6-4928-A765-EAC7A8FC8AB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E5E10BC-E90E-4CC8-8B64-41786CB304CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46EEDD22-FFCF-40DF-9833-75B8C4DA762B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{54392297-63E2-44D4-B82E-3BC0EA2F7A48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8F049CF-2D02-4673-9A9C-9B2CBED14CE6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{D36EC83F-F10D-4D11-9257-DBCFE1F3CE0E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{7521F05A-B07A-4F56-A154-7F7262194C09}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{D5184270-D391-4F4D-9717-EFF10F965DA8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{4F7F3196-8791-4FA4-ADDE-31FD483BBD7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{D716E208-A562-4D2B-9776-FBCDAEDE85EA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{25354B93-13FB-4B40-93DF-7B1A804CD3A2}] => (Allow) C:\Users\Chels\Downloads\uTorrent(2).exe
FirewallRules: [{173CAC2A-D857-4FFE-AB33-A5AAA70CF56B}] => (Allow) C:\Users\Chels\Downloads\uTorrent(2).exe
FirewallRules: [{2DFE80E5-5EC7-4960-A94D-2BB7697C94A1}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{0C39EE6A-C106-4B65-A9CB-70E2F8C085D0}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{85A2AD99-2FC2-4AEE-8802-F4C9C2C3E446}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{371245EF-1F7D-42C3-B2F7-DF3A04E88FC7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{11E407A1-D94D-49A1-9E19-8F4D531254DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B37FE33D-1FBA-4C13-A180-C34C6B7694DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D683580-A014-484D-8D7E-A630F8454FDD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F2E9C7FC-DE08-4BFA-935B-FAD86D73BEF8}] => (Allow) C:\Users\Chels\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{C140FB73-1147-497C-94DD-AA093B687ED7}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Block) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{B5BBFCE3-3750-4EFF-99AA-4A83214D878E}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Block) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [{1F03F295-6974-4C7C-81C4-5B0233E3A9F4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FEB9A374-4FEF-47A4-BBDE-4A7655D8CDF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{867644CD-B049-42F8-BD68-D0A5371468CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BA45DDE7-D724-4CDD-A376-69EAD2CBA31C}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{3C26B097-61B9-4F6D-973B-F7B1741F154F}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe

==================== Restore Points =========================

07-09-2015 12:07:20 Scheduled Checkpoint
15-09-2015 00:00:03 Scheduled Checkpoint
26-11-2015 20:14:06 VAIO Care Automatic Restore Point
26-11-2015 20:19:36 VAIO Care Automatic Restore Point
31-03-2016 12:30:50 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2016 07:27:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 07:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0xdec
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (04/01/2016 07:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x390
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (04/01/2016 07:22:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 07:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 06:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 06:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x1564
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (04/01/2016 06:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x37c
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (04/01/2016 06:41:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 06:03:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (04/01/2016 07:31:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:
%%1056

Error: (04/01/2016 07:28:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056

Error: (04/01/2016 07:27:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-09-17 00:32:22.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 6091.86 MB
Available physical RAM: 4006.77 MB
Total Virtual: 12181.91 MB
Available Virtual: 9898.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.23 GB) (Free:500.71 GB) NTFS
Drive d: () (Fixed) (Total:88.25 GB) (Free:88.1 GB) NTFS
Drive f: (Movies) (Fixed) (Total:98.06 GB) (Free:10 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F90A0DB7)
Partition 1: (Not Active) - (Size=10.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=88.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
Essexboy
Posted 02 April 2016 - 03:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you do not appear to have any virus/malware protection

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2016-03-31 11:33 - 2016-03-31 11:36 - 00000000 ____D C:\Users\Chels\AppData\Local\Fast Browser
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2016-03-31 10:57 - 2016-03-31 11:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\Wow_com
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup.exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (2).exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113800 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (1).exe
2016-04-01 19:30 - 2015-07-17 21:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-30 22:27 - 2015-08-02 19:01 - 00000000 ____D C:\Users\Chels\AppData\Local\{5CF0EAC3-BCB3-4069-9124-399DAD7CE647}
2016-03-30 20:12 - 2015-06-21 15:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
Task: {85002AC7-CA9B-439F-BB36-A7DB37349CE6} - System32\Tasks\Winfix Helper => C:\Program Files (x86)\Winfix 10 Pro\\WinfixHelper.exe <==== ATTENTION
Task: {CF9F89FF-C8DE-4E5F-9EB5-D356C0F38C0C} - System32\Tasks\Winfix 10 Auto Start Logon => C:\Program Files (x86)\Winfix 10 Pro\Winfix 10.exe <==== ATTENTION
C:\Program Files (x86)\Winfix 10 Pro
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Rob Handy
Posted 02 April 2016 - 05:42 AM

Rob Handy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thank you for your help.

 

Here is the info you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Chels (administrator) on CHELS-VAIO (02-04-2016 06:20:36)
Running from C:\Users\Chels\Desktop
Loaded Profiles: Chels (Available Profiles: Chels)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Provo Craft & Novelty, Inc.) C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Provo Craft & Novelty, Inc.) C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutBridge.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Run: [Cricut Design Space] => C:\Users\Chels\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe [380744 2015-07-15] (Provo Craft & Novelty, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A3486D8C-4BD0-4D65-B1AB-CCCE0E230AD1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{B70413A0-9BB4-4545-9C2C-5AD506099061}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20160331-135-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20160331-135-ie
HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-30] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-30] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-06] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-06] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
IE Session Restore: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000 -> is enabled.
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.safesear.ch/?type=20160331-135-ie-sm

FireFox:
========
FF ProfilePath: C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default
FF NewTab: hxxp://www.safesear.ch/?type=20160331-135-ff-nt
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-30] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-06] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems)
FF Plugin: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut64R.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-06] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF Plugin-x32: provocraft.com/Cricut -> C:\Program Files (x86)\CricutDesignSpace\NPAPI\npCricut32R.dll [No File]
FF SearchPlugin: C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\searchplugins\safesearch.xml [2016-03-31]
FF Extension: Simple - C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\Extensions\[email protected] [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Fast Web Browser\fastwebbrowser.exe hxxp://www.safesear.ch/?type=20160331-135-ff-sm

Chrome:
=======
CHR Profile: C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tab) - C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-05-09]
CHR Extension: (Simple) - C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-06-22]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.safesear.ch/?type=20160331-135-ch-sm

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2016-03-31] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 06:19 - 2016-04-02 06:19 - 00001519 _____ C:\Users\Chels\Desktop\fixlist.txt
2016-04-01 19:54 - 2016-04-02 06:20 - 00019477 _____ C:\Users\Chels\Desktop\FRST.txt
2016-04-01 19:54 - 2016-04-01 19:54 - 00043417 _____ C:\Users\Chels\Desktop\Addition.txt
2016-04-01 19:53 - 2016-04-01 19:53 - 02374144 _____ (Farbar) C:\Users\Chels\Desktop\FRST64.exe
2016-04-01 19:50 - 2016-04-01 19:50 - 02374144 _____ (Farbar) C:\Users\Chels\Downloads\FRST64(1).exe
2016-04-01 19:47 - 2016-04-01 19:48 - 00043419 _____ C:\Users\Chels\Downloads\Addition.txt
2016-04-01 19:45 - 2016-04-02 06:20 - 00000000 ____D C:\FRST
2016-04-01 19:45 - 2016-04-01 19:48 - 00030696 _____ C:\Users\Chels\Downloads\FRST.txt
2016-04-01 19:45 - 2016-04-01 19:45 - 02374144 _____ (Farbar) C:\Users\Chels\Downloads\FRST64.exe
2016-04-01 15:32 - 2016-04-01 15:32 - 00001684 _____ C:\Windows\system32\.crusader
2016-03-31 11:57 - 2016-03-31 11:57 - 00000258 __RSH C:\Users\Chels\ntuser.pol
2016-03-31 11:38 - 2016-03-31 11:38 - 00001542 _____ C:\Users\Chels\AppData\Local\PDLSetup.20160331.113804.txt
2016-03-31 11:35 - 2016-04-01 15:32 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-31 11:34 - 2016-03-31 11:34 - 00002237 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002207 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002205 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00002203 _____ C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2016-03-31 11:34 - 2016-03-31 11:34 - 00000000 ____D C:\Users\Chels\AppData\Local\Component
2016-03-31 11:33 - 2016-03-31 11:36 - 00000000 ____D C:\Users\Chels\AppData\Local\Fast Browser
2016-03-31 11:32 - 2016-03-31 11:32 - 00233728 _____ C:\Users\Chels\Downloads\HitmanProSetup.exe
2016-03-31 11:18 - 2016-04-01 19:21 - 00763394 _____ C:\Windows\ntbtlog.txt
2016-03-31 11:02 - 2016-03-31 11:02 - 00001022 _____ C:\Users\Chels\Desktop\JRT.txt
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Windows\ERUNT
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2016-03-31 10:57 - 2016-03-31 11:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\Wow_com
2016-03-31 10:57 - 2016-03-31 10:57 - 01706144 _____ (Thisisu) C:\Users\Chels\Downloads\Junkware Removal Tool Setup.exe
2016-03-31 10:56 - 2016-03-31 10:56 - 01044248 _____ ( ) C:\Users\Chels\Downloads\Junkware%20Removal%20Tool%20Setup.exe
2016-03-30 22:55 - 2016-03-30 22:57 - 00000000 ____D C:\AdwCleaner
2016-03-30 22:54 - 2016-03-30 22:55 - 03102720 _____ C:\Users\Chels\Downloads\adwcleaner_5.108.exe
2016-03-30 22:27 - 2016-03-30 22:27 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2016-03-30 22:26 - 2016-03-30 22:26 - 00801749 _____ C:\Users\Chels\AppData\Local\census.cache
2016-03-30 22:25 - 2016-03-30 22:25 - 00198125 _____ C:\Users\Chels\AppData\Local\ars.cache
2016-03-30 22:09 - 2016-03-30 22:23 - 00000000 ____D C:\Users\Chels\Desktop\Wedding
2016-03-30 21:47 - 2016-03-30 21:47 - 02527376 _____ (Trend Micro Inc.) C:\Users\Chels\Downloads\HousecallLauncher64.exe
2016-03-30 21:47 - 2016-03-30 21:47 - 00000036 _____ C:\Users\Chels\AppData\Local\housecall.guid.cache
2016-03-30 21:47 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup.exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (2).exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113800 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (1).exe
2016-03-30 19:54 - 2016-03-30 19:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 06:00 - 2014-01-06 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-02 05:59 - 2012-04-02 23:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 02:00 - 2012-08-14 11:49 - 00000000 ____D C:\Users\Chels\AppData\Local\Adobe
2016-04-01 22:11 - 2013-10-16 19:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b.job
2016-04-01 21:12 - 2012-03-14 13:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18BF6B4F-3986-47FA-8216-B30BB8EB21D0}
2016-04-01 19:59 - 2016-02-01 19:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc.job
2016-04-01 19:47 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-01 19:47 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-01 19:31 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 19:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-04-01 19:30 - 2015-07-17 21:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-01 19:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 19:25 - 2009-07-14 00:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-01 17:09 - 2013-04-28 20:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\vlc
2016-03-31 11:57 - 2012-03-14 13:36 - 00000000 ____D C:\Users\Chels
2016-03-31 11:34 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-31 11:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-31 11:33 - 2016-02-10 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-31 11:19 - 2009-07-13 23:45 - 00471696 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 11:06 - 2014-10-09 15:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-31 11:05 - 2012-03-14 13:37 - 00120592 _____ C:\Users\Chels\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-30 22:39 - 2015-06-05 21:08 - 00002323 _____ C:\Users\Chels\Desktop\Wikipedia.lnk
2016-03-30 22:39 - 2015-06-05 21:08 - 00002315 _____ C:\Users\Chels\Desktop\Hotmail.lnk
2016-03-30 22:36 - 2012-05-16 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-30 22:27 - 2015-08-02 19:01 - 00000000 ____D C:\Users\Chels\AppData\Local\{5CF0EAC3-BCB3-4069-9124-399DAD7CE647}
2016-03-30 21:57 - 2011-12-06 23:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-30 21:57 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-30 21:03 - 2012-05-23 13:03 - 00079682 _____ C:\test.xml
2016-03-30 21:00 - 2014-01-06 15:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-30 21:00 - 2014-01-06 15:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-30 21:00 - 2014-01-06 15:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:12 - 2015-06-21 15:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-30 20:10 - 2015-06-21 15:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-30 19:54 - 2012-04-02 23:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

==================== Files in the root of some directories =======

2014-10-29 21:13 - 2014-10-29 21:13 - 6000640 _____ () C:\Program Files (x86)\GUT1681.tmp
2016-03-30 22:25 - 2016-03-30 22:25 - 0198125 _____ () C:\Users\Chels\AppData\Local\ars.cache
2016-03-30 22:26 - 2016-03-30 22:26 - 0801749 _____ () C:\Users\Chels\AppData\Local\census.cache
2016-03-30 21:47 - 2016-03-30 21:47 - 0000036 _____ () C:\Users\Chels\AppData\Local\housecall.guid.cache
2012-04-20 12:45 - 2012-04-20 12:45 - 0001565 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20120420.124510.txt
2012-04-20 20:27 - 2012-04-20 20:27 - 0001566 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20120420.202703.txt
2013-05-12 17:03 - 2013-05-12 17:03 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20130512.170310.txt
2013-08-20 12:08 - 2013-08-20 12:08 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20130820.120808.txt
2013-12-06 00:24 - 2013-12-06 00:24 - 0001544 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20131205.232432.txt
2015-06-17 19:22 - 2015-06-17 19:22 - 0001592 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150617.192203.txt
2015-07-15 21:59 - 2015-07-15 21:59 - 0001590 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150715.215909.txt
2015-08-27 22:24 - 2015-08-27 22:24 - 0001567 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20150827.222408.txt
2016-03-31 11:38 - 2016-03-31 11:38 - 0001542 _____ () C:\Users\Chels\AppData\Local\PDLSetup.20160331.113804.txt
2014-09-11 23:54 - 2014-09-11 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-12-06 22:41 - 2011-12-06 22:41 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\Chels\AppData\Local\Temp\203c30be-a1b3-465e-85b3-a64b88ad19fa.exe
C:\Users\Chels\AppData\Local\Temp\7za.exe
C:\Users\Chels\AppData\Local\Temp\b010fee3-aeaf-4e68-8635-41b5e70fced7.exe
C:\Users\Chels\AppData\Local\Temp\BestVideoDownloader-S-Setup_Suite1_20120416.exe
C:\Users\Chels\AppData\Local\Temp\CricutUtilCL.exe
C:\Users\Chels\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chels\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Chels\AppData\Local\Temp\libeay32.dll
C:\Users\Chels\AppData\Local\Temp\lowproc.exe
C:\Users\Chels\AppData\Local\Temp\msvcr120.dll
C:\Users\Chels\AppData\Local\Temp\oixjbngf.dll
C:\Users\Chels\AppData\Local\Temp\RealPlayer_20120604.exe
C:\Users\Chels\AppData\Local\Temp\ronlspzb.dll
C:\Users\Chels\AppData\Local\Temp\sqlite3.dll
C:\Users\Chels\AppData\Local\Temp\sqlite3.exe
C:\Users\Chels\AppData\Local\Temp\stubhelper.dll
C:\Users\Chels\AppData\Local\Temp\tbVuze.dll
C:\Users\Chels\AppData\Local\Temp\winzip1632_2_wrapped.exe
C:\Users\Chels\AppData\Local\Temp\YontooIEClient.dll
C:\Users\Chels\AppData\Local\Temp\z1upd53969.exe
C:\Users\Chels\AppData\Local\Temp\z1upd57452.exe
C:\Users\Chels\AppData\Local\Temp\z1upd60347.exe
C:\Users\Chels\AppData\Local\Temp\zxupd63438.exe
C:\Users\Chels\AppData\Local\Temp\zxupd68222.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-31 12:23

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Chels (2016-04-02 06:20:54)
Running from C:\Users\Chels\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-14 18:36:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3644521110-2743841406-1338499732-500 - Administrator - Disabled)
Chels (S-1-5-21-3644521110-2743841406-1338499732-1000 - Administrator - Enabled) => C:\Users\Chels
Guest (S-1-5-21-3644521110-2743841406-1338499732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3644521110-2743841406-1338499732-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.444 - ArcSoft)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
Cricut Design Space Client (HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\Cricut Design Space Client) (Version: 3.1507.1507.4015 - Provo Craft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Photosmart 6510 series Basic Device Software (HKLM\...\{1952AED6-2908-418F-B9D8-AC359651F92D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version:  - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.5.02.12220 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO - Media Gallery (x32 Version: 1.5.0.16020 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
VAIO - Remote Keyboard (x32 Version: 1.0.1.03020 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.0.15030 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.0.0.03050 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.3.0.11090 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.493.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 16.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3644521110-2743841406-1338499732-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09E3E14E-5927-4759-9B96-D52F94163FC6} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {0A9DCC41-CF50-41F5-99DA-DC1969D0EC35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0CCEC324-7709-4107-8817-205F5A3AC1D6} - System32\Tasks\{b892d89f-cade-4f10-a61e-5493d54be5ca} => C:\Users\Chels\AppData\Roaming\SenseIUpdater\SenseIUpdaterN8.exe [2015-06-05] ()
Task: {1A463480-AB16-467E-8044-15EADF6B42B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {1A71880A-F85B-4CB7-8FC5-9E75A36A4DF0} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {253FB42F-EDF6-460B-9D9E-55F352DD711B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {2BEEF6F4-76DB-49DB-9841-5E77B09D04A0} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {2BEF14E7-6CD6-43C0-B997-FCE39D8D8BBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {34EBEC58-CE8D-4D62-82EB-45ADE6D040F4} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {39025FE9-D181-44DB-B27D-8B3B611DDCB9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-30] (Microsoft Corporation)
Task: {399BE0EB-CB4E-4706-99DA-8272DE2F9744} - System32\Tasks\AdobeAAMUpdater-1.0-Chels-VAIO-Chels => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {462C3873-A281-4A97-9B76-CD9D4A58456A} - System32\Tasks\VAIO® Messenger (Chels) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {4CFE7133-A907-4B40-B049-6D2928E94F03} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {4E250F68-5CAE-464A-B7CA-5DC3D5F9787A} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {560A4FCE-1F9A-4E53-91A9-31A2A1C8BD83} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
Task: {6D435025-533A-4B0C-94BD-06C06AA2F605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {74AD1128-0E4F-490D-A681-F554512462E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-30] (Adobe Systems Incorporated)
Task: {85002AC7-CA9B-439F-BB36-A7DB37349CE6} - System32\Tasks\Winfix Helper => C:\Program Files (x86)\Winfix 10 Pro\\WinfixHelper.exe <==== ATTENTION
Task: {8EEB7506-C47D-4C16-AF1E-046B5B36AE85} - System32\Tasks\{87857FA6-55FC-4C89-B823-D38F4C47CEC8} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {9020AAAB-1CF8-4811-9D1D-BD2D6264CC95} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3644521110-2743841406-1338499732-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9677B03A-B740-4D29-8A73-456CD1CF94AF} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {9D6792B4-474A-4F0A-8D74-3E6B6FB7E893} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A92C3CCF-8960-4ADA-8A6B-987B70D47641} - System32\Tasks\HP Photosmart 6510 series.exe_{E67ED713-A0E8-4516-BDCE-604839D73A86} => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HP Photosmart 6510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AA58FE87-4851-40CD-AB81-C6629D9F59C2} - System32\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CF9F89FF-C8DE-4E5F-9EB5-D356C0F38C0C} - System32\Tasks\Winfix 10 Auto Start Logon => C:\Program Files (x86)\Winfix 10 Pro\Winfix 10.exe <==== ATTENTION
Task: {D739A6EE-8FE4-43CB-B9EB-28DBD24B3A00} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {DE7A6190-CF6B-43C4-9A26-45BD3FBF1F87} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3644521110-2743841406-1338499732-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E5A7C88A-ECE5-497D-A803-50E073AA6C70} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DDNi Startup.job => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe&VAIO Messenger VAIO Messenger.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecad383fd5d7b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d5193e821cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-21 15:38 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-01 19:58 - 2016-02-01 19:58 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-03-29 20:46 - 2011-03-29 03:47 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-06-13 14:16 - 2015-06-13 14:16 - 31404192 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-12-07 00:06 - 2011-02-25 20:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2011-12-07 00:06 - 2011-02-25 20:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-06 23:21 - 2011-03-05 19:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2012-05-15 11:30 - 2012-05-15 11:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\005e39dd4fc7c1bda871002fd7d32f4b\IsdiInterop.ni.dll
2011-12-06 22:48 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-06-09 22:36 - 2015-06-09 22:36 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chels\Downloads\Quicken H B 2015 Downloader__3687_i1530896120_il1048147.exe:typelib [4042]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4A3E48BB-83BF-4B5A-8814-7CBFD9AD92DE}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{467059AA-80E7-418F-B3DE-16F858993192}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{1358C75C-FE4E-4FE5-9094-5796DDD154EE}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{CA5FFD61-9357-4C7C-874E-64AFCBEA5764}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{338EDD3F-CDF1-49B8-93D1-46F222217E3B}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{867FBEEC-F279-4535-9771-9DEB1CA24B7E}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{7B0F1BBD-5690-40E4-B977-070BA2E9442D}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{6F5FFEE1-9946-4029-A5C0-0B31CA55E55B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7F9A06E1-C79B-4232-A311-A5645B7A048B}] => (Allow) LPort=2869
FirewallRules: [{58896B8F-24C9-4878-A632-8162938CCFFC}] => (Allow) LPort=1900
FirewallRules: [{20C7A238-E2D0-409D-9720-EE258B72F29E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B1195514-292C-46E3-A16D-5491F875DADB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1262F8B8-6113-4523-8F9F-58A8DBCB206F}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{B25CBE44-8CA4-4687-B742-70DEE29BFF5B}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{BB7B1569-8750-461F-B7E9-E4524F2B8A63}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{0A505F0C-816B-466B-9407-5F53992EE678}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{288760D9-1E40-4EC7-847B-0701BB51AF6C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{0BA15F0D-F61B-4BBA-844C-847CB5294233}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{8D96ECE0-3220-4786-A64C-FF4CF7258768}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C4B4638D-46B4-429E-95CB-9E4838755653}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{CC5F5958-8DB6-4928-A765-EAC7A8FC8AB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E5E10BC-E90E-4CC8-8B64-41786CB304CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46EEDD22-FFCF-40DF-9833-75B8C4DA762B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{54392297-63E2-44D4-B82E-3BC0EA2F7A48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8F049CF-2D02-4673-9A9C-9B2CBED14CE6}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{D36EC83F-F10D-4D11-9257-DBCFE1F3CE0E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{7521F05A-B07A-4F56-A154-7F7262194C09}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{D5184270-D391-4F4D-9717-EFF10F965DA8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{4F7F3196-8791-4FA4-ADDE-31FD483BBD7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{D716E208-A562-4D2B-9776-FBCDAEDE85EA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{25354B93-13FB-4B40-93DF-7B1A804CD3A2}] => (Allow) C:\Users\Chels\Downloads\uTorrent(2).exe
FirewallRules: [{173CAC2A-D857-4FFE-AB33-A5AAA70CF56B}] => (Allow) C:\Users\Chels\Downloads\uTorrent(2).exe
FirewallRules: [{2DFE80E5-5EC7-4960-A94D-2BB7697C94A1}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{0C39EE6A-C106-4B65-A9CB-70E2F8C085D0}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{85A2AD99-2FC2-4AEE-8802-F4C9C2C3E446}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{371245EF-1F7D-42C3-B2F7-DF3A04E88FC7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{11E407A1-D94D-49A1-9E19-8F4D531254DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B37FE33D-1FBA-4C13-A180-C34C6B7694DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D683580-A014-484D-8D7E-A630F8454FDD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F2E9C7FC-DE08-4BFA-935B-FAD86D73BEF8}] => (Allow) C:\Users\Chels\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{C140FB73-1147-497C-94DD-AA093B687ED7}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Block) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{B5BBFCE3-3750-4EFF-99AA-4A83214D878E}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Block) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [{1F03F295-6974-4C7C-81C4-5B0233E3A9F4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FEB9A374-4FEF-47A4-BBDE-4A7655D8CDF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{867644CD-B049-42F8-BD68-D0A5371468CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BA45DDE7-D724-4CDD-A376-69EAD2CBA31C}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [UDP Query User{3C26B097-61B9-4F6D-973B-F7B1741F154F}C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\chels\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe

==================== Restore Points =========================

07-09-2015 12:07:20 Scheduled Checkpoint
15-09-2015 00:00:03 Scheduled Checkpoint
26-11-2015 20:14:06 VAIO Care Automatic Restore Point
26-11-2015 20:19:36 VAIO Care Automatic Restore Point
31-03-2016 12:30:50 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2016 03:35:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (04/02/2016 12:31:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/01/2016 07:27:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 07:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0xdec
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (04/01/2016 07:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x390
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (04/01/2016 07:22:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 07:10:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 06:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2016 06:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x1564
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (04/01/2016 06:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000005
Fault offset: 0x00000000000059a0
Faulting process id: 0x37c
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3


System errors:
=============
Error: (04/01/2016 07:31:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:
%%1056

Error: (04/01/2016 07:28:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056

Error: (04/01/2016 07:27:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/01/2016 07:26:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-09-17 00:32:22.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-17 00:32:22.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-15 00:31:19.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 6091.86 MB
Available physical RAM: 3646.38 MB
Total Virtual: 12181.91 MB
Available Virtual: 9361.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.23 GB) (Free:500.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F90A0DB7)
Partition 1: (Not Active) - (Size=10.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-04-02 06:31:19
-----------------------------
06:31:19.047    OS Version: Windows x64 6.1.7601 Service Pack 1
06:31:19.047    Number of processors: 4 586 0x2A07
06:31:19.047    ComputerName: CHELS-VAIO  UserName: Chels
06:31:25.359    Initialize success
06:31:25.530    VM: initialized successfully
06:31:25.532    VM: Intel CPU BiosDisabled
06:32:41.611    AVAST engine defs: 16033102
06:32:56.297    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:32:56.303    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
06:32:56.420    Disk 0 MBR read successfully
06:32:56.426    Disk 0 MBR scan
06:32:56.452    Disk 0 Windows 7 default MBR code
06:32:56.474    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        11099 MB offset 2048
06:32:56.491    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 22732800
06:32:56.500    Disk 0 default boot code
06:32:56.517    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       599279 MB offset 22937600
06:32:56.621    Disk 0 scanning C:\Windows\system32\drivers
06:33:07.888    Service scanning
06:33:44.648    Modules scanning
06:33:44.663    Disk 0 trace - called modules:
06:33:44.694    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
06:33:44.710    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800637c060]
06:33:44.726    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f42050]
06:33:46.520    AVAST engine scan C:\Windows
06:34:01.511    AVAST engine scan C:\Windows\system32
06:38:49.574    AVAST engine scan C:\Windows\system32\drivers
06:39:03.333    AVAST engine scan C:\Users\Chels
06:39:34.861    File: C:\Users\Chels\AppData\Local\{4DAB7251-D6CB-44D6-A844-75084EA2BE38}\OffersWizard.exe  **INFECTED** Win32:Malware-gen
06:39:35.017    File: C:\Users\Chels\AppData\Local\{4DAB7251-D6CB-44D6-A844-75084EA2BE38}\OffersWizardData.dll  **INFECTED** Win32:Adware-gen [Adw]
06:39:35.142    File: C:\Users\Chels\AppData\Local\{4DAB7251-D6CB-44D6-A844-75084EA2BE38}\OffersWizardDll.dll  **INFECTED** Win32:Adware-gen [Adw]
06:39:35.361    File: C:\Users\Chels\AppData\Local\{6011D57C-893D-4ED5-B751-C61F3C932F62}\OffersWizard.exe  **INFECTED** Win32:Malware-gen
06:39:35.470    File: C:\Users\Chels\AppData\Local\{6011D57C-893D-4ED5-B751-C61F3C932F62}\OffersWizardData.dll  **INFECTED** Win32:Adware-gen [Adw]
06:39:35.517    File: C:\Users\Chels\AppData\Local\{6011D57C-893D-4ED5-B751-C61F3C932F62}\OffersWizardDll.dll  **INFECTED** Win32:Adware-gen [Adw]
06:40:01.662    Disk 0 MBR has been saved successfully to "C:\Users\Chels\Desktop\MBR.dat"
06:40:01.678    The log file has been saved successfully to "C:\Users\Chels\Desktop\aswMBR.txt"

 


  • 0

#4
Essexboy
Posted 02 April 2016 - 06:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You do not appear to have run the Fix that was provided.. Lets try again.  Please read the following instructions

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2016-03-31 11:33 - 2016-03-31 11:36 - 00000000 ____D C:\Users\Chels\AppData\Local\Fast Browser
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2016-03-31 10:57 - 2016-03-31 11:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\Wow_com
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup.exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (2).exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113800 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (1).exe
2016-04-01 19:30 - 2015-07-17 21:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-30 22:27 - 2015-08-02 19:01 - 00000000 ____D C:\Users\Chels\AppData\Local\{5CF0EAC3-BCB3-4069-9124-399DAD7CE647}
2016-03-30 20:12 - 2015-06-21 15:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
Task: {85002AC7-CA9B-439F-BB36-A7DB37349CE6} - System32\Tasks\Winfix Helper => C:\Program Files (x86)\Winfix 10 Pro\\WinfixHelper.exe <==== ATTENTION
Task: {CF9F89FF-C8DE-4E5F-9EB5-D356C0F38C0C} - System32\Tasks\Winfix 10 Auto Start Logon => C:\Program Files (x86)\Winfix 10 Pro\Winfix 10.exe <==== ATTENTION
C:\Program Files (x86)\Winfix 10 Pro
C:\Users\Chels\AppData\Local\{4DAB7251-D6CB-44D6-A844-75084EA2BE38}
C:\Users\Chels\AppData\Local\{6011D57C-893D-4ED5-B751-C61F3C932F62}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#5
Rob Handy
Posted 02 April 2016 - 05:21 PM

Rob Handy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I am not sure if I did the scan correctly.  I copied the notepad info...the FRST64 is on my desktop and that is where I saved the notepad fix list.

 

Here were the results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Chels (2016-04-02 18:15:04) Run:2
Running from C:\Users\Chels\Desktop
Loaded Profiles: Chels (Available Profiles: Chels)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
2016-03-31 11:33 - 2016-03-31 11:36 - 00000000 ____D C:\Users\Chels\AppData\Local\Fast Browser
2016-03-31 10:58 - 2016-03-31 10:58 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2016-03-31 10:57 - 2016-03-31 11:00 - 00000000 ____D C:\Users\Chels\AppData\Roaming\Wow_com
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup.exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113824 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (2).exe
2016-03-30 21:40 - 2016-03-30 21:40 - 00113800 _____ (Astalavista) C:\Users\Chels\Downloads\fix_my_pc_Setup (1).exe
2016-04-01 19:30 - 2015-07-17 21:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-30 22:27 - 2015-08-02 19:01 - 00000000 ____D C:\Users\Chels\AppData\Local\{5CF0EAC3-BCB3-4069-9124-399DAD7CE647}
2016-03-30 20:12 - 2015-06-21 15:49 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
Task: {85002AC7-CA9B-439F-BB36-A7DB37349CE6} - System32\Tasks\Winfix Helper => C:\Program Files (x86)\Winfix 10 Pro\\WinfixHelper.exe <==== ATTENTION
Task: {CF9F89FF-C8DE-4E5F-9EB5-D356C0F38C0C} - System32\Tasks\Winfix 10 Auto Start Logon => C:\Program Files (x86)\Winfix 10 Pro\Winfix 10.exe <==== ATTENTION
C:\Program Files (x86)\Winfix 10 Pro
C:\Users\Chels\AppData\Local\{4DAB7251-D6CB-44D6-A844-75084EA2BE38}
C:\Users\Chels\AppData\Local\{6011D57C-893D-4ED5-B751-C61F3C932F62}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"C:\Users\Chels\AppData\Local\Fast Browser" => not found.
"C:\Program Files (x86)\PCAPDownloader" => not found.
"C:\Users\Chels\AppData\Roaming\Wow_com" => not found.
"C:\Users\Chels\Downloads\fix_my_pc_Setup.exe" => not found.
"C:\Users\Chels\Downloads\fix_my_pc_Setup (2).exe" => not found.
"C:\Users\Chels\Downloads\fix_my_pc_Setup (1).exe" => not found.
C:\ProgramData\boost_interprocess => moved successfully
"C:\Users\Chels\AppData\Local\{5CF0EAC3-BCB3-4069-9124-399DAD7CE647}" => not found.
"C:\ProgramData\regid.1991-06.com.microsoft" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85002AC7-CA9B-439F-BB36-A7DB37349CE6} => key not found.
C:\Windows\System32\Tasks\Winfix Helper => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winfix Helper => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF9F89FF-C8DE-4E5F-9EB5-D356C0F38C0C} => key not found.
C:\Windows\System32\Tasks\Winfix 10 Auto Start Logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winfix 10 Auto Start Logon => key not found.
"C:\Program Files (x86)\Winfix 10 Pro" => not found.
C:\Users\Chels\AppData\Local\{4DAB7251-D6CB-44D6-A844-75084EA2BE38} => moved successfully
C:\Users\Chels\AppData\Local\{6011D57C-893D-4ED5-B751-C61F3C932F62} => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


  • 0

#6
Essexboy
Posted 04 April 2016 - 12:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is good now... How is the computer behaving at the moment

Have you thought about getting an antivirus programme

JHlUMFt.png Scan with Malwarebytes Anti-Malware
  • Please download Malwarebytes Anti-Malware to your desktop
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

  • 0

#7
Rob Handy
Posted 03 April 2016 - 07:56 AM

Rob Handy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Here is the scan log from malwarebytes.  So far it seems to be gone, have not seen it pop up since the reboot.  What anti-virus software would you recommend?

 

Thank you.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2016
Scan Time: 7:03 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.03.03
Rootkit Database: v2016.03.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chels

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 443948
Time Elapsed: 1 hr, 15 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [70ff5b4f6732d95d6e43c17305fe5ca4],
PUP.Optional.InstantSupport, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\InstantSupport_RASAPI32, No Action By User, [3a352b7f5a3faf8704bdf1961be940c0],
PUP.Optional.InstantSupport, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\InstantSupport_RASMANCS, No Action By User, [8ee1b1f95049c175536ee5a2719360a0],
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCAcceleratePro_RASAPI32, No Action By User, [86e979310c8dd85e5405dfa4e51fea16],
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCAcceleratePro_RASMANCS, No Action By User, [f57aa505ff9ad46282d7b3d0c63e58a8],
PUP.Optional.Iminent, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, No Action By User, [8be4b5f5fa9f7db99cb28a977b89d32d],
PUP.Optional.InstallCore, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\ICSW1.19, No Action By User, [c6a9beecf7a284b2013454cedb29bb45],
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [600faa0054454cea862c1d17cb3859a7],

Registry Values: 6
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, No Action By User, [4a253b6f4950b08602846a9ef212e31d]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.safesear....={searchTerms},No Action By User, [70ff5b4f6732d95d6e43c17305fe5ca4]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.safesear....={searchTerms},No Action By User, [313e2f7bf8a1a393ae0382b250b33fc1]
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe, 8888, No Action By User, [402f33776a2f5cda14c29ceb63a1f010]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.safesear....={searchTerms},No Action By User, [600faa0054454cea862c1d17cb3859a7]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.safesear....={searchTerms},No Action By User, [7ff0802a84152b0b951d74c00ff4bc44]

Registry Data: 15
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Fast Web Browser\fastwebbrowser.exe" http://www.safesear....60331-135-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Fast Web Browser\fastwebbrowser.exe" http://www.safesear....1-135-ff-sm),No Action By User,[511ef7b3712806306097230692731ee2]
PUP.Optional.SafeSear.ChrPRST, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear....60331-135-ch-sm, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear....1-135-ch-sm),No Action By User,[b8b75e4c6138da5c24d682a7be4738c8]
PUP.Optional.SafeSear.ChrPRST, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear....60331-135-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear....1-135-ie-sm),No Action By User,[b7b80f9bddbce15560988b9e8f7629d7]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Fast Web Browser\fastwebbrowser.exe" http://www.safesear....60331-135-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Fast Web Browser\fastwebbrowser.exe" http://www.safesear....1-135-ff-sm),No Action By User,[0a657832752430062dca5fcaa85d29d7]
PUP.Optional.SafeSear.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear....60331-135-ch-sm, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear....1-135-ch-sm),No Action By User,[442b9812badf003699619d8ca362d62a]
PUP.Optional.SafeSear.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear....60331-135-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear....1-135-ie-sm),No Action By User,[c5aa505aa8f1f442a25621089c698f71]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear....20160331-135-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20160331-135-ie),No Action By User,[422dd9d18c0def47de161b0eb352926e]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear....20160331-135-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20160331-135-ie),No Action By User,[b8b76d3d277280b617ddb07916ef0bf5]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.safesear....={searchTerms},Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}),No Action By User,[f8772486a3f66bcb7d777aaf34d126da]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.safesear....={searchTerms},Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}),No Action By User,[d49bd9d19801181e10e536f317ee6a96]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear....20160331-135-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20160331-135-ie),No Action By User,[99d62288455410265b9a52d7bf4648b8]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear....20160331-135-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20160331-135-ie),No Action By User,[d59a8b1ff5a4e65082733dec2bda2ed2]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://www.safesear....={searchTerms},Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}),No Action By User,[204fe6c4afea1f174aabd158d33245bb]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://www.safesear....={searchTerms},Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}),No Action By User,[3c33a2086435b28420d6e544b4510bf5]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3644521110-2743841406-1338499732-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear....={searchTerms},Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20160331-135-sshome-ie-df&q={searchTerms}),No Action By User,[e9861496069341f540b61019808505fb]

Folders: 6
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Chels\AppData\Local\Component, No Action By User, [6609dfcbe9b0ba7c02d34be85aa96898],
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config, No Action By User, [18570aa04455ec4a0c0e16170ef65ea2],
PUP.Optional.MyScrapNook, C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\MyScrapNook_12, No Action By User, [3738dfcb5148ab8ba8c7858b3bc8ef11],
PUP.Optional.Simple.ChrPRST, C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj, No Action By User, [0669208afc9d1d19541e43e39b684cb4],
PUP.Optional.Simple.ChrPRST, C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj\1.1_0, No Action By User, [0669208afc9d1d19541e43e39b684cb4],
Ransom.SenseiUpdater, C:\Users\Chels\AppData\Roaming\SenseIUpdater, Quarantined, [ea85cedcbfdaea4c0cb1877138ca8779],

Files: 24
PUP.Optional.InstallCore, C:\Users\Chels\Downloads\Junkware%20Removal%20Tool%20Setup.exe, No Action By User, [de919c0ea5f469cd4ea1c18eab5ae020],
PUP.Optional.Amonetize, C:\Users\Chels\Downloads\Quicken H B 2015 Downloader__3687_i1530896120_il1048147.exe, No Action By User, [9ed1a50568318da93ea26bbeb948bf41],
PUP.Optional.DownWare, C:\Users\Chels\Downloads\HitmanProSetup.exe, No Action By User, [bdb27436217839fd98fae42f7f839d63],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Chels\AppData\Local\Component\com.exe, No Action By User, [6609dfcbe9b0ba7c02d34be85aa96898],
PUP.Optional.Like, C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\extensions\[email protected], No Action By User, [333c802a7f1ad4626137ec38ff0534cc],
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config\ver.xml, No Action By User, [18570aa04455ec4a0c0e16170ef65ea2],
PUP.Optional.LSHAREit.Trace, C:\awh219F.tmp, No Action By User, [76f9dfcb6534fd39939d4d3944c09967],
PUP.Optional.LSHAREit.Trace, C:\awh3BA.tmp, No Action By User, [2649a50543567abc7db3ee98d52f8e72],
PUP.Optional.LSHAREit.Trace, C:\awh61E9.tmp, No Action By User, [cfa06d3d9108d561a68a147213f1619f],
PUP.Optional.LSHAREit.Trace, C:\awh74D0.tmp, No Action By User, [9ed10b9f57424aecbc74cabcb153659b],
PUP.Optional.LSHAREit.Trace, C:\awh93DF.tmp, No Action By User, [1c53e5c5980163d3e44cbfc79c685ca4],
PUP.Optional.LSHAREit.Trace, C:\awh9E60.tmp, No Action By User, [412eeebcfb9eab8bfd331a6ca75de020],
PUP.Optional.LSHAREit.Trace, C:\awhB5BD.tmp, No Action By User, [1e5197135445da5cc66a3e48fc08fc04],
PUP.Optional.LSHAREit.Trace, C:\awhDF4.tmp, No Action By User, [c9a62783ff9aa096e050176f0301e719],
PUP.Optional.LSHAREit.Trace, C:\awhFD51.tmp, No Action By User, [561942681a7fbb7b87a9602694702cd4],
PUP.Optional.Simple.ChrPRST, C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj\1.1_0\128.png, No Action By User, [0669208afc9d1d19541e43e39b684cb4],
PUP.Optional.Simple.ChrPRST, C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj\1.1_0\16.png, No Action By User, [0669208afc9d1d19541e43e39b684cb4],
PUP.Optional.Simple.ChrPRST, C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj\1.1_0\48.png, No Action By User, [0669208afc9d1d19541e43e39b684cb4],
PUP.Optional.Simple.ChrPRST, C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj\1.1_0\manifest.json, No Action By User, [0669208afc9d1d19541e43e39b684cb4],
PUP.Optional.Simple.ChrPRST, C:\Users\Chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj\1.1_0\script.js, No Action By User, [0669208afc9d1d19541e43e39b684cb4],
PUP.Optional.SafeSear.ShrtCln, C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.safesear....-135-ff-nt");),No Action By User,[2f409911dbbeaf873383450c53b29f61]
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Chels\AppData\Roaming\Mozilla\Firefox\Profiles\xjzs0js1.default\searchplugins\safesearch.xml, No Action By User, [056ac9e14059f046ee126eeb5aab05fb],
Ransom.SenseiUpdater, C:\Users\Chels\AppData\Roaming\SenseIUpdater\SenseIUpdaterN8.exe, Quarantined, [bcb39713772252e4c54295ba3fc6c53b],
Ransom.SenseiUpdater, C:\Windows\System32\Tasks\{b892d89f-cade-4f10-a61e-5493d54be5ca}, Quarantined, [254a5a50d9c0e155b54d61a0bd47bc44],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#8
Essexboy
Posted 03 April 2016 - 08:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

There are three available, Avast, Avira and AVG the choice would be yours.

 

Did you get MBAM to clean the traces it found ?


  • 0

#9
Rob Handy
Posted 03 April 2016 - 08:25 AM

Rob Handy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

All I had it clean were the things that were selected...I did not select anything manually.

 

If I need to run it again, I will.

 

Please advise.


  • 0

#10
Essexboy
Posted 03 April 2016 - 09:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can run again to double check but, if you selected clean then they should be gone

If you wish I can give you some links for Antivirus programmes that are free

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#11
Rob Handy
Posted 03 April 2016 - 12:10 PM

Rob Handy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thank you so much for all of your help.  I have installed the free version of AVG and all the software you advised.

 

All seems to be well.

 

Thank you again!


  • 0

#12
Essexboy
Posted 03 April 2016 - 01:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP