Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware preventing removal tools [Solved]


  • This topic is locked This topic is locked

#1
Caroline Clarke

Caroline Clarke

    New Member

  • Member
  • Pip
  • 8 posts
Hello, my laptop has recently got a virus/malware that has resulted in constant pop up ads and prevention of running security scans. After restarting it in safe mode I was still unable to run the scans. It is also preventing me from gaining access to the Internet and chrome only loads to run an advert, if I try to do anything else on it, it automatically closes.
This is very frustrating and any help would be greatly appreciated! Thank you :)
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you try to run this programme please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Caroline Clarke

Caroline Clarke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Caroline (administrator) on CLARKIE (14-04-2016 21:48:14)
Running from C:\Users\Caroline\Desktop
Loaded Profiles: Caroline (Available Profiles: Caroline)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
() C:\Users\Caroline\AppData\Local\brsrv\brsrv.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\jnsuDC06.tmp
() C:\Users\Caroline\AppData\Roaming\Reofh\Reofh.exe
() C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\knsdBDF.tmp
() C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\hnsoF2DC.tmp
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Advancedpccare.net) C:\Program Files\Advanced PC-Care\apc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TomorrowGames) C:\ProgramData\TomorrowGames\TomorrowGames.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
() C:\Users\Caroline\AppData\Roaming\Reofh\Zoargaamd.exe
() C:\Users\Caroline\AppData\Roaming\Reofh\Syizku.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Users\Caroline\AppData\Local\dply_en_015020294\updply_en_015020294.exe
(TomorrowGames) C:\ProgramData\TomorrowGames\TomorrowGames.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Caroline\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\dply_en_015020294\dply_en_015020294.exe
() C:\Program Files (x86)\rec_gb_247\rec_gb_247.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\ProgramData\Ronzap\Ronzap.exe
() C:\Users\Caroline\AppData\Local\Statlux.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\DNS Unlocker\dnswilliston.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Search Module Ltd.) C:\Program Files\Common Files\Soobzo\GDUpdate\smu.exe
() C:\Windows\Temp\5C5A.tmp
() C:\Users\Caroline\AppData\Local\DDB727A0-1460669759-11E2-824E-30F9EDC4D4EB\qnst630F.tmp
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
() C:\Windows\Temp\BC4D.tmp
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\ProgramData\Uurxreumruw\1.0.7.1\oxeeawaa.exe
() C:\ProgramData\Uurxreumruw\1.0.7.1\oxeeawaa.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [IDSCCOMZ22] => "C:\Program Files (x86)\Max Driver Updater\idsccom_Z22.exe"
HKLM\...\Run: [cpuminer] => C:\Users\Caroline\AppData\Roaming\cpuminer\cpm.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-08-07] (cyberlink)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [dply_en_015020294] => C:\Program Files (x86)\dply_en_015020294\dply_en_015020294.exe [4336816 2016-04-10] ()
HKLM-x32\...\Run: [rec_gb_247] => C:\Program Files (x86)\rec_gb_247\rec_gb_247.exe [3972272 2016-04-03] ()
HKLM-x32\...\Run: [mbot_en_037050293] => [X]
HKLM-x32\...\RunOnce: [updply_en_015020294.exe] => C:\Users\Caroline\AppData\Local\dply_en_015020294\updply_en_015020294.exe [3320496 2016-04-10] ()
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Caroline\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [Spotify Web Helper] => C:\Users\Caroline\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-07] (Spotify Ltd)
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [GoogleChromeAutoLaunch_5052852F0B4629A281C1BF6F1469CA88] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [Spybot-S&D Cleaning] => "E:\SpybotPortable\App\Spybot\SDCleaner.exe" /autoclean
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\RunOnce: [Uninstall C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\RunOnce: [Uninstall C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Policies\Explorer: [] 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-04-03] (Client Connect LTD)
AppInit_DLLs:  C:\ProgramData\Ronzap\Zundintom.dll => C:\ProgramData\Ronzap\Zundintom.dll [361984 2016-04-14] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-04-03] (Client Connect LTD)
AppInit_DLLs-x32:  C:\ProgramData\Ronzap\Quotecof.dll => C:\ProgramData\Ronzap\Quotecof.dll [257536 2016-04-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk [2014-06-30]
ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2016-03-10]
ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2015-12-06]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-219877153-197691950-3609309316-1001] => hxxp://un-stop.biz/wpad.dat?69a3ec30733689a2829c1537dc212a068684954
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1e481f7a-13e9-45ef-8474-1ca6bf08ecab}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{2600d5c3-6654-4e17-b209-5a1ff7b0cfa3}: [NameServer] 208.87.151.20,208.87.151.21
Tcpip\..\Interfaces\{2600d5c3-6654-4e17-b209-5a1ff7b0cfa3}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6c2f7249-4e2e-452f-a728-7d9f7733bed1}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{9c052ac2-8b95-4e54-8320-44ef1126e19f}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{9c052ac2-8b95-4e54-8320-44ef1126e19f}: [DhcpNameServer] 127.0.0.1
Tcpip\..\Interfaces\{bb316f1b-e1c6-4426-97c1-d6f39d0b7662}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{fdea5058-a42f-11e5-b507-806e6f6e6963}: [NameServer] 104.197.191.4
ManualProxies: 0hxxp://un-stop.biz/wpad.dat?69a3ec30733689a2829c1537dc212a068684954
 
Internet Explorer:
==================
HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms}
HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms}
HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms}
SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms}
SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> {D0341D0F-AC4B-4531-9F35-CB744F211C59} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=hxxp://shop.ebay.co.uk/?oemInLn=ieSrch-Q312&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-27] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-13] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-27] (Oracle Corporation)
BHO-x32: Oasis Space 1.0.0.7 -> {567dbf58-4713-45f4-a623-e7b41f898209} -> C:\Program Files (x86)\Oasis Space\OasisSpacebho.dll [2016-04-07] (Oasis Space)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-27] (Oracle Corporation)
BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2016-04-07] (Checked List)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-27] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-06-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-27] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-09-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-08-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-08-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-27] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-219877153-197691950-3609309316-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-14] ()
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://feed.wiki-search.me/?st=ds&query={searchTerms}
CHR DefaultSearchKeyword: Default -> Wiki Search.me
CHR Profile: C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Wiki Search.me) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip [2016-04-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 AppVerifier; C:\ProgramData\Appverifier\AppVerifierService.exe [39424 2016-04-04] (AppVerifierService) [File not signed]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 Bejfhojia; C:\Users\Caroline\AppData\Roaming\Reofh\Reofh.exe [174456 2016-04-10] ()
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-04-14] () [File not signed]
R2 brsrv; C:\Users\Caroline\AppData\Local\brsrv\brsrv.exe [104448 2016-03-06] () [File not signed]
S2 BugreportW; C:\Program Files (x86)\SpeedSearchesbnd\Bugreportauclt.exe [1627600 2016-04-09] ()
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [243728 2012-06-29] (CyberLink)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1200128 2016-04-14] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3253520 2016-04-03] (Client Connect LTD)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2782392 2013-12-31] (McAfee, Inc.)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-10] (DotC United Inc)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 nowuedctep; C:\Users\Caroline\AppData\Local\Statlux.exe [28160 2016-04-14] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-20] (Electronic Arts)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2015-11-10] (Mentor Graphics Corporation)
R2 rihelecezbt; C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\knsdBDF.tmp [250368 2016-04-11] () [File not signed]
R2 rijufoze; C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\hnsoF2DC.tmp [138240 2016-04-10] () [File not signed]
R2 rocufyky; C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\jnsuDC06.tmp [389632 2016-04-10] () [File not signed]
R2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [1200128 2016-04-14] () [File not signed]
S2 rsYVIpYm; C:\ProgramData\IseTPBjVl\rsYVIpYm.exe [3001832 2016-04-10] (Time Lapse Solutions)
R2 SMUpd; C:\Program Files\Common Files\Soobzo\GDUpdate\smu.exe [2454016 2016-04-06] (Search Module Ltd.) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-17] (SolidWorks) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Update Checked List; C:\Program Files (x86)\Checked List\updateCheckedList.exe [654536 2016-04-14] ()
S2 Update Oasis Space; C:\Program Files (x86)\Oasis Space\updateOasisSpace.exe [648392 2016-04-14] ()
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S2 Util Checked List; C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe [654536 2016-04-14] ()
S2 Util Oasis Space; C:\Program Files (x86)\Oasis Space\bin\utilOasisSpace.exe [648392 2016-04-14] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 WinSvces; C:\Program Files (x86)\WinSvces\WinSvces\WinSvces.exe [315408 2016-04-09] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-13] (Atheros) [File not signed]
R2 zigipyro; C:\Users\Caroline\AppData\Local\DDB727A0-1460669759-11E2-824E-30F9EDC4D4EB\qnst630F.tmp [158720 2015-12-26] () [File not signed]
S2 Iapisni; "C:\Users\Caroline\AppData\Roaming\LumdEpuyatv\Thupietr.exe" -cms [X]
S2 zdengine; C:\Program Files (x86)\QuickSearch\zdengine.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2016-04-10] ()
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65856 2016-04-10] (Windows ® Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-12-08] (CSR plc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-10] (DotC United Inc)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [29352 2016-01-10] ()
S3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-08-13] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
R3 SMUpdd; C:\Program Files\Common Files\Soobzo\GDUpdate\smw.sys [43264 2016-04-06] ()
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 zdwfp; C:\WINDOWS\system32\Drivers\zdwfp64.sys [46352 2016-03-04] (zdengine)
R1 {8fd16984-f872-41a4-8820-246c3230d450}Gw64; C:\Windows\System32\drivers\{8fd16984-f872-41a4-8820-246c3230d450}Gw64.sys [48744 2016-04-14] (StdLib)
R1 {dfdc7730-be9e-4dcb-ac28-14383da4b8a3}Gw64; C:\Windows\System32\drivers\{dfdc7730-be9e-4dcb-ac28-14383da4b8a3}Gw64.sys [48744 2016-04-14] (StdLib)
R1 {f2dc76ff-8604-4585-8824-8df11d37bd06}Gw64; C:\Windows\System32\drivers\{f2dc76ff-8604-4585-8824-8df11d37bd06}Gw64.sys [48744 2016-04-10] (StdLib)
R1 {fc3cdbfe-8a8e-406c-954a-8cb7370cfc8e}Gw64; C:\Windows\System32\drivers\{fc3cdbfe-8a8e-406c-954a-8cb7370cfc8e}Gw64.sys [48744 2016-04-10] (StdLib)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-14 21:46 - 2016-04-14 21:47 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-04-14 21:46 - 2016-04-14 21:46 - 00000000 ____D C:\Users\Caroline\AppData\Local\SearchProtect
2016-04-14 21:35 - 2016-04-14 21:36 - 00000000 ____D C:\Users\Caroline\AppData\Local\DDB727A0-1460669759-11E2-824E-30F9EDC4D4EB
2016-04-14 21:11 - 2016-04-14 21:14 - 00069807 _____ C:\Users\Caroline\Desktop\Addition.txt
2016-04-14 21:09 - 2016-04-14 21:09 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Mozilla
2016-04-14 21:08 - 2016-04-14 21:08 - 00041472 _____ C:\Users\Caroline\AppData\Local\Statlux.dat
2016-04-14 21:08 - 2016-04-14 21:08 - 00028160 _____ C:\Users\Caroline\AppData\Local\Statlux.exe
2016-04-14 21:08 - 2016-04-14 21:08 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml
2016-04-14 21:08 - 2016-04-14 21:08 - 00001098 _____ C:\Users\Caroline\Desktop\Get Random Viral.lnk
2016-04-14 21:08 - 2016-04-14 21:08 - 00001074 _____ C:\Users\Caroline\Desktop\Google Search.lnk
2016-04-14 21:08 - 2016-04-14 21:08 - 00000187 _____ C:\Users\Caroline\AppData\Local\Statlux.exe.config
2016-04-14 21:08 - 2016-04-14 21:08 - 00000000 ____D C:\ProgramData\Ronzaps
2016-04-14 21:08 - 2016-04-14 21:08 - 00000000 ____D C:\Program Files\BitTorrent
2016-04-14 21:07 - 2016-04-14 21:48 - 00035091 _____ C:\Users\Caroline\Desktop\FRST.txt
2016-04-14 21:07 - 2016-04-14 21:48 - 00000000 ____D C:\FRST
2016-04-14 21:07 - 2016-04-14 21:46 - 00000000 ____D C:\ProgramData\Ronzap
2016-04-14 21:07 - 2016-04-14 21:07 - 06494208 _____ C:\Users\Caroline\AppData\Roaming\agent.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 02375168 _____ (Farbar) C:\Users\Caroline\Desktop\FRST64.exe
2016-04-14 21:07 - 2016-04-14 21:07 - 01626777 _____ C:\Users\Caroline\AppData\Roaming\Consoft.tst
2016-04-14 21:07 - 2016-04-14 21:07 - 00189558 _____ () C:\Users\Caroline\AppData\Roaming\Lamex.bin
2016-04-14 21:07 - 2016-04-14 21:07 - 00126464 _____ C:\Users\Caroline\AppData\Roaming\noah.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 00126464 _____ C:\Users\Caroline\AppData\Roaming\lobby.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 00072717 _____ C:\Users\Caroline\AppData\Roaming\Bamity.tst
2016-04-14 21:07 - 2016-04-14 21:07 - 00065568 _____ C:\Users\Caroline\AppData\Roaming\Config.xml
2016-04-14 21:07 - 2016-04-14 21:07 - 00054272 _____ C:\Users\Caroline\AppData\Roaming\ApplicationHosting.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 00018432 _____ C:\Users\Caroline\AppData\Roaming\Main.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 00005568 _____ C:\Users\Caroline\AppData\Roaming\md.xml
2016-04-14 21:07 - 2016-04-14 21:07 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-04-14 21:07 - 2016-04-14 21:05 - 01200128 _____ C:\Users\Caroline\AppData\Roaming\Consoft.exe
2016-04-14 21:07 - 2016-04-14 21:05 - 01200128 _____ C:\Users\Caroline\AppData\Roaming\Bamity.exe
2016-04-14 21:06 - 2016-04-14 21:06 - 00848437 _____ C:\Users\Caroline\AppData\Roaming\Daltzap.bin
2016-04-14 21:05 - 2016-04-14 21:06 - 00016992 _____ C:\Users\Caroline\AppData\Roaming\InstallationConfiguration.xml
2016-04-14 21:05 - 2016-04-14 21:05 - 00258813 _____ C:\Users\Caroline\AppData\Roaming\inst.lat
2016-04-14 21:05 - 2016-04-14 21:05 - 00127488 _____ C:\Users\Caroline\AppData\Roaming\Installer.dat
2016-04-14 21:05 - 2016-04-14 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-14 21:03 - 2016-04-14 21:03 - 00201532 _____ C:\WINDOWS\Minidump\041416-43531-01.dmp
2016-04-14 20:59 - 2016-04-14 20:59 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser.lnk
2016-04-14 20:59 - 2016-04-14 20:59 - 00002201 _____ C:\Users\Public\Desktop\speed browser.lnk
2016-04-14 20:59 - 2016-04-14 20:59 - 00000000 ____D C:\Users\Caroline\AppData\Local\speed browser
2016-04-14 20:59 - 2016-04-14 20:59 - 00000000 ____D C:\Program Files (x86)\speed browser
2016-04-14 20:54 - 2016-04-14 21:08 - 00003166 _____ C:\WINDOWS\System32\Tasks\Advanced PC-Care_Logon
2016-04-14 20:53 - 2016-04-14 20:53 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Advancedpccare.net
2016-04-14 20:52 - 2016-04-14 20:53 - 00000000 ____D C:\ProgramData\Appverifier
2016-04-14 20:52 - 2016-04-14 20:52 - 00000878 _____ C:\Users\Public\Desktop\Advanced PC-Care.lnk
2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ___HD C:\OneDriveTemp
2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\efo
2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC-Care
2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\ProgramData\advancedpccare.net
2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\Program Files\Advanced PC-Care
2016-04-14 20:51 - 2016-04-14 11:24 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{dfdc7730-be9e-4dcb-ac28-14383da4b8a3}Gw64.sys
2016-04-14 20:51 - 2016-04-14 10:30 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{8fd16984-f872-41a4-8820-246c3230d450}Gw64.sys
2016-04-13 21:54 - 2016-04-13 21:55 - 00031818 _____ C:\WINDOWS\wininit.ini
2016-04-11 19:06 - 2016-04-11 19:06 - 00130144 _____ C:\Users\Caroline\Downloads\adobe_flash_setup-15806568.exe
2016-04-11 10:19 - 2016-04-11 10:19 - 00003268 _____ C:\WINDOWS\System32\Tasks\{95530276-13B0-4CDE-852F-1EADDC5B099F}
2016-04-11 10:18 - 2016-04-11 10:18 - 00003584 _____ C:\WINDOWS\System32\Tasks\IBUpd
2016-04-11 10:18 - 2016-04-11 10:18 - 00003330 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-04-11 10:18 - 2016-04-11 10:18 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2016-04-11 10:17 - 2016-04-11 10:18 - 00002153 _____ C:\Users\Caroline\Desktop\Hotmail.lnk
2016-04-11 10:17 - 2016-04-11 10:17 - 00000000 ____D C:\Users\Caroline\AppData\Local\brsrv
2016-04-11 10:14 - 2016-04-11 10:14 - 00000000 ____D C:\ProgramData\Browser
2016-04-10 17:21 - 2016-04-14 20:55 - 00003522 _____ C:\WINDOWS\System32\Tasks\Uurxreumruw
2016-04-10 17:21 - 2016-04-10 17:21 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\MCorp
2016-04-10 17:21 - 2016-04-10 17:21 - 00000000 ____D C:\ProgramData\Uurxreumruw
2016-04-10 17:19 - 2016-04-10 17:19 - 00000000 ____D C:\Users\Caroline\AppData\Local\ZombieNews
2016-04-10 17:16 - 2016-04-10 17:18 - 00000000 ____D C:\ProgramData\IseTPBjVl
2016-04-10 17:16 - 2016-04-10 17:17 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\gplyra
2016-04-10 17:15 - 2016-04-10 17:17 - 00000000 ____D C:\ProgramData\ZombieNews
2016-04-10 14:48 - 2016-04-14 21:05 - 00001798 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-10 13:59 - 2016-04-10 17:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-10 13:57 - 2016-04-10 13:57 - 00000000 ____D C:\WINDOWS\system32\lat
2016-04-10 13:42 - 2016-04-14 21:08 - 00000000 ____D C:\Users\Caroline\AppData\Local\app
2016-04-10 13:40 - 2016-04-11 19:04 - 00000000 ____D C:\Users\Caroline\AppData\Local\bvyvave
2016-04-10 13:40 - 2016-04-10 17:26 - 00012696 _____ C:\WINDOWS\SysWOW64\zdengineOff.ini
2016-04-10 13:40 - 2016-04-10 17:26 - 00012696 _____ C:\WINDOWS\system32\zdengineOff.ini
2016-04-10 13:40 - 2016-04-10 13:41 - 00003518 _____ C:\WINDOWS\System32\Tasks\bvyvave
2016-04-10 13:40 - 2016-04-10 13:40 - 00003316 _____ C:\WINDOWS\System32\Tasks\runTask
2016-04-10 13:40 - 2016-04-10 13:40 - 00003226 _____ C:\WINDOWS\System32\Tasks\updateTask
2016-04-10 13:40 - 2016-04-10 13:40 - 00002044 _____ C:\WINDOWS\System32\Tasks\kze3024
2016-04-10 13:40 - 2016-04-10 13:40 - 00000296 _____ C:\task.vbs
2016-04-10 13:40 - 2016-04-10 13:40 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-10 13:40 - 2016-03-04 15:13 - 00046352 _____ (zdengine) C:\WINDOWS\system32\Drivers\zdwfp64.sys
2016-04-10 13:39 - 2016-04-14 21:09 - 00000364 ____H C:\WINDOWS\Tasks\PCBRFPTQWUBWXJMS.job
2016-04-10 13:39 - 2016-04-14 21:05 - 00000364 ____H C:\WINDOWS\Tasks\YPBXJRASSJNPNGFR.job
2016-04-10 13:39 - 2016-04-14 21:05 - 00000352 _____ C:\WINDOWS\Tasks\KLPAT1.job
2016-04-10 13:39 - 2016-04-14 21:04 - 00000376 _____ C:\WINDOWS\Tasks\FYJHMJXE1.job
2016-04-10 13:39 - 2016-04-10 17:29 - 00000000 ____D C:\Users\Caroline\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-10 13:39 - 2016-04-10 14:48 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-04-10 13:39 - 2016-04-10 13:39 - 00346005 _____ (zdengine) C:\WINDOWS\system32\zdengine64.dll
2016-04-10 13:39 - 2016-04-10 13:39 - 00297109 _____ (zdengine) C:\WINDOWS\SysWOW64\zdengine.dll
2016-04-10 13:39 - 2016-04-10 13:39 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-04-10 13:39 - 2016-04-10 13:39 - 00015116 _____ C:\WINDOWS\System32\Tasks\WinTsks
2016-04-10 13:39 - 2016-04-10 13:39 - 00003446 _____ C:\WINDOWS\System32\Tasks\YPBXJRASSJNPNGFR
2016-04-10 13:39 - 2016-04-10 13:39 - 00003446 _____ C:\WINDOWS\System32\Tasks\PCBRFPTQWUBWXJMS
2016-04-10 13:39 - 2016-04-10 13:39 - 00003402 _____ C:\WINDOWS\System32\Tasks\Ootocm
2016-04-10 13:39 - 2016-04-10 13:39 - 00002944 _____ C:\WINDOWS\System32\Tasks\FYJHMJXE1
2016-04-10 13:39 - 2016-04-10 13:39 - 00002914 _____ C:\WINDOWS\System32\Tasks\KLPAT1
2016-04-10 13:39 - 2016-04-10 13:39 - 00001922 _____ C:\Users\Public\Desktop\Play Games.lnk
2016-04-10 13:39 - 2016-04-10 13:39 - 00000000 ____D C:\Program Files (x86)\WinTsks
2016-04-10 13:39 - 2016-04-10 13:39 - 00000000 ____D C:\Program Files (x86)\WinSvces
2016-04-10 13:39 - 2016-04-10 13:39 - 00000000 ____D C:\extensions
2016-04-10 13:38 - 2016-04-11 10:26 - 00000000 ____D C:\Program Files\Mespem
2016-04-10 13:38 - 2016-04-10 13:42 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\ProgramData\TomorrowGames
2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\ProgramData\FlashBeat
2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\Program Files (x86)\SpeedSearchesbnd
2016-04-10 13:38 - 2016-04-10 13:38 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Reofh
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\LocalLow\Company
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\Local\Tempfolder
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\uninst
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\Service1291
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\Service1104
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2016-04-10 13:28 - 2016-04-10 13:28 - 00000000 ____D C:\Users\Caroline\AppData\Local\DDB727A0-1460294904-11E2-824E-30F9EDC4D4EB
2016-04-10 13:24 - 2016-04-14 20:47 - 00000000 ____D C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB
2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\ASPackage
2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Users\Caroline\AppData\Local\rec_gb_247
2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Program Files (x86)\rec_gb_247
2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
2016-04-10 13:24 - 2016-04-10 13:21 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-04-10 13:24 - 2016-04-10 04:57 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{f2dc76ff-8604-4585-8824-8df11d37bd06}Gw64.sys
2016-04-10 13:23 - 2016-04-10 04:04 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{fc3cdbfe-8a8e-406c-954a-8cb7370cfc8e}Gw64.sys
2016-04-10 13:22 - 2016-04-14 20:51 - 00000000 ____D C:\Program Files (x86)\Oasis Space
2016-04-10 13:21 - 2016-04-14 21:08 - 00000000 ____D C:\Users\Caroline\AppData\Local\dply_en_015020294
2016-04-10 13:21 - 2016-04-14 20:54 - 00000000 ____D C:\Program Files (x86)\Checked List
2016-04-10 13:21 - 2016-04-11 10:17 - 00004402 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3431393738342d344a414155342a2a236c6c5a
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\SpringFiles
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Users\Caroline\AppData\Local\csdi_monetize_120160408
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\SearchModule
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\b9bc5e5f-3757-0
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\b9bc5e5f-36f3-1
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Program Files\Common Files\Soobzo
2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Program Files (x86)\dply_en_015020294
2016-04-10 13:20 - 2016-04-11 10:17 - 00271872 _____ C:\ProgramData\smp2.exe
2016-04-10 13:20 - 2016-04-11 10:17 - 00004242 _____ C:\WINDOWS\System32\Tasks\SMW_P
2016-04-10 13:20 - 2016-04-10 13:20 - 00026420 _____ C:\WINDOWS\System32\Tasks\DNSWILLISTON
2016-04-10 13:20 - 2016-04-10 13:20 - 00003840 _____ C:\WINDOWS\System32\Tasks\DNS Monitoring
2016-04-10 13:20 - 2016-04-10 13:20 - 00000000 ____D C:\ProgramData\131dbb3d-1777-0
2016-04-10 13:20 - 2016-04-10 13:20 - 00000000 ____D C:\ProgramData\131dbb3d-07e7-1
2016-04-10 13:20 - 2016-04-10 13:20 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-04-10 13:19 - 2016-04-10 13:19 - 04282368 _____ C:\Users\Caroline\Downloads\Based_On_A_True_Story_Fat.iso
2016-04-10 01:40 - 2016-04-10 13:38 - 00065856 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2016-04-06 14:09 - 2016-04-06 14:09 - 00694272 _____ C:\WINDOWS\system32\bi.exe
2016-04-01 16:35 - 2016-04-01 16:35 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-01 16:35 - 2016-04-01 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-01 16:34 - 2016-04-01 16:35 - 00000000 ____D C:\Program Files\iTunes
2016-04-01 16:34 - 2016-04-01 16:34 - 00000000 ____D C:\Program Files\iPod
2016-04-01 16:34 - 2016-04-01 16:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-01 16:32 - 2016-04-01 16:32 - 00000000 ____D C:\Program Files\Bonjour
2016-04-01 16:32 - 2016-04-01 16:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-04-01 16:31 - 2016-04-01 16:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-04-01 16:31 - 2016-04-01 16:31 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-20 10:17 - 2016-03-20 10:19 - 00279476 _____ C:\WINDOWS\Minidump\032016-34953-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-14 21:48 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-14 21:48 - 2014-06-27 14:23 - 00000000 ____D C:\ProgramData\MOCP
2016-04-14 21:47 - 2014-08-20 10:22 - 00000000 ____D C:\Users\Caroline\AppData\Local\Adobe
2016-04-14 21:19 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-14 21:14 - 2014-06-30 17:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 21:14 - 2014-06-30 17:48 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 21:09 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-14 21:09 - 2015-09-13 17:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-14 21:08 - 2014-06-30 17:50 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-14 21:06 - 2014-08-20 23:06 - 00000000 __RDO C:\Users\Caroline\OneDrive
2016-04-14 21:04 - 2015-12-16 21:15 - 00000000 ____D C:\Users\Caroline
2016-04-14 21:04 - 2015-09-13 17:28 - 00146648 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys
2016-04-14 21:03 - 2016-03-09 21:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-14 21:03 - 2015-12-16 21:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-14 21:03 - 2014-11-26 15:50 - 822560255 _____ C:\WINDOWS\MEMORY.DMP
2016-04-14 20:56 - 2015-04-15 18:09 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A3876C08-2ECA-427D-AA61-AEFBBADEEC43}
2016-04-14 20:54 - 2012-07-26 06:26 - 00000226 _____ C:\WINDOWS\win.ini
2016-04-14 20:48 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 20:57 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-10 17:33 - 2015-09-13 18:01 - 00000000 ____D C:\Users\Caroline\AppData\Local\MicrosoftEdge
2016-04-10 17:29 - 2015-04-14 17:51 - 00000000 ____D C:\Users\Caroline\AppData\Local\ElevatedDiagnostics
2016-04-10 13:56 - 2014-06-30 17:42 - 00000000 ____D C:\WINDOWS\pss
2016-04-10 13:40 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-10 13:40 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-10 13:24 - 2014-11-19 15:27 - 00000000 ____D C:\Users\Caroline\AppData\Local\cache
2016-04-10 13:22 - 2015-08-01 00:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-10 13:08 - 2014-08-23 19:06 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\uTorrent
2016-04-09 13:13 - 2016-03-11 01:27 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForCaroline
2016-04-09 13:13 - 2016-03-11 01:27 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForCaroline.job
2016-04-04 18:56 - 2015-09-13 17:49 - 00000000 ____D C:\Users\Caroline\AppData\Local\Comms
2016-04-02 16:59 - 2015-08-01 16:48 - 00000132 _____ C:\Users\Caroline\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-01 16:34 - 2014-07-31 23:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-01 16:31 - 2014-07-31 23:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-30 18:38 - 2014-06-30 17:40 - 00000000 ____D C:\Users\Caroline\AppData\Local\Packages
2016-03-23 18:10 - 2014-11-19 16:35 - 00000000 ____D C:\Users\Caroline\AppData\Local\TempSWBackupDirectory
2016-03-19 15:56 - 2015-12-16 21:03 - 05065952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2015-11-11 16:35 - 2015-11-11 16:35 - 0371704 _____ () C:\Program Files\setup.exe
2015-08-01 16:48 - 2016-04-02 16:59 - 0000132 _____ () C:\Users\Caroline\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-21 11:48 - 2014-10-04 14:48 - 0000034 _____ () C:\Users\Caroline\AppData\Roaming\AdobeWLCMCache.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 6494208 _____ () C:\Users\Caroline\AppData\Roaming\agent.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 0054272 _____ () C:\Users\Caroline\AppData\Roaming\ApplicationHosting.dat
2016-04-14 21:07 - 2016-04-14 21:05 - 1200128 _____ () C:\Users\Caroline\AppData\Roaming\Bamity.exe
2016-04-14 21:07 - 2016-04-14 21:07 - 0072717 _____ () C:\Users\Caroline\AppData\Roaming\Bamity.tst
2016-04-14 21:07 - 2016-04-14 21:07 - 0065568 _____ () C:\Users\Caroline\AppData\Roaming\Config.xml
2016-04-14 21:07 - 2016-04-14 21:05 - 1200128 _____ () C:\Users\Caroline\AppData\Roaming\Consoft.exe
2016-04-14 21:07 - 2016-04-14 21:07 - 1626777 _____ () C:\Users\Caroline\AppData\Roaming\Consoft.tst
2016-04-14 21:06 - 2016-04-14 21:06 - 0848437 _____ () C:\Users\Caroline\AppData\Roaming\Daltzap.bin
2016-04-14 21:05 - 2016-04-14 21:05 - 0258813 _____ () C:\Users\Caroline\AppData\Roaming\inst.lat
2016-04-14 21:05 - 2016-04-14 21:06 - 0016992 _____ () C:\Users\Caroline\AppData\Roaming\InstallationConfiguration.xml
2016-04-14 21:05 - 2016-04-14 21:05 - 0127488 _____ () C:\Users\Caroline\AppData\Roaming\Installer.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 0189558 _____ () C:\Users\Caroline\AppData\Roaming\Lamex.bin
2016-04-14 21:07 - 2016-04-14 21:07 - 0126464 _____ () C:\Users\Caroline\AppData\Roaming\lobby.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 0018432 _____ () C:\Users\Caroline\AppData\Roaming\Main.dat
2016-04-14 21:07 - 2016-04-14 21:07 - 0005568 _____ () C:\Users\Caroline\AppData\Roaming\md.xml
2016-04-14 21:07 - 2016-04-14 21:07 - 0126464 _____ () C:\Users\Caroline\AppData\Roaming\noah.dat
2016-04-14 21:08 - 2016-04-14 21:08 - 0001150 _____ () C:\Users\Caroline\AppData\Roaming\uninstall_temp.ico
2016-04-14 21:08 - 2016-04-14 21:08 - 0041472 _____ () C:\Users\Caroline\AppData\Local\Statlux.dat
2016-04-14 21:08 - 2016-04-14 21:08 - 0028160 _____ () C:\Users\Caroline\AppData\Local\Statlux.exe
2016-04-14 21:08 - 2016-04-14 21:08 - 0000187 _____ () C:\Users\Caroline\AppData\Local\Statlux.exe.config
2014-11-19 16:39 - 2014-11-19 16:39 - 0000000 _____ () C:\Users\Caroline\AppData\Local\Temptable.xml
2014-11-19 15:21 - 2014-11-19 15:21 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-04-10 13:20 - 2016-04-11 10:17 - 0271872 _____ () C:\ProgramData\smp2.exe
 
Files to move or delete:
====================
C:\ProgramData\smp2.exe
 
 
Some files in TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\0VF7UVKPJO.exe
C:\Users\Caroline\AppData\Local\Temp\1ead-1afc-7306-10e4.exe
C:\Users\Caroline\AppData\Local\Temp\1NWAK6IaVr.exe
C:\Users\Caroline\AppData\Local\Temp\2A3F.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\4446.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\8cslsXzqKu.exe
C:\Users\Caroline\AppData\Local\Temp\8OhnRWxBL4.exe
C:\Users\Caroline\AppData\Local\Temp\9ADA.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\9BJXuCRdRD.exe
C:\Users\Caroline\AppData\Local\Temp\9C12.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\9C8.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\A56D.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\AC65.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\C7D.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\EB75.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\F2G6R3MM7T.exe
C:\Users\Caroline\AppData\Local\Temp\F95C.tmp.exe
C:\Users\Caroline\AppData\Local\Temp\H1L6euEcl9.exe
C:\Users\Caroline\AppData\Local\Temp\hib4593.exe
C:\Users\Caroline\AppData\Local\Temp\n1EIXsdCJh.exe
C:\Users\Caroline\AppData\Local\Temp\nsn7F10.exe
C:\Users\Caroline\AppData\Local\Temp\pf1Fn2kXeA.exe
C:\Users\Caroline\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Caroline\AppData\Local\Temp\Setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-10-30 08:18] - [2015-10-30 08:18] - 0686984 ____A (Microsoft Corporation) 0AAF6D6E817E8E0185277906E3F773A4
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-10-30 08:18] - [2015-10-30 08:18] - 0535088 ____A (Microsoft Corporation) 56AD77A842ED3851CE96F09ED9EF08CA
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-04 20:00
 
==================== End of FRST.txt ============================

  • 0

#4
Caroline Clarke

Caroline Clarke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Caroline (2016-04-14 21:11:27)
Running from C:\Users\Caroline\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-16 20:50:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-219877153-197691950-3609309316-500 - Administrator - Disabled)
Caroline (S-1-5-21-219877153-197691950-3609309316-1001 - Administrator - Enabled) => C:\Users\Caroline
DefaultAccount (S-1-5-21-219877153-197691950-3609309316-503 - Limited - Disabled)
Guest (S-1-5-21-219877153-197691950-3609309316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-219877153-197691950-3609309316-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Advanced PC-Care (HKLM\...\B7A64AC7-B828-4D74-98B2-097AFA836948_is1) (Version: 1.0.0.7375 - advancedpccare.net)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{AF091FA7-20BF-49D4-4C98-4E4AD04D6FB3}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AnySend (HKLM-x32\...\ASPackage) (Version:  - CMI Limited) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrowserAir (HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\BrowserAir) (Version: 47.0.0.5 - BrowserAir) <==== ATTENTION
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Checked List (HKLM\...\Checked List) (Version: 2016.04.10.083944 - Checked List) <==== ATTENTION
Chronicles of Albian (x32 Version: 2.2.0.110 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CleanBrowser (HKLM-x32\...\CleanBrowser) (Version:  - )
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
Desktop-play 000.015020294 (HKLM-x32\...\dply_en_015020294_is1) (Version:  - DESKTOPPLAY) <==== ATTENTION
DesktopPlay Maintenance 013.247 (HKLM-x32\...\rec_gb_247_is1) (Version:  - DESKTOPPLAY) <==== ATTENTION
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DNS Unlocker (HKLM-x32\...\DNSUnlocker.ns) (Version:  - ) <==== ATTENTION
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Heroes of Hellas 3: Athens (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
hohosearch - Uninstall (HKLM-x32\...\Uninstall - clc) (Version:  - )
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.2.8.17 - Hewlett-Packard Company)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java™ 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
McAfee Parental Controls (HKLM-x32\...\MOCP) (Version: 3.2.226.1 - McAfee, Inc.)
Medal of Honor ™ (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Oasis Space (HKLM\...\Oasis Space) (Version: 2016.04.10.093908 - Oasis Space) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
QuickSearch (HKLM-x32\...\QuickSearch) (Version: 3.0.2.4 - Matthew Leo) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Satellite Comma (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Satellite Comma) <==== ATTENTION
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2379.10 - Hi-Rez Studios)
SnapDo (HKLM-x32\...\{3C356EBA-0AA7-4F99-8A1D-3D7E40248878}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
SOLIDWORKS 2015 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20150-40500-1100-100) (Version: 23.5.0.81 - SolidWorks Corporation)
SOLIDWORKS 2015 x64 Edition SP05 (Version: 23.150.81 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer Player 2015 SP05 x64 Edition (Version: 23.50.81 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2015 x64 Edition SP05 (Version: 15.5.0009 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2015 SP05 x64 Edition  (Version: 23.50.82 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2015 SP05 x64 Edition (Version: 23.50.81 - Dassault Systemes SolidWorks Corp) Hidden
speed browser (HKLM-x32\...\speed browser) (Version: 48.0.2564.103 - Fast Applications) <==== ATTENTION
Spotify (HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
TomorrowGames (HKLM-x32\...\TomorrowGames) (Version:  - ) <==== ATTENTION
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE BOOM Update Assistant (HKLM-x32\...\{E37CE9D5-ACA2-4399-B1AB-3BF837CB6F19}) (Version: 1.4.51 - Logitech, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO Care (HKLM\...\{036400BD-B717-4D50-ACDC-96480C99EDD3}) (Version: 8.4.4.09186 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.4.4.07220 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VCCMMX64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCMMX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent sony Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.8.7 - WildTangent) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Zombie News (HKLM-x32\...\ZombieNews) (Version: 2.7.79 - Time Lapse Solutions) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-219877153-197691950-3609309316-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-219877153-197691950-3609309316-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-219877153-197691950-3609309316-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-219877153-197691950-3609309316-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-219877153-197691950-3609309316-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0040746B-E290-4C92-8CC2-B0CF9D60285A} - System32\Tasks\DNS Monitoring => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\DNSUNL~1\DNSMON~1.DLL" <==== ATTENTION
Task: {07CC45B8-4E1C-4679-B3B2-90B84A51F085} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {09C44BCE-2C82-4D90-9053-D58D12B7573B} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {09CBCD51-1368-4264-9448-7939F7DBD6A8} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {0F024C9D-C495-461C-B75E-CAE80D67B301} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2015-07-31] (Sony Corporation)
Task: {106AFCB4-E87E-427A-8BA5-10A07C35976A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {1078BB30-405A-4EE2-857A-405E99ACEFFF} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {16C34B7E-28D5-4973-A742-8EF047406DF5} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {16FD89D4-5BA8-4014-ADF6-28A9C18000A2} - System32\Tasks\HPCeeScheduleForCaroline => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {18966B0F-95FD-468C-B1DE-66B96DC71A38} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {1D4231D8-685A-47B3-BD70-BFCC59E8B582} - System32\Tasks\Ootocm => C:\PROGRA~1\Mespem\Egihb.bat
Task: {20B38221-0014-4129-A168-E73866D39822} - System32\Tasks\psv_Goldentone => /c regedit.exe /s "C:\ProgramData\Ronzap\Superlab.reg" &amp; del "C:\ProgramData\Ronzap\Superlab.reg" &amp; SCHTASKS /Delete /TN "psv_Goldentone" /F <==== ATTENTION
Task: {20BD2F60-F469-4B3A-9C92-859FD5B56811} - System32\Tasks\Uurxreumruw => C:\ProgramData\Uurxreumruw\1.0.7.1\oxeeawaa.exe [2016-04-10] ()
Task: {268AF18C-157B-4654-AE27-729912FF7A6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {2F1815BC-77F8-43B8-92B2-B56F8E509691} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {2FCD898E-1990-4DB1-A921-E4C0FFB17894} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {322C75E3-5389-48F8-A894-39D17BC39491} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => C:\ProgramData\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {32C0D955-597C-4DD2-991E-272DCDF6D00E} - System32\Tasks\snf => C:\ProgramData\Ronzap\Ronzap.exe [2016-04-14] () <==== ATTENTION
Task: {390DF9F1-BD47-4CB8-BF2E-F0105FD697F9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3C576ED8-4298-44BB-8333-88E1A7D5EB15} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {3F1A5612-7BF7-494F-B106-53C0A1A7A76E} - System32\Tasks\DNSWILLISTON => C:\Program Files (x86)\DNS Unlocker\dnswilliston.exe [2016-03-01] () <==== ATTENTION
Task: {40B47A6B-0D4B-469E-BF65-2C49F7A9356E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {43C5275B-01FD-4CC0-A39B-CA01DD223445} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {47B328DF-D2D8-4B38-A972-8C2DFA028014} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {4802332D-6244-4572-9A64-7ECBEF1769B8} - System32\Tasks\snp => C:\ProgramData\Ronzap\Ronzap.exe [2016-04-14] () <==== ATTENTION
Task: {49DE2610-87BD-4580-95A1-251E68A1518B} - System32\Tasks\WinTsks => C:\Program Files (x86)\WinTsks\WinTsks\WinTsks.exe [2016-04-09] () <==== ATTENTION
Task: {4B81DAA6-72B6-4B5F-9CEF-36324D0CDA4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4B839280-E738-42CD-8B72-2BD801009ABA} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {54DCDF9B-4965-43F6-B170-31978F2D7E95} - System32\Tasks\FYJHMJXE1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe [2016-03-30] (TomorrowGames) <==== ATTENTION
Task: {54FC6816-57C0-4164-ACC3-60E4A712B63A} - System32\Tasks\runTask => C:\Users\Caroline\AppData\Local\Temp/Updater.exe
Task: {5C5AA52F-4F6F-4234-98B3-EBF639DE6A8E} - System32\Tasks\kze3024 => C:\Program Files (x86)\QuickSearch\kze3024.exe <==== ATTENTION
Task: {5C6C89D4-C82A-4E8D-B9F3-2BE67F767A27} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {5EA66C6A-24D8-4927-969B-4BF80FE4ABE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {63BAE0B3-B03E-40B8-8D6C-3CB7D7ADCBD5} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {64B3F8D6-DB2B-47D8-B536-BE3A2D21222F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {67DA21E8-3F48-4EFF-A29C-4DF158F1B97F} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {682F1402-FE24-4B3A-AE20-4D2CBEF919AD} - System32\Tasks\YPBXJRASSJNPNGFR => C:\ProgramData\Service1291\Service1291.exe [2016-04-10] () <==== ATTENTION
Task: {6C9DF917-63A8-4322-89DC-E3DEB0B88B4F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {6E4B3F4B-0B36-49D2-93B2-3F1AEBD80C3C} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {6F1EBC7F-6ED5-4522-800A-20B9B42EF8B4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {7484A4D8-5E5B-4E03-BD4A-D40DD0CA64E2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)
Task: {7E403F81-11E4-48DE-9845-C7FEFEBB964D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {829A0D03-45BF-4F35-BF30-9D7304CDD169} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8322C876-CE07-4819-B9CF-C399C4CA3DBE} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {86754AA0-746F-4C2E-8114-01664BCBC06D} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {87D7BAA3-5886-4981-A735-BEE9B36BDAF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {889672F1-3762-4ED5-8426-BA2DF229C6BA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {88EC4727-D281-4593-9920-FE018CDDFE69} - System32\Tasks\{95530276-13B0-4CDE-852F-1EADDC5B099F} => pcalua.exe -a "C:\Program Files (x86)\Max Driver Updater\uninstaller.exe"
Task: {8F385A2B-FBA6-4147-88D9-66E33492E8B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {91F227F5-AC29-4860-9977-994260BEDA13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {937FBE2B-6A94-47AE-9A36-C46D780FDCF8} - System32\Tasks\PCBRFPTQWUBWXJMS => C:\ProgramData\Service1104\Service1104.exe [2016-04-10] () <==== ATTENTION
Task: {96E3650D-E9DA-4A7F-8D40-C1E76FE55AF9} - System32\Tasks\updateTask => c:\task.vbs [2016-04-10] ()
Task: {98D3B5E3-24B4-4A83-9126-B7871B5D98EA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {9969C594-6DC4-40C4-8448-B3540A6F709E} - System32\Tasks\psv_Fixqvolight => /c regedit.exe /s "C:\ProgramData\Ronzap\DuoOvefax.reg" &amp; del "C:\ProgramData\Ronzap\DuoOvefax.reg" &amp; SCHTASKS /Delete /TN "psv_Fixqvolight" /F <==== ATTENTION
Task: {A347C45E-BE26-4431-A904-9548E07BDA6B} - System32\Tasks\SMW_UpdateTask_Time_3431393738342d344a414155342a2a236c6c5a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {B5413CCF-3595-4B89-8D83-C8A0EA58DDC9} - System32\Tasks\bvyvave => C:\Users\Caroline\AppData\Local\bvyvave\bvyvave.exe [2016-04-03] () <==== ATTENTION
Task: {B8586AAD-54D3-42C6-BEBE-98704BD20919} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {B93DCC03-2707-48AE-97EB-8802A6FE1BB4} - System32\Tasks\IBUpd => C:\Users\Caroline\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {B964964E-CE8E-484B-977B-CD2CDAD89B49} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {BF9E47E9-9B0F-4B61-BDBE-F84FDD1751B3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {C04447B0-7BEB-4CB2-87F5-037AD839785C} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {C1CE3D83-12B3-4648-B5FE-341A7EB0D446} - System32\Tasks\KLPAT1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2016-03-29] (FlashBeat) <==== ATTENTION
Task: {C752EB91-D224-48EE-BD05-BB2C21B31F01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {C9B5782B-5091-4545-8CF9-F23D3007A6DD} - System32\Tasks\psv_HotTough => /c regedit.exe /s "C:\ProgramData\Ronzap\Volsailing.reg" &amp; del "C:\ProgramData\Ronzap\Volsailing.reg" &amp; SCHTASKS /Delete /TN "psv_HotTough" /F <==== ATTENTION
Task: {CD5DB6BC-869E-420E-8457-480D257F4877} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-04-11] () <==== ATTENTION
Task: {CF684CBF-DED1-4A64-805B-1BB0DF297282} - System32\Tasks\IBUpd2 => C:\Users\Caroline\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {D05BA2A6-FACF-491B-9F75-17DBF7923B4B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DD4A92B8-EAAA-4F71-A72A-C72CF2051762} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7691DC0-E8B6-42F3-BDDA-BAE7B54DA3E7} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-23] (Sony Corporation)
Task: {E8B8B4C5-A286-4A9F-A414-9CE50335A343} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EA2D070E-C88E-4B4E-B056-D9A1641DA7AD} - System32\Tasks\Advanced PC-Care_Logon => C:\Program Files\Advanced PC-Care\apc.exe [2016-04-04] (Advancedpccare.net)
Task: {EAFA83AB-F217-4A8C-AE36-656880707D72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {F27EB141-0CBF-4BEB-BAAD-2C333E546671} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FBAC642D-9DF2-40BE-9FF3-92EF876CE02A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {FD254CBD-0B7F-4EEE-9D75-4CEFAD2C967C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FE5C68A3-E99B-48C9-BE58-2D0D3EDEC1A2} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\FYJHMJXE1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForCaroline.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\KLPAT1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PCBRFPTQWUBWXJMS.job => C:\ProgramData\Service1104\Service1104.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\YPBXJRASSJNPNGFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1460290689&a=1003081&src=sh&uuid=e19ba70c-2273-405a-88a0-2cfda6261bec"
ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\SpeedSearchesbnd\ShortCccBoost.exe () -> %SNP%
ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\SpeedSearchesbnd\ShortCccBoost.exe () -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Play Games.lnk -> C:\Windows\System32\LaunchWinApp.exe (Microsoft Corporation) -> hxxp://www.gumigun.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-11 10:17 - 2016-03-06 13:37 - 00104448 _____ () C:\Users\Caroline\AppData\Local\brsrv\brsrv.exe
2015-12-26 09:59 - 2015-12-26 09:59 - 00158720 _____ () C:\Users\Caroline\AppData\Local\DDB727A0-1460667168-11E2-824E-30F9EDC4D4EB\qnsdB2C9.tmp
2016-04-10 13:24 - 2016-04-10 13:24 - 00389632 _____ () C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\jnsuDC06.tmp
2016-04-10 01:39 - 2016-04-10 01:39 - 00174456 _____ () C:\Users\Caroline\AppData\Roaming\Reofh\Reofh.exe
2016-04-11 18:48 - 2016-04-11 18:48 - 00250368 _____ () C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\knsdBDF.tmp
2016-04-10 13:24 - 2016-04-10 13:24 - 00138240 _____ () C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\hnsoF2DC.tmp
2016-03-02 19:08 - 2016-02-23 12:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-10 01:39 - 2016-04-10 01:39 - 00670584 _____ () C:\Users\Caroline\AppData\Roaming\Reofh\Syizku.dll
2014-09-27 12:20 - 2015-12-21 19:02 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-09-27 12:33 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-04-10 13:38 - 2016-04-10 13:39 - 00228352 _____ () C:\ProgramData\Service1104\Service1104.exe
2016-01-21 20:00 - 2016-01-21 20:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-02 19:08 - 2016-02-23 12:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-04-10 01:39 - 2016-04-10 01:39 - 00115576 _____ () C:\Users\Caroline\AppData\Roaming\Reofh\Zoargaamd.exe
2016-04-10 01:39 - 2016-04-10 01:39 - 00146296 _____ () C:\Users\Caroline\AppData\Roaming\Reofh\Syizku.exe
2016-02-15 12:56 - 2016-02-15 12:56 - 46344704 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
2016-04-10 13:21 - 2016-04-10 05:42 - 03320496 _____ () C:\Users\Caroline\AppData\Local\dply_en_015020294\updply_en_015020294.exe
2015-12-20 01:36 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 19:08 - 2016-02-23 09:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 21:54 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 21:54 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 12:52 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 12:52 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-10 13:20 - 2016-03-01 09:45 - 00678912 _____ () C:\Program Files (x86)\DNS Unlocker\dnswilliston.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2012-10-16 10:39 - 2012-10-16 10:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2016-04-10 13:21 - 2016-04-10 05:42 - 04336816 _____ () C:\Program Files (x86)\dply_en_015020294\dply_en_015020294.exe
2016-04-10 13:24 - 2016-04-03 18:08 - 03972272 _____ () C:\Program Files (x86)\rec_gb_247\rec_gb_247.exe
2015-11-11 14:05 - 2015-11-11 14:05 - 00268280 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2015-08-26 14:11 - 2015-08-26 14:11 - 00458904 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
2015-08-26 14:11 - 2015-08-26 14:11 - 00709272 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_modeler.dll
2015-08-26 14:11 - 2015-08-26 14:11 - 00185496 _____ () C:\Program Files\Sony\VAIO Care\ESRV\foreground_window_input.dll
2016-04-14 21:07 - 2016-04-14 21:05 - 01200128 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
2016-04-14 21:07 - 2016-04-14 21:05 - 01200128 _____ () C:\ProgramData\Ronzap\Ronzap.exe
2016-04-14 21:07 - 2016-04-14 21:07 - 00189558 _____ () C:\Users\Caroline\AppData\Roaming\Lamex.bin
2016-04-14 21:00 - 2016-04-14 21:00 - 00173568 _____ () C:\Users\Caroline\AppData\Local\Temp\nsn7F10.exe
2016-04-10 01:39 - 2016-04-10 01:39 - 00262008 _____ () C:\Users\Caroline\AppData\Roaming\Reofh\Zoargaamd.dll
2016-02-15 12:56 - 2016-02-15 12:56 - 01481728 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\libglesv2.dll
2016-02-15 12:56 - 2016-02-15 12:56 - 00073728 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\libegl.dll
2014-06-27 14:32 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2016-02-15 12:56 - 2016-02-15 12:56 - 01681224 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\ffmpegsumo.dll
2016-04-14 21:08 - 2016-04-14 21:08 - 00257536 _____ () C:\ProgramData\Ronzap\Quotecof.dll
2016-04-13 21:39 - 2016-04-06 11:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-13 21:38 - 2016-04-06 11:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2016-04-09 15:47 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
2014-06-27 14:32 - 2012-07-24 11:05 - 00807440 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2016-01-21 20:00 - 2016-01-21 20:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 20:00 - 2016-01-21 20:01 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-06-27 14:03 - 2012-08-06 18:54 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2016-04-10 13:21 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-219877153-197691950-3609309316-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Autodesk Sync"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5052852F0B4629A281C1BF6F1469CA88"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0CE8B73B-3DD1-4BBD-BD14-76058704432B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FD83415B-A28A-4BCE-A757-459AF2CF91EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE487212-2AAC-4BF4-A068-50ECC7EE993D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{32C93BC1-8A14-4DB7-83D4-3A19D6BF62E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC79A04A-3449-4F9B-9AA1-1C8ED01D0282}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A735B5E-CA9F-44F7-8F11-ED11AA63E864}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A1D2687-08CC-49B5-B31F-9AFA43F3206A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3197BC6B-B4B1-4648-B162-CAA38803F4AA}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{28B28ED1-0E91-4431-BF5D-A1E9E935F8C8}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{47E44F6D-0532-44B7-82AA-E4F29CFA4C7F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{449F0BBD-410B-4E82-9405-B9813ABA6374}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{AAFFD1D7-716E-414E-9A5A-AC1FBAA8A5F0}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D916B06-89AA-4C20-AEBB-47E25F5D2366}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4CE69C2E-4B63-400A-B8B5-37AA2D974619}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{27169765-6320-4AB9-BA5B-359CA0CC4B74}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF7697BC-BE55-4A0D-BC14-5DD66F63BEC7}] => (Allow) C:\Users\Caroline\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F7D30918-595A-4C1C-B81F-03685B48C297}] => (Allow) C:\Users\Caroline\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{3F176F53-1545-4CF0-8A11-B0DD0F9845D6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D131F901-BEDB-4A3A-BD8B-EB1EBC5B1010}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3FDBED2D-9816-4C74-A583-131F1744DD1B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{0AC3B70C-DEC0-44C8-AE42-3D1B394A7B98}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B41548C7-B889-4788-9E17-44203C9302C8}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{F3322EAD-7557-4BEE-B6AA-25BC069B3F0E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{3F44239C-FA67-4BC7-BD87-39F312E1AAD2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{63BEE61D-E54B-44A7-B184-2F16521B3978}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{C3D4F8BC-0AF0-4E33-B40A-75F0C7981888}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{8E1076B4-5D53-4156-9FD0-2C66BB2C4544}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [TCP Query User{DD5F9B09-1BBA-4CF3-A186-FBFEF436BC06}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7046BAF7-D3A4-4C31-9C53-B3F2850D8529}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F7876275-6938-49AC-9EC7-FC361B8EED74}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{09FABB9D-7482-4E69-9FFC-D48918A139C7}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{37171BD8-80EE-4C1A-8CD3-325C7F3FFC0D}C:\users\caroline\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\caroline\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8976B413-1592-4A9B-B21D-42AC0E685330}C:\users\caroline\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\caroline\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7333749F-4693-4051-8D23-E4B93179F591}] => (Block) C:\users\caroline\appdata\local\akamai\netsession_win.exe
FirewallRules: [{32153A48-9314-4C61-9092-46B9652ABE6A}] => (Block) C:\users\caroline\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0594676F-9141-46C9-953E-1611EFADD99A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{56DB25D5-AD92-469C-B6B9-71126EFDD04B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1B68DC7E-5879-4BA7-B1D4-A623EA81FB9E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{7666EEBE-6181-48A5-AE51-FDFEABF9126A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{FD2109A1-6CD1-4633-8FB4-58D77991CD2F}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [UDP Query User{63DD74B5-C1F8-497F-B589-24F97A97C4B6}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [TCP Query User{C97F878A-ECAA-499B-B925-88A94B2027CB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{456C4476-5CA0-4D22-A555-C2A2CFECF234}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{AD1B20F0-E275-45EA-9227-6949D5B0BBB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FBC89CAB-DFBD-418C-860D-5707CF137FB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{14F14691-A044-48F1-BEA1-D15A8DAA7936}] => (Allow) LPort=50248
FirewallRules: [{3354DF86-56E2-4BD7-AD74-1BA24F6B08EB}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{D2347E9D-C93A-43C5-A563-2AE90EF08DBF}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{4AC5D072-3A79-48E0-870E-5754942A99F1}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{29A36A71-BFAF-4A41-AA1A-53DDD5D65149}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{4496F92E-E813-4D75-8E7A-4DAF43E4D2DC}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{CB12C808-8E5A-430E-9402-269B8B416D9B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{1769B0BF-BFF0-4E16-BC2F-2E561A89042C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{34346AB7-27B8-4700-AB2C-1D90B933DB88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4778A803-296B-4C19-A1D2-BE5A75990862}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{1E4B1BD5-7604-4B8D-8BE4-862FFDE3F9D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{67C761AF-AF61-4142-8CE6-CCECB0F0F496}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{E8EB288F-3DBB-482C-BEF0-52A0CCE6BA1D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{43763218-5E75-4A5C-A309-964EBB3975B8}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{F74D95E3-54A8-4A2B-A4B0-0A0A39D2EF24}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{67229876-BE11-49D8-B3D4-588C14E98747}C:\users\caroline\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caroline\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{83C16682-558D-43A6-A26A-88740AF5C845}C:\users\caroline\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caroline\appdata\roaming\spotify\spotify.exe
FirewallRules: [{11E82894-45ED-4CE5-8901-E67C16CB7F1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{B010EDF1-9534-430A-83A1-65CB565CFF20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{5628905E-CD4B-4062-97D1-79B9EBF312E0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5F6726E3-B091-45B3-ADB3-69BFDF63ACA9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{ABEDE9E8-4F63-45D4-A436-D399591312B7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{75B8743C-608B-48CB-94B5-D08378A659ED}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3F079AA9-C615-4730-A1BE-C5C245949EC9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{F867E619-22D0-4459-B54A-13882EC2D35A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{59429F86-8E95-4DEA-B02E-63BE6B28F767}C:\users\caroline\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caroline\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8062C8A4-E864-4B15-A9D7-350F4EF8873B}C:\users\caroline\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caroline\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0F36F41E-FA70-45FB-ADE8-C7F80F692BC1}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{2DDD15DB-1B20-40F7-A0FE-396B6E5C932F}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{49227FCB-54D0-4335-A197-0E8617112B44}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{1EBD44E7-6349-4EF8-97E0-8A8642A49AE6}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{4F0BB2AF-5476-4084-90AA-7A8D53D61F26}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{A549CDE0-4F24-4081-8180-D2D534AE1521}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{9B9EF86B-BBB0-4FA5-81FC-FDE374FA3724}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4421AB3-BD8E-420A-AE58-C612BA6367D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA5719D5-08A0-4655-B8A1-E7F728FE536E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F56AD0D9-5351-412F-9A25-D86D8E832F97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C9E5511-FE9F-457A-BA54-15F5D1860B92}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3B96159D-193B-486F-959A-373DD7517B8F}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{DBD22CD2-64C5-4599-A37A-F13FA3044D77}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{5C0A01B4-F667-4ACB-A111-819B86B64536}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{BF3295F5-949A-441A-A568-590B68062AA9}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{BC8B2446-13C6-4E37-98BD-BCF77EE9AF86}] => (Allow) C:\Users\Caroline\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{8E2B3518-F671-45CC-9A09-809131077AAF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DD36BAA5-290F-4009-BB10-C0177C84600E}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
 
==================== Restore Points =========================
 
29-02-2016 17:31:13 Scheduled Checkpoint
08-03-2016 20:14:50 Scheduled Checkpoint
19-03-2016 20:33:54 Scheduled Checkpoint
23-03-2016 17:56:07 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2016 09:08:49 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (04/14/2016 09:07:29 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/14/2016 09:06:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/14/2016 09:06:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OcpHelper.exe, version: 3.2.226.0, time stamp: 0x52e6a3c7
Faulting module name: OcpHelper.exe, version: 3.2.226.0, time stamp: 0x52e6a3c7
Exception code: 0x40000015
Fault offset: 0x00000000000c6939
Faulting process id: 0xac8
Faulting application start time: 0xOcpHelper.exe0
Faulting application path: OcpHelper.exe1
Faulting module path: OcpHelper.exe2
Report Id: OcpHelper.exe3
Faulting package full name: OcpHelper.exe4
Faulting package-relative application ID: OcpHelper.exe5
 
Error: (04/14/2016 09:05:35 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/14/2016 09:05:34 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/14/2016 09:05:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/14/2016 08:52:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OcpHelper.exe, version: 3.2.226.0, time stamp: 0x52e6a3c7
Faulting module name: OcpHelper.exe, version: 3.2.226.0, time stamp: 0x52e6a3c7
Exception code: 0x40000015
Fault offset: 0x00000000000c6939
Faulting process id: 0x364
Faulting application start time: 0xOcpHelper.exe0
Faulting application path: OcpHelper.exe1
Faulting module path: OcpHelper.exe2
Report Id: OcpHelper.exe3
Faulting package full name: OcpHelper.exe4
Faulting package-relative application ID: OcpHelper.exe5
 
Error: (04/14/2016 08:51:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CLARKIE)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (04/13/2016 09:55:31 PM) (Source: SDCleaner) (EventID: 100) (User: )
Description: LoadCleaningInstructions
 
 
System errors:
=============
Error: (04/14/2016 09:14:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 2zdengine-Service{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
 
Error: (04/14/2016 09:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zdengine service failed to start due to the following error: 
%%2
 
Error: (04/14/2016 09:14:06 PM) (Source: DCOM) (EventID: 10005) (User: CLARKIE)
Description: 2zdengine-Service{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
 
Error: (04/14/2016 09:14:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zdengine service failed to start due to the following error: 
%%2
 
Error: (04/14/2016 09:14:05 PM) (Source: DCOM) (EventID: 10005) (User: CLARKIE)
Description: 2zdengine-Service{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
 
Error: (04/14/2016 09:14:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zdengine service failed to start due to the following error: 
%%2
 
Error: (04/14/2016 09:14:03 PM) (Source: DCOM) (EventID: 10005) (User: CLARKIE)
Description: 2zdengine-Service{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
 
Error: (04/14/2016 09:14:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zdengine service failed to start due to the following error: 
%%2
 
Error: (04/14/2016 09:13:57 PM) (Source: DCOM) (EventID: 10005) (User: CLARKIE)
Description: 2zdengine-Service{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
 
Error: (04/14/2016 09:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zdengine service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2016-04-10 13:45:04.386
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:45:04.363
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:45:04.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:45:04.307
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:45:03.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:23:05.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:23:05.843
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:23:05.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:23:05.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-10 13:23:05.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 8139.28 MB
Available physical RAM: 5606.95 MB
Total Virtual: 9419.28 MB
Available Virtual: 6611.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:901.57 GB) (Free:599.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, the system is severely infected and may take several runs to clean completely

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer


Download the attached fixlist.txt, in the same location as FRST.exe
Attached File  fixlist.txt   32.38KB   100 downloads
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Run FRST again and post the fresh scan generated
  • 0

#6
Caroline Clarke

Caroline Clarke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi,

here is the fixlog, the log from adcleaner and the results from a second scan on Farbar.

 

Thank you for your help! 

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like good progress now :)
 
If FRST does not ask for a reboot then reboot the system anyway

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CMD: fltmc detach bsdriver c: bsdriver
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-10] (DotC United Inc)
R2 sulpnar; C:\ProgramData\\sulpnar\\sulpnar.exe [693248 2016-04-15] () [File not signed]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2016-04-10] ()
2016-04-17 22:18 - 2016-04-17 22:18 - 00001798 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-17 22:18 - 2016-04-17 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-14 22:14 - 2016-04-14 22:14 - 00003440 _____ C:\WINDOWS\System32\Tasks\wtmw2osb
2016-04-14 22:14 - 2016-04-14 22:14 - 00000000 ____D C:\Program Files\Common Files\atbtcesy
2016-04-14 21:52 - 2016-04-17 21:54 - 00000000 ____D C:\Users\Caroline\AppData\Local\bvyvavay
2016-04-14 21:52 - 2016-04-14 21:52 - 00003524 _____ C:\WINDOWS\System32\Tasks\bvyvavay
2016-04-10 13:39 - 2016-04-10 13:39 - 00060136 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-04-10 13:38 - 2016-04-10 13:38 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
C:\Program Files (x86)\MPC Cleaner
C:\ProgramData\sulpnar
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

JHlUMFt.png Scan with Malwarebytes Anti-Malware
  • Please download Malwarebytes Anti-Malware to your desktop
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

  • 0

#8
Caroline Clarke

Caroline Clarke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here are the two logs from Farbar and Malwarebytes, thanks! 

Attached Files


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Looks like we have now killed them all.. 

 

How is the computer behaving now ?

 

Are you able to turn on windows defender ?


  • 0

#10
Caroline Clarke

Caroline Clarke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Brilliant! Everything seems to be running fine now, I cannot open windows defender still although I think I just need to go through the settings, have included a screenshot of the message I am receiving. Could this just be from Malwarebytes stopping it? 

 

Cheers for all your help! 

Attached Thumbnails

  • Windows Defender.jpg

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No that is not MBAM
 
Could you download the Turn_On_Windows_Defender.reg to your desktop

Attached File  Turn_On_Windows_Defender.reg   580bytes   69 downloads

Once it has downloaded right click the file and select Merge
Agree to the warning
Now try defender again, does it work ?
  • 0

#12
Caroline Clarke

Caroline Clarke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Defender is now working, computer was a bit sluggish yesterday but it seems to be behaving a bit better today. 


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Any further problems before I tidy up ?


  • 0

#14
Caroline Clarke

Caroline Clarke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Nope that's it I think! 


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP